How high-growth marketplaces can build fraud programs before they have mature teams
June 29, 2026 | By Jeff Meyer | UGCFraud rarely waits for a company to be ready.
For high-growth marketplaces, risk can start scaling long before the team, tooling, workflows, or executive understanding have caught up. A platform might still be figuring out onboarding, payments, user experience, and growth loops while bad actors are already probing for weak spots like account takeovers, payment fraud, promo abuse, fake identities, impersonation, scams, and other forms of platform manipulation.
That was the focus of a recent Marketplace Risk panel in San Francisco, hosted by Alexandra Popken, VP of Trust & Safety and AI Services at WebPurify, an IntouchCX company. The discussion brought together industry leaders Jason Adauto, Product Manager, Payments and Risk, at ATOMS, Nick Davidovich, Trust & Safety Manager at GoFundMe, and Roop Gill, a Global Strategy & Operations Leader formerly of Twitter and Meta, to explore what it really takes for platforms to build fraud and Trust & Safety programs in growth mode, especially when resources are limited and the risks are evolving so quickly.
Q: Someone has just been told, “Congrats, you now own fraud.” What should they do in week one?
“The first thing I’d do in week one is resist the urge to jump straight into tooling or enforcement,” Jason says. “One of the biggest mistakes you can make when inheriting fraud is operating without visibility.”
Instead, he says the first week should be about understanding how the business works. Where does money or value move through the platform? What are the key payment flows? How do users onboard to your platform? Where does the company make assumptions about trust?
“Map your business lines, payment flows, onboarding journeys, and where trust assumptions exist,” Jason says.
That work should happen alongside stakeholder conversations, policy reviews, and the creation of baseline metrics around the highest-risk entry points.
“Where is fraud showing up? What are the biggest sources of loss? What’s changing fastest?” he adds. “Week one isn’t about solving fraud. It’s about building enough visibility to prioritize intentionally instead of reacting to anecdotes or the loudest escalation.”
Nick adds that early fraud programs need to start with impact, exposure, and proportionate response.
“First, it’s critical to identify where fraud would cause the greatest harm, whether that’s financial loss, user trust, or brand reputation,” he says. “Prioritizing the most visible and business-critical areas ensures you’re addressing the highest-risk surfaces first.”
That prioritization also needs senior alignment.
“It is of the utmost importance to make sure you are aligning with your executives and senior leaders in your organization,” Nick says, “to ensure everyone is on the same page when it comes to what risks you are prioritizing.”
Early-stage fraud prevention is also a balancing act. Overly aggressive controls can create unnecessary friction for legitimate users, while weak enforcement can leave the platform exposed.
“Early-stage programs should aim for risk-informed, proportionate interventions,” Nick says, “applying friction at appropriate stages to deter bad actor activity.”
Q: If you could only implement three early fraud controls, what would make the cut?
“I’d organize early controls into three buckets: prevention, detection, and correction, with the first two carrying the most weight when you’re just starting out,” Roop says.
On prevention, Roop says the foundation is making sure activity on the platform complies with company policies before harm happens. “Alongside content controls, identity verification is a high-leverage early investment,” Roop says. “These tend to be binary, pass/fail checks that are relatively straightforward to implement and provide a meaningful baseline of trust at the point of onboarding.
“I’d also set safeguards around device ID and device fingerprinting to flag anomalous behavior before a transaction completes,” Roop says. “Velocity checks – how frequently an account is transacting, from how many devices, across how many IP addresses – are also cheap to implement and surprisingly effective early on.”
However, she says with correction, some areas may be worth deprioritizing at the beginning, such as chargeback management, unless volumes are abnormally high.
Nick says the best early controls are usually high-impact, low-cost, and simple to implement.
“A common starting point is rules-based controls, leveraging basic signals such as transaction patterns, account behavior, or known risk indicators to flag potentially suspicious activity,” he says. “Even lightweight tooling, such as SQL queries or simple scripts, can be very effective in creating an initial review system.”
He adds, these early controls don’t need to be sophisticated. They just need to give the team visibility into risk.
Manual review can be especially valuable in the early stages because it helps teams mitigate immediate risk while building institutional knowledge.
“Directly engaging with users through verification, outreach, or case investigation not only helps mitigate immediate risk but also builds institutional knowledge,” Nick says. “In early stages, this feedback loop is invaluable for understanding how fraud manifests on your platform and where your vulnerabilities lie. Your users will tell you so much.”
Q: How is AI changing fraud prevention and fraud itself?
AI is changing both sides of the fraud equation.
Nick says that if he were building a Trust & Safety or fraud prevention team from scratch today, he would make sure every person on the team had access to core AI tools such as ChatGPT or Claude. “Not as a novelty, but as a daily work tool,” he says.
In the early days of a fraud team, manual work can be overwhelming. “You can use these AI tools to build out SOPs, draft schedules, do basic data review and trend analysis, and even pick up enough vibe coding to self-serve on lightweight automation — without waiting on an engineering ticket,” Nick says. “That self-sufficiency is genuinely invaluable when you’re still establishing your team’s footprint in the organization.”
The strategic value isn’t that AI replaces fraud expertise, but rather that it gives small teams more speed and leverage.
“The amount of time you will be able to save just by avoiding some of this manual work early on will give your team more time and space to actually be fighting fraudsters,” Nick says.
However, Roop points to the other side of the equation: bad actors are using AI too.
“Bad actors already have agents,” she says. “That’s the critical shift that many fraud teams haven’t fully internalized yet.”
Historically, fraudsters operated under real constraints. They had limited technical resources, needed manual effort, and could not always probe an entire funnel systematically. AI changes that.
“Today, a modestly resourced bad actor can deploy agents that test hundreds of variations against our funnels,” Roop says.
That has major implications. AI-generated identities can now come with coherent histories, realistic profile photos, and behavior patterns that pass basic checks.
“The response has to be symmetric,” Roop says. “Build your own agents to continuously probe your defenses the way an attacker would. Red-team your own funnel on a regular cadence. Look actively for new signals that may not have been meaningful before.”
If bad actors are building faster, detection capabilities need to evolve at the same pace.
Q: Fraud management can be a bottomless pit. How do teams decide what not to focus on?
Jason says prioritization comes back to metrics and measurable impact.
“You might be handed a team with a ton of festering issues,” he says, “but it’s important to parse through the noise and focus on high-impact items impacting your users and/or your P&L.”
Fraud teams may inherit a long list of problems. Payment fraud, merchant impersonation, account takeovers, eater fraud, promo abuse, and other risks can all sound urgent. But not every risk has the same impact on users, trust, operations, or the P&L.
“In actuality, they all sound really horrible,” Jason says, “the key is understanding where harm is occurring and prioritizing accordingly.”
The job of an early fraud team is to separate noise from material harm. Some risks may be frightening in theory but inconsequential in practice. Others may be small today but scaling quickly.
Nick says teams need clear visibility into volume trends, fraud rates, review capacity, and operational performance.
“Teams should have clear visibility into key metrics – volume trends, fraud rates, review capacity, and operational performance – to understand how the business is growing and where pressure is likely to emerge,” he says.
They also need to stay closely aligned with the product and business roadmap.
“New features, launches, or changes in user behavior can significantly impact risk exposure and review volume,” Nick adds. “Understanding what’s coming allows Trust & Safety teams to proactively plan workflows, controls, and resourcing rather than reacting after the fact.”
The trap is premature complexity.
“Overbuilding systems or overinvesting in tools too early can create unnecessary cost and operational burden, especially if the anticipated scale doesn’t materialize,” Nick says. “Trust & Safety teams, in particular, need to be thoughtful in how they tie investments to measurable risk and business impact.”
Q: When is it time to invest in tooling or external partners?
Roop says the first step is understanding the true scale of the problem. “Scale determines urgency, and urgency determines whether you can afford the timeline of an internal build,” she says
From there, teams need to make an honest capability assessment. That does not only mean assessing the fraud team. It also means understanding the broader engineering organization.
“If you’re dependent on a product roadmap that isn’t guaranteed, a vendor solution may be more reliable in practice, even if it’s theoretically more expensive on paper,” Roop says.
And remember that time matters, too, when calculating your budget.
“Fraudsters are building with agents and iterating quickly,” Roop says. “If your team can’t match that pace on tooling or infrastructure development, buying may actually be the more cost-effective decision.”
That doesn’t mean outsourcing the entire fraud function. Vendor dependencies can create blind spots.
“Buy to get to baseline coverage fast,” Roop says, “then build the differentiated capabilities that your specific platform’s risk profile actually demands.”
Jason stresses that his point about visibility applies here too. Teams need to know the difference between what feels scary and what is actually high-impact. Tooling decisions should be tied to measurable harm, not panic.
“In this industry, you are typically wrangling with payment fraud, merchant impersonation, account takeovers, eater fraud, promo abuse, and more,” he says. “On paper, many of these risks can appear equally urgent. The challenge is understanding which threats are creating the greatest customer harm, financial loss, or operational burden, and focusing resources accordingly.”
“The goal early isn’t to boil the ocean. It’s to prioritize based on measurable impact and focus on the risks that are materially harming customers, creating outsized loss, or accelerating quickly. Sometimes maturity is knowing where to invest first.””
Q: Who should your first fraud and risk hires be?
Roop says the first two profiles should be deliberate.
“The first is a hacker – someone who finds creative, unconventional solutions and isn’t waiting for perfect infrastructure to ship something useful,” she says. “The second is an analytical thinker, ideally someone comfortable working with agents or building scalable solutions alongside engineering.”
Together, those profiles give a young fraud program both the speed to respond to emerging threats and the rigor to build systems that hold up as you grow.
“When you get the greenlight to build, the instinct is to go find the most experienced Trust & Safety person you can,” Nick says. “And experience matters, but it’s not the whole picture.”
The early days of a fraud or Trust & Safety team can be messy. People are building workflows, culture, playbooks, and internal credibility from scratch. That makes grit and commitment especially valuable, he says.
Nick recommends a blend: at least one person with enough domain knowledge to avoid reinventing the fundamentals, paired with people who are genuinely passionate about the work.
“The best early teams I’ve seen aren’t just technically capable,” he says. “They’re bought in. Find people who want to build something, not just fill a seat.”
Q: How do you get stakeholder buy-in for new detection capabilities?
Jason says stakeholder buy-in starts with making the problem tangible.
“Fraud teams live in this world every day, but most stakeholders don’t,” he says. “So it’s on us to clearly articulate what’s happening, why it matters, and the cost of inaction.”
Jason typically anchors the conversation on three things: specific examples, measurable impact, and clear tradeoffs.
“Take merchant account takeovers as an example,” he says. “This isn’t just a fraud problem. It becomes a customer trust problem, a merchant loss problem, and often a platform loss problem if we need to make the merchant whole.
“When you frame it that way, the conversation shifts from ‘should we prioritize this?’ to ‘what’s the risk of not investing?’” Jason says.
He adds that stakeholders respond best when fraud work is connected to outcomes they already care about, such as customer trust, revenue protection, operational burden, and overall platform health.
This is important because fraud prevention often competes with growth, product, engineering, and operational priorities. The more clearly teams can show the business cost of inaction, the easier it becomes to secure support.
Q: What advice would you leave with teams building fraud programs in growth mode?
“Don’t build for perfection,” Roop says. “Ship rules when you believe they’ll catch most of the fraud, not all of it.”
Bad actors are not optimizing for a perfect attack. They are constantly iterating, testing, and looking for any crack in the system. “Your mindset needs to mirror that,” she says.
That means moving quickly, learning from what works, and continuing to refine the program as the company grows.
“A fraud program that’s 80% effective and constantly improving will outperform one that’s waiting to be 100% right before it ships,” Roop says.
High-growth marketplaces cannot wait until they have mature systems, large teams, and perfect tooling to take fraud seriously. They need to start with visibility, build the controls they can, use data to prioritize, and evolve alongside the business.
Fraud changes as the platform grows. The strongest teams are the ones that keep revisiting their assumptions before small issues become structural problems.
