I’ve spent nearly two decades building fraud and trust and safety organizations. I started at Google, went to Square, hopped to Facebook (Meta), and finally landed at Sift, where I work closely with hundreds of fraud teams across some of the most complex risk challenges in the world.
In all that time, a question I very often get asked isn’t about tools, models, or data. Instead, it’s how do I build a fraud team that can actually keep up?
It’s the right question. And it’s harder to answer than it used to be.
Fifteen years ago, the answer was relatively straightforward: hire good analysts, build smart rules, stay close to your data. That approach worked because fraud was mostly predictable. Patterns were recognizable. The feedback loop between attack and response was slow enough that a skilled team with good instincts could stay ahead. That world is gone.
Today’s fraud environment is defined by speed, sophistication, and scale that no manual operation, no matter how talented, can match alone. AI is turbocharging fraud-as-a-service. Transaction volume on the Sift Global Data Network grew 18% in 2025, while payment fraud attempt rates held steady at around 3.25%, which sounds reassuring until you realize it means fraudsters have largely shifted their focus. They’re not hammering payment endpoints as hard. They’re going after accounts, identities, and the people inside your organization who can be socially engineered using AI tools and prompt injection attacks.
And although the threat has evolved, most fraud orgs haven’t.
Why the First Solution to Consider Isn’t About Tools
When a company comes to me asking how to build or restructure their fraud function, the first thing I ask them is: What types of abuse are you actually facing?
Not what they think they’re facing. Not what their peers are dealing with. What they are dealing with, on their platform, with their user base.
This matters more than most people realize, because the answer determines everything: team structure, tooling, metrics, escalation paths, and how you make the case for resources to the rest of the business.
There’s a spectrum here that I’ve seen play out across every company I’ve worked with. On one end, you have organizations where the only concern is payment fraud. A transaction comes in, it’s either legitimate or it isn’t, and the job is to make that call accurately and fast. For these companies, a dedicated fraud team, focused, metrics-driven, operationally tight, is often sufficient.
On the other end, you have platforms where fraud is inseparable from the broader concept of trust. Marketplaces. Social platforms. Fintech apps. iGaming. For these companies, payment fraud is just one node in a much larger abuse surface that includes account creation fraud, ATO, content scams, policy abuse, and increasingly, AI-generated synthetic identities doing things no human fraudster would bother to do manually. These companies need something different: a Trust and Safety organization.
I made this distinction explicitly when I was building teams at Facebook and Square, and I make it every time I sit down with a fraud leader at Sift. Trust and Safety teams tend to be a better fit for companies facing multiple types of abuse where customer trust is mission-critical to the business. If you’re trying to run a T&S program using a pure fraud team mindset, narrow KPIs, transaction-focused, limited cross-functional reach, you’ll miss the bigger picture. Every time.
Start by being honest about which organization you actually need, not which one is cheaper or faster to build.
Hire for Inquisitiveness, Not Credentials
Once you know what kind of organization you’re building, the next challenge is the one that keeps most fraud leaders up at night: talent.
Here’s the reality: no one really studies trust and safety or fraud abuse in school. Though MRC’s CPFPP Program helps address the gap, it’s not a trade you can study and then move directly into. The fraud analyst sitting across from you in a hiring interview might have come from the military, customer service, financial compliance, law enforcement, data science, or somewhere entirely unexpected. I’ve hired people from all of those backgrounds, and the credential has never been the deciding factor.
What I look for, and what I’ve consistently found in the best fraud analysts I’ve worked with, comes down to two things: being proactive and being inquisitive.
Proactive, because fraud doesn’t wait for you to be ready. Fraudsters are actively trying to work around your systems every day, and because fraud and abuse shifts, once you put a rule or model in place to solve one issue, fraudsters respond and change their attack vectors and patterns, your team has to be constantly scanning for what’s coming, not just managing what’s here.
Inquisitive, because the most dangerous thing a fraud analyst can do is assume they understand a pattern they’ve seen before. Every time I’ve seen a fraud ring cause significant damage to a platform, there was almost always a signal that someone saw and explained away. Inquisitive analysts chase the anomaly. They ask why twice when once would have satisfied the immediate question, because they don’t take things at face value.
At Square, this shaped how I structured onboarding for new analysts: rather than immediately assigning them to a queue, I’d have them spend their first weeks doing nothing but investigation, pulling threads on anomalies with no defined outcome, just to develop pattern recognition and intellectual curiosity about fraud as a discipline. The analysts who thrived were the ones who found that work genuinely interesting. The ones who found it tedious rarely lasted.
That instinct, does this person find fraud interesting?, is still the lens I apply when I’m evaluating talent.
Getting Buy-In: Fraud as Business Infrastructure
Even if you hire well and design the right organization, you’ll hit a wall if you can’t get the rest of the business to take fraud seriously. This is one of the most persistent operational challenges I’ve encountered across every company I’ve worked at, and it’s gotten more acute as fraud has gotten more complex.
The core problem is a framing problem. Fraud is no longer a siloed function, it’s a business-critical discipline at the intersection of security, revenue, and customer experience. But most executive teams still see it as a cost center: necessary overhead, a tax on doing business online, something to be managed and minimized.
That framing makes it almost impossible to get the resources, cross-functional alignment, and organizational authority that modern fraud programs require.
The reframe I’ve used consistently, at Square when making the case for expanded investment in risk infrastructure, at Facebook when aligning fraud and integrity teams with product goals, and now at Sift when advising customers, is this: trust is not a feature. It’s infrastructure.
When a customer’s account gets taken over on your platform, you don’t just lose that transaction. You lose that customer. Dispute rates rose 78% year-over-year in Q3 2024, and the customers driving those disputes aren’t all bad actors, many of them are legitimate customers who experienced fraud and are expressing it through the only channel available to them. Every one of those disputes is a signal about platform trust that your fraud team is uniquely positioned to interpret.
When I was at Square, one of the most effective things we did to build buy-in was to start translating fraud metrics into business outcomes that product and finance leadership already cared about. Not “our customer insult rate improved by 12 basis points”, but “we approved an additional $X million in legitimate transactions last quarter that our previous model would have blocked.” Not “we reduced fraud losses by $Y”, but “we retained Z customers who would have churned after a fraud event under our old response process.”
That translation work, from fraud operations language to business outcomes language, is one of the most important skills a fraud leader can develop. The case needs to be made that trust is not a feature or a KPI, but infrastructure, as foundational to the business as payments, identity, or the product itself. Once leadership internalizes that framing, the resource conversation gets a lot easier.
Org Design: The Three Models and When to Use Each
With the right people and the right internal positioning, you’re ready to think about structure. In my experience building and observing fraud organizations, there are three primary models, each suited to different stages of company maturity.
The Centralized Model puts all fraud and risk functions under a single leader, typically reporting to the CFO, CRO, or a Chief Risk Officer. This works well for companies in early-to-mid growth stages, where the fraud surface is still relatively contained and the priority is building consistent processes, tooling, and a shared view of risk across the organization. The risk is that centralized teams can become bottlenecks, every fraud question routes through the same function, which slows down product development and cross-functional response.
The Embedded Model distributes fraud and risk expertise into product teams, where fraud analysts work directly alongside engineers, PMs, and data scientists on specific product surfaces. This accelerates iteration and keeps fraud closely connected to product reality. The risk is fragmentation, embedded teams can diverge in their approaches, metrics, and escalation standards, making it difficult to get a coherent view of risk across the platform.
The Center of Excellence (CoE) Model combines elements of both: a core fraud team that owns standards, tooling, data infrastructure, and escalation, with embedded specialists in the highest-risk product areas. This is the model I’ve gravitated toward for scaling organizations, and it’s what I helped build at Facebook before moving to Sift. The CoE provides consistency and organizational authority; the embedded specialists provide speed and product context.
Which model is right for you depends on your abuse surface, your company’s stage, and how much organizational authority your fraud function currently has. What I’d caution against is defaulting to the centralized model simply because it’s familiar or organizationally convenient, the embedded and CoE models require more coordination, but they scale better and align fraud more tightly with business outcomes.
Ultimately, all three of these systems can work, but communication is critical. Dotted line or straight line doesn’t matter; it’s all about working out loud together.
The Metric Shift That Changes It All
The operational shift that I’ve seen deliver the most transformative impact on fraud organizations is moving from loss-rate metrics to outcome metrics.
Loss rate is the traditional north star of fraud operations. Reduce losses, minimize false positives, keep fraud below a defined threshold. It’s a necessary metric, but it’s also profoundly incomplete, because it measures only what you stopped, not what you enabled.
The teams that are winning in 2026 measure fraud performance alongside the business outcomes it affects: approval rates, customer lifetime value, churn rates among customers who experienced a fraud event, and the operational efficiency of the review and response process. They track customer insults (a.k.a. ‘false positives’) with the same rigor they track fraud losses, because a false positive isn’t just an operational inefficiency, it’s a legitimate customer you just told you didn’t trust.
Businesses must fight fire with fire, using AI to secure trust at every customer touchpoint, which ultimately creates better consumer experiences, mitigates fraud, and fosters profitable growth. That’s the north star. Not minimizing fraud in isolation, but maximizing trust, for the platform, for the customer, and for the business.
When I work with fraud leaders across Sift’s customer base, the ones making the most meaningful progress are the ones who have successfully made this shift. They’ve stopped presenting fraud as a loss problem and started presenting it as a trust infrastructure problem, with measurable, business-aligned outcomes that leadership can understand and invest in.
What’s Coming Next
Laying a strategic foundation begins with figuring out what kind of organization you need, who to hire, how to build internal alignment, and how to structure the team for scale.
In the next chapter of this series, we’ll get into the operational layer: how to design your detection and response workflow, how to build a rules-and-models stack that doesn’t calcify, how to think about manual review in an era of AI-scaled attack volume, and how to use benchmarking data to find the gaps your metrics aren’t showing you.
The most dangerous thing in fraud isn’t the attacks you can see. It’s the ones your current setup isn’t designed to surface.
