- Salary
- $1k – $3k/yr
- Location
- Kuala Lumpur, Federal Territory of Kuala Lumpur, MY
- Workplace
- Remote
- Type
- Full-time
- Source
- Y Combinator
Description
================================================================
WHY THIS ROLE EXISTS
================================================================
HitPay's fraud surface spans card chargebacks across multiple acquirers, non-card
rails (PayNow, FPX, QRPH, GCash, TouchnGo, etc.), partner onboarding fraud, and the
post-transaction tail that pre-tx vendors don't catch — across SG/MY/PH/HK/AU/US.
We've built an automated detection stack that does the sweeping. What we need is a
human in the loop who can investigate every exception, decide what's real, action it,
and extend the toolset when a new fraud pattern shows up.
This is not a queue-clearing role. The automation produces the queue. You bring the
judgment, the partner conversations, the scheme and bank coordination, and the next
piece of automation.
================================================================
WHAT YOU'LL OWN
================================================================
Daily investigation of every fraud and risk exception surfaced by the automated stack:
- Post-tx fraud signals across all acquirers and rails
- Bust-out, mule-ring, scam-proceeds, payout-redirect, and ATO patterns
- ATV outliers, chargeback spikes, reserve adequacy, partner abandonment
- Onboarding red flags surfaced before payments are enabled
Chargeback and dispute lifecycle:
- Read a dispute and tell us in 60 seconds whether it's first-party fraud, true fraud,
or a real business having an outlier month
- Represent/defend where it's worth defending; concede where it isn't
- Spot the merchant whose chargeback curve is about to breach scheme thresholds before
it does
Decision and action on every flag:
- Payment/payout status decisions (suspend, hold, offboard, retain with monitoring)
- Reserve adjustments and reserve adequacy calls
- Partner outreach for business-model clarification when a pattern looks off
- Coordination with scheme risk teams (Visa/Mastercard), acquirers, and partner banks
- Closing every exception with a documented, audit-ready rationale
Tooling (this is the multiplier):
- When you see a fraud typology the current stack misses, extend it or build a new
detector for it
- Backtest every rule change against labeled good/bad cohorts before it goes live
- Every piece of automation you write is one fewer human-hour the team burns per week —
that's the job
================================================================
WHO YOU ARE
================================================================
Payments risk and fraud background, non-negotiable:
- 4+ years in payments/fintech fraud + risk ops, scheme-side fraud ops, or
acquirer/PSP merchant-risk
- You've personally worked chargebacks and disputes end to end — not just triaged them
- Working knowledge of card scheme dispute frameworks (Visa VCR / Mastercard dispute
rules), chargeback/fraud monitoring programs (VDMP/VFMP, ECM/EFM), reserves, and
merchant underwriting risk
- You can read a chargeback dispute, an unusual transaction pattern, or a partner's
website and tell us in 60 seconds whether the partner is a fraudster cashing out
stolen cards, a launderer with a real-looking storefront, or a real business having a
good month — and which signals separate them
- Exposure to non-card rail fraud (real-time payments, QR, wallet) is a strong plus
Technical, non-negotiable. You must be technical enough to:
- Query the data warehouse directly — write your own SQL against Snowflake, no analyst
middleman. You'll be doing this every day.
- Think in rules and thresholds — translate a fraud pattern you've spotted into a
concrete, testable detection rule (signals, thresholds, edge cases, expected
false-positive rate)
- Backtest before shipping — every rule change runs against labeled good and bad
cohorts before it goes live. No exceptions. If you don't know how to set up a
backtest, you're not ready for this role.
- Run and extend the existing automation stack — our detection skills are built on
Claude Code. You inherit them on day one and use them daily.
- Build new skills — when you spot a gap, you write the next detector yourself. Python
literate enough to read and modify a 200-line script and a YAML rule file without
help. We don't need a software engineer; we need an investigator who codes.
Judgment we can't teach:
- You push back when a detector flags a real partner that's just having a good month
- You don't suspend without evidence; you don't sit on evidence either
- You can tell the difference between stolen-card cash-out and laundering via a
real-looking storefront
- When something slips through, you write the post-mortem and the rule update lands the
same week
================================================================
HOW WE WORK
================================================================
- Read-only data warehouse access plus write-gated production access where the role
requires it
- Every detector is open to the team — when you build one, the rest of risk,
compliance, and the CEO can run it
- No ticket queues — the automation produces the queue; you work it and improve the
automation
- Direct line to the CEO on high-severity escalations and policy calls
- All exception and investigation trails are documented and audit-ready
================================================================
LOCATION & COMP
================================================================
Comp competitive with regional bank/fintech risk roles;
equity for the right hire.