Q1. You’ve worked across merchant-acquiring fraud and trust functions for several fintechs — could you give a brief introduction to your roles and core responsibilities?

I have worked with national public sector banks, fintechs, and RBI-authorised payment aggregators, with responsibilities spanning enterprise risk management, regulatory and statutory compliance, internal policy formulation, and coordination with government ministries, regulatory bodies, and law enforcement agencies. I have also conducted cyber fraud investigation workshops for senior law enforcement officials and co-authored fraud intelligence reports published by government officials.

Over the years, I have witnessed the rapid evolution of fraud; from the era dominated by POS devices to today’s environment where AI-driven systems play a critical role in decision-making. This transformation demands that risk management frameworks operate with significantly greater rigor, precision, and adaptability

Q2. Synthetic identity and orchestration bot attacks are increasing — what tooling and telemetry do you prioritize to detect synthetic IDs early in onboarding?

Technology has introduced new fraud vectors for financial institutions such as payment aggregators, banks, and NBFCs, including synthetic identities, AI-generated KYC imagery, and brute-force bot attacks using stolen card data from the dark web. Detecting synthetic and orchestrated identity fraud early requires a layered, telemetry-driven approach that combines device fingerprinting, emulator and automation detection, IP reputation, cookies, browsing artifacts and velocity checks across shared identifiers such as email, phone, device ID, or VPA. Strengthening onboarding with biometric liveness, document integrity analytics and telco-based singals, along with human verification prompts such as dynamic phrase entry will help validate authenticity beyond static images. A risk-based orchestration model can then adapt controls in real time, allowing low-risk users to onboard seamlessly while stepping up verification or blocking journeys where device or behavioural patterns indicate automation for a coordinated abuse.

Q3. How do you balance a frictionless checkout with fraud controls that reduce chargebacks? What adaptive strategies work best?

A frictionless checkout experience begins with trust which is built on the acquirer’s confidence in the merchant. When a merchant demonstrates a clean operational history, sound compliance posture, consistent reliability etc, the acquirer is better positioned to extend value-added protections such as buyer or seller protection programs. In such cases, any disputes or chargebacks remain manageable, as the acquirer is willing to assume greater liability due to the merchant’s proven behavioural profile. This risk-aligned trust model ensures that fraud exposure remains low relative to transaction volume, enabling a seamless, low-friction experience for both merchants and customers, without compromising safety or regulatory safeguards.

Q4. For  a fintech expanding internationally, which compliance and law-enforcement capabilities must be built first vs. later to de-risk merchant acquisition?

When Indian fintechs expand internationally, the first priority is gaining a clear understanding of the regulatory environment in the target market. India’s RBI framework is among the most rigorous globally, which means Indian payment system operators typically start from a strong compliance baseline. In many Southeast Asian regions (i.e. the common preferred expansion hubs), the supervision and controls may be comparatively lighter. After establishing regulatory clarity, the next focus areas are taxation structuring and legal entity incorporation. Alignment with law enforcement and supervisory authorities follows thereafter, once business operations commence. Country specific financial intelligence government define the reporting and monitoring expectations, while globally recognised risk screening standards remain non-negotiable. In summary, expansion sequencing is: regulation first, tax and entity setup next and operational enforcement alignment once live in market.

Q5. How do you measure and govern the performance and bias of ML/AI fraud models in production? Which evaluation metrics and live-test patterns matter most?

Measuring and governing ML/AI fraud models in production requires both robust evaluation metrics and an understanding that fraud patterns differ across markets and products, meaning there is no universal model. Precision, recall, F1-score, false-positive rate and ROC-AUC help assess technical performance, but in fraud, precision and recall matter the most because both missed fraud and legitimate-user friction impact revenue and trust. Live governance techniques ensure real-world validation, while periodic bias audits maintain fairness and resilience over time. However, AI in fraud detection is still maturing and its effectiveness depends heavily on domain-specific and geography-specific data, since fraud behaviour varies across e-commerce, quick commerce, banking and cross-border markets. A model trained in one region or use case cannot simply be ported to another without retraining.

Therefore, AI adoption must align with business intent and the model’s success ultimately depends on learning from the real fraud patterns it is designed to solve.

Q6. When building a Trust & Safety team for scale, what organizational splits and KPIs drive the fastest improvement in risk posture?

People management remains the cornerstone of an effective risk function. Regardless of how advanced AI becomes, the lived expertise of seasoned risk professionals, built over years of observing fraud patterns, behavioural triggers and systemic weaknesses, continues to shape and refine models. Their judgment, context and domain intelligence are what give automation meaning. While tools and AI offer scale and efficiency, human expertise is the true driver of a strong risk posture.

Q7. From an investor’s lens, what three signals give confidence that a payments or merchant-acquiring business has credible fraud control and is ready for scale?

The readiness for scale in a payments or merchant-acquiring business, from an investor’s perspective,  is demonstrated by a few clear signals. First, strong 'precision-over-recall' performance across multiple fraud vectors and networks indicates the business can detect fraud accurately without unnecessarily blocking legitimate users, showing model maturity rather than brute-force risk controls. Second, tangible trust from major acquirers, banks or government entities is a powerful validation, given their rigorous due-diligence standards. Beyond these, investors look for a mature governance and compliance framework (KYB, EDD, AML, velocity controls, model monitoring), measurable fraud KPIs (low dispute ratios, stable fraud loss-to-volume metrics, observed model evaluation discipline). Together, these signals demonstrate that the business can grow responsibly, and maintain regulatory confidence while protecting margins as volumes increase.

Disclaimer: The statements, views and opinions presented herein are the author’s own and are made in a personal capacity. They do not purport to reflect or represent the views, positions or policies of the author’s employer or any affiliated entity.