Fraud prevention, risk operations & compliance consulting for SaaS companies and ISVs scaling embedded payment programs.
I'm David. Over 15+ years I've built fraud operations from the ground up at hypergrowth fintech and embedded-payments companies, and directed global risk protecting over $1B in annual payment volume.
When you embed payments into your software, you inherit fraud and compliance liability for every transaction your merchants run. Most ISVs don't have the in-house risk function to manage it.
Operating a marketplace means managing fraud risk at scale, across hundreds or thousands of sellers. A single bad actor can trigger processor account reviews and damage your entire portfolio standing.
Scaling revenue often breaks default payment configurations.
If risk flags trigger, processors can pause payouts fast. I align your risk logic with processor risk models to keep cash flowing.
Thousands of small authorizations from bots trigger risk flags and drive up processing costs ($0.30/attempt adds up fast).
Onboarding the wrong merchant can create losses, processor scrutiny, and portfolio risk. I build defensible KYC and underwriting flows that catch problems before they scale.
Deep dive into your payment stack. I map out leaks, high-risk vectors, and friction points in your user journey.
I deploy custom fraud rules across your payment stack, monitoring dashboards, and dispute defense SOPs.
I stay embedded with your team, managing incidents, processor relationships, and risk as volume scales.
I architect custom fraud logic that blocks attacks without killing conversion. Processor-agnostic expertise across Stripe Radar, Adyen RevenueProtect, Checkout.com Risk, and custom internal tooling.
For marketplaces and platforms, I build monitoring logic that tracks sub-merchant health across your portfolio and flags risk before it becomes liability.
Without documented protocols, every fraud incident becomes improvised. I build clear operating playbooks for incident response, disputes, and decisioning so your team can move quickly without making risk worse.
Embedding payments triggers real regulatory obligations. I build the compliance infrastructure, policies, frameworks, and documentation, so you stay audit-ready and processor-approved as you scale.
Representative examples based on real work. Company details have been anonymized.
A Series A creator payments platform needed to launch payment acceptance and payouts but had no compliance foundation and no sponsor bank relationship in place.
I worked directly with their sponsor bank to build the payment acceptance program from the ground up, and project-managed the full onboarding, aligning the platform, the bank, and the processor through a process most early-stage teams underestimate. I authored the complete compliance stack: policies and procedures, the KYC and onboarding framework, and the operational documentation the bank required for approval.
To validate the program against NACHA Third-Party Sender requirements, I brought in an independent firm to audit everything I had built. The program passed, and I trained their staff on proper payment and risk procedures so it could run without me in the room.
The platform launched on schedule and processed over $100M in its first year, on compliance infrastructure built to scale with it.
Processed in year one
Payments program built from scratch
Third-Party Sender audit passed
A Series C EdTech platform came to me after a $200,000 fraud event and rising processor pressure.
They were onboarding sub-merchants to process tuition payments, but their underwriting was thin and inconsistently enforced. Bad actors slipped through onboarding, ran chargebacks the platform was fully liable for, and pushed their chargeback ratio past the threshold that triggers a processor review. They had no internal risk function, no playbook, and no one who owned it.
In 30 days, I built that function.
I designed a sub-merchant underwriting and KYC framework their onboarding team now enforces on every applicant, stood up a real-time risk monitoring dashboard their ops team uses daily, and trained their team on dispute response and chargeback defense. I stayed on as their fractional Head of Risk to own incidents, the processor relationship, and ongoing monitoring.
The flag was cleared, the losses stopped, and they now have the infrastructure to scale without repeating it.
Fraudulent losses stopped
Processor flag cleared
Risk function built from scratch
Two ways to work with me, depending on your stage, team, and risk exposure.
A focused diagnostic of your payment stack, fraud exposure, and compliance posture. Delivered as a prioritized action plan with immediate quick-wins and a 90-day roadmap.
I become your embedded risk function, managing fraud, compliance, and processor relationships on an ongoing basis so you can scale without hiring a full team.
Pricing scoped to your transaction volume and team size.
Tell me your processor, payment volume, and where risk is showing up.
Request a Risk Review