Project Context

You are the program manager for ShopPay, a large e-commerce payments platform processing $6B/month in GMV with 22M monthly active buyers across North America, LATAM, and parts of EMEA. Fraud losses have increased from 7 bps to 11 bps over the last two quarters, driven by a spike in account takeovers and “buy-now, ship-to-reshipper” patterns. The CFO has asked for a plan to reduce fraud losses back to ≤8 bps without materially hurting checkout conversion.

A cross-functional team has proposed a new capability called Adaptive Fraud Rules: a rules engine that allows Risk Ops to author and deploy market-specific rules (e.g., velocity checks, device reputation thresholds, address mismatch policies) with guardrails, approvals, and monitoring. Today, any rule change requires an engineer to edit configs and redeploy, taking 2–3 weeks and creating operational bottlenecks. The goal is to launch a first version in 8 markets (US, CA, UK, DE, FR, BR, MX, AU) in 10 weeks, ahead of the holiday ramp.

The catch: the team is not aligned on what “v1” means. Risk Ops wants a flexible UI and fast iteration. Engineering wants to limit scope to avoid creating an unmaintainable system. Legal/Compliance is worried about adverse action and explainability requirements. Data Science wants experimentation hooks and offline evaluation before any rule goes live. You are asked to lead a series of workshops and brainstorming sessions to drive alignment, make trade-offs, and produce an executable plan.

Stakeholder Landscape

• Head of Risk Operations: Accountable for fraud loss targets; wants self-serve rule authoring and same-day deploys. Concerned that “engineering-led v1” will be too rigid and won’t move the loss metric.
• Director of Payments Engineering: Owns platform reliability (99.95% auth availability). Worried about introducing latency and incident risk into the authorization path.
• Data Science Lead (Fraud Models): Wants offline replay, shadow mode, and A/B testing to prevent conversion regressions. Skeptical of purely heuristic rules.
• Legal/Compliance (Payments): Needs audit trails, approvals, and market-specific disclosures (e.g., GDPR considerations in EU; record retention in BR).
• VP of Checkout Product: Competing priority—wants engineers for a one-click checkout redesign launching in 12 weeks; will push back on pulling frontend resources.

Constraints

What You Need to Deliver (Candidate Tasks)

1. Workshop plan and facilitation approach: Propose the sequence of workshops you would run (who attends, pre-reads, agendas, and decision outputs). Include how you’ll prevent “brainstorming without decisions.”
2. A v1 scope proposal with explicit trade-offs: Define what is in/out for v1 (e.g., UI vs API-only authoring, shadow mode, approval workflow, rule types supported, market rollout strategy).
3. A roadmap and launch plan: Provide a 10-week plan with milestones, dependencies, and a rollout strategy (e.g., internal-only, shadow, limited exposure, phased markets).
4. Success criteria and measurement plan: Define how you’ll measure fraud loss reduction while protecting conversion and customer experience.
5. Risk register and mitigations: Identify top risks (technical, operational, compliance, stakeholder) and how you’ll mitigate them.

Complications (Realistic Curveballs)

1. Week 2: A major fraud incident hits the US market; two backend engineers are pulled into incident response for 5 business days. Risk Ops demands the new rules engine be used immediately to respond.
2. Week 4: Legal informs you that in DE/FR, certain automated declines may require enhanced logging and retention, adding scope to the audit trail and approval workflow.
3. Week 6: The VP of Checkout escalates that the one-click checkout redesign will miss its usability study window unless the frontend engineer is returned full-time.

In your answer, focus on how you use workshops to drive alignment, produce crisp decisions, and translate brainstorming into an executable plan under these constraints.