Topics
Fraud · AML

Fraud & AML/CFT

Fraud and AML/CFT live in the same decision surface. These essays cover layered controls, sanctions screening, chargebacks and the feedback loop that keeps them honest.

◆ Case studies

Shipped in this domain.

Merchant Onboarding

Merchant Onboarding + KYC/KYB Automation

Automated merchant onboarding pipeline, KYC/KYB, UBO discovery, sanctions and PEP screening, risk-tiered decisioning with full audit trail. Activation cut from weeks to hours; manual review load down 70%.

Fraud & Risk

Fraud, Risk and AML/CFT Controls: Layered Decisioning at $1B+ GTV

Layered fraud, AML/CFT and sanctions decisioning built natively into the payments stack, vendor signals, device intelligence, internal velocity rules, SAR-ready audit trails. Fraud loss held <0.1% of GTV; fraud incidents down ~65%.

Payment Operations

Daraz (Alibaba Group) Payment Operations + COD-to-Digital Conversion

Ran payment operations for South Asia's largest marketplace across 5 markets during a COVID volume surge. Designed and shipped the COD-to-digital migration as an incentives + trust program — lifted digital share ~40% and cut dispute cycles ~50%.

AI in Fintech

Production GenAI Suite at Simpaisa, 4 Deployments in Regulated Payments

Identified, value-modeled and deployed 4 production GenAI solutions across merchant integration support, incident auto-escalation, partner support automation, and a fraud/AML AI pilot with a major banking partner.

Cross-Border Payments

SWIFT MT/MX Implementation: ISO 20022 Migration + gpi at Simpaisa

Wired SWIFT MT and MX (ISO 20022) messaging into the Simpaisa cross-border stack with gpi tracking, CSP attestation and dual-rail parsing — sustained 99.9%+ message-acceptance rate through the ISO 20022 migration window.

Payment Infrastructure

3DS2 Step-Up Optimisation: From 38% Frictionless to 73% Without Lifting Fraud

Rebuilt the EMV 3DS2 step-up programme for a regional acquirer-processor — per-issuer risk-based authentication, the full 3DS2 frictionless / data-only path suite, abandon-recovery flows — lifting frictionless rate from 38% to 73% over three quarters while holding portfolio fraud below the 6 bps scheme fraud-monitoring threshold.

Fraud & Risk

AML/CFT Sanctions Engine: Real-Time Screening + 60% False-Positive Cut Across Five Markets

Stood up the AML/CFT sanctions and PEP screening engine across six MENA + South Asia markets for a regulated fintech, real-time pre-send blocking + daily batch re-screen, per-corridor list tuning, cut sanctions false-positive rate by ~60% without lowering true-positive coverage.

Program Management

PMO + Risk Council Operating Model: From Audit-Reactive To Forward-Looking In Two Quarters

Built the joint PMO + Risk Council operating model for a regulated fintech, unified RAID + risk register, monthly council cadence, audit-evidence pipeline, moving the function from audit-reactive to forward-looking, with two regulator commendations and zero new findings across an 18-month cycle.

Payment Operations

Daraz (Alibaba Group): +15% Checkout Conversion, −20% False Declines

Rebuilt marketplace checkout and the COD-to-digital migration for Alibaba-group Daraz across five South Asian markets — lifted checkout conversion +15%, cut false declines −20%, and tuned category-aware fraud rules during a COVID volume surge.

◆ Essays

Field notes for this hub.

25 essays
Jul 4, 20267 min read

Adyen's 3% Refund Signal: Fraud Controls Need a Lifecycle

Refund and policy abuse can come from verified customers. Payment teams need controls across account, order, fulfilment, refund, and dispute events.

Jul 2, 20267 min read

GitHub Models Is Shutting Down. Your AI Stack Needs an Exit Plan

GitHub Models' shutdown is a useful warning: an AI prototype becomes an operational dependency faster than most teams build an exit path.

Jun 26, 20268 min read

Forter Agents Show AI Risk Work Is Becoming Operational

Forter's agent launch and today's repo radar point to the same pattern: AI is moving from generic assistants into bounded workflows with data access, controls, and operating accountability.

Jun 19, 20269 min read

Correspondent Banking and the Reality of Emerging-Market Corridors

De-risking did not reduce risk. It moved the risk to the corridors that need access most.

Jun 12, 20269 min read

SWIFT, AML/CFT, and Sanctions Screening in Practice

Sanctions screening is where compliance theory meets throughput reality. The product decisions live in the list overlay, the matcher, and the review queue.

Jun 1, 20268 min read

Sanctions Screening Without Killing Throughput

Sanctions screening is a latency problem and a false-positive problem dressed up as a compliance problem.

May 31, 20269 min read

AML/CFT: Rules vs Models, and Why You Need Both

Rules are explainable and weak. Models are powerful and unexplainable. Production AML needs both, layered.

May 30, 202610 min read

PCI DSS and ISO 27001 as Product Programs

PCI DSS and ISO 27001 are not paperwork projects. Run as product programs, they make the platform measurably stronger.

May 29, 20268 min read

Chargebacks Are a Product Problem

A rising chargeback line is product debt that finance is paying. The fix is upstream.

May 28, 20269 min read

Layered Fraud Controls in the Payments Stack

No single fraud control survives a determined attacker. Layered controls do, and they do it without crushing conversion.

May 28, 20269 min read

The Risk-Adjusted Backlog: Prioritising Payment Products When Failure Costs Real Money

A payment roadmap cannot be ranked by revenue alone. The backlog has to price the cost of failure, the cost of delay and the cost of operating complexity.

May 26, 20268 min read

Onboarding Conversion vs. Default Rate: The Real Tradeoff

Conversion and default rate are not enemies. They are two sides of the same product surface.

May 25, 20268 min read

Risk Tiering Merchants Is a Product Decision

Tiering is the single most leveraged product decision in a payments platform. Most teams hand it to risk and never recover.

May 24, 20269 min read

Agentic Payments Operations: What Works, What Is Theatre

Agentic AI can help payments operations when the task is bounded, observable and reversible. It becomes theatre when teams let agents improvise inside money movement.

May 23, 20269 min read

Regulatory UX: Why the Name on a Payment Screen Can Block a Launch

Regulators do not read your roadmap. They read your screen.

May 22, 202610 min read

Merchant Onboarding: Where Growth, Risk and Compliance Collide

Three teams own onboarding. The merchant only sees one experience. That gap is the product.

May 20, 202611 min read

Compelling Evidence 3.0 (Visa): What Changed, and How To Actually Win Disputes Now

Compelling Evidence 3.0 is the most consequential dispute-rule change Visa has shipped in a decade. The mechanics look like a documentation update; the operating implication is a complete rework of how acquirers capture, store and present transaction evidence.

May 20, 202612 min read

CSPO + RICE in Practice: A Real Payments Roadmap Walkthrough

RICE is a clean ranking framework that does not know payments exists. CSPO is a clean product mindset that does not know prioritisation maths. Put together, with a risk-adjusted overlay, they become a working operating system for a payments backlog. Here is the walkthrough.

May 20, 202612 min read

How Credit Scoring Systems Actually Work: From Feature Pipeline to Bureau Reporting

Reaching for an off-the-shelf credit-scoring vendor is easy; the trap is stopping there. The vendor's output is a number. The substance an operator has to own is the pipeline that produces it, the governance that protects it, and the bureau reporting cycle that keeps it current.

May 20, 202612 min read

Why AI / ML Solutions Fail In Production Payments: Seven Patterns I See Every Year

Most AI/ML projects in payments fail in production for reasons that have nothing to do with model accuracy. They fail because the team optimised for a leaderboard metric, the operating environment moved, the labels were wrong, or the audit cycle the model now lives inside was not part of the design. Seven patterns I see every year.

May 19, 202610 min read

Where ML Beats AI: Six Payment Problems an LLM Cannot Touch

There is a quiet AI-in-fintech mistake teams keep making: reaching for an LLM the moment the word 'AI' shows up on the roadmap. Sometimes the right answer is a gradient-boosted tree and a clean feature pipeline. This is the operator's argument for the boring choice.

May 16, 202611 min read

Product Management for Payments Platforms: What's Different, and What's Not

A payments PM is a SaaS PM with three extra constituencies and one extra reflex. Get the reflex wrong and the other constituencies stop trusting you.

May 15, 202610 min read

GenAI in Fintech: 4 Production Use Cases That Actually Ship

Most fintech AI work in 2026 is still demos. These four use cases are not, they're running in production at $1B+ TPV across five regulated markets.

May 14, 202611 min read

Project Management for Fintech Regulatory Programmes: PCI DSS, ISO 27001, SOC 2, AML/CFT

Six weeks before the audit, every troubled regulatory programme looks identical: forgotten Confluence pages, evidence requests rotting in inboxes, a year of work crammed into six weeks of theatre. Run it as delivery with an immovable deadline and an external grader, or pay remediation many times over.

May 7, 202610 min read

AI Fraud Detection vs Rule Engines: A Field Comparison

ML catches novel attacks; rule engines win on explainability, ops cost, and the regulator conversation. In regulated payments the answer is a hybrid, and designing where each one fires is the whole job.

Discussing senior payments product roles? Get in touch.