Hello There!

This article is a lightly edited guest post sharing examples of how fraudulent signups inflate metrics, distract teams, and potentially cause harm when new products are launched.

One Lagos January morning this year, a client was excitedly talking to me about their product launch. Signups were coming in, they said. People were depositing. The reward plan they had just launched was working. They shared all this with that excitement founders have when the numbers are finally moving, and they want someone to feel it with them.

Unfortunately, as more details were shared, I realised that the pace they were describing was wrong. Not wrong, like something was broken. Wrong, like something was working too well, too fast, too concentrated. Early signups, sudden deposits, all within a tight timeframe.

In fintech, that combination sometimes is growth. But oftentimes, it us the other “thing”.

This “thing” is not an African problem. It is not a Nigerian, Indian, Ghanaian problem or an emerging markets problem. It is a fintech problem.

Amanda Peyton built Braid, a consumer payments company in San Francisco, raised $10 million from Index Ventures and Accel, and wrote one of the most honest startup postmortems I have read. The first myth she tackled was this: your early adopters are your best customers. They are not always. Sometimes they are the people who found your loopholes before you did.

I remembered a fintech whose referral numbers were looking healthy on paper. Signups coming in, deposits trickling through, the dashboard telling a pleasant story. What nobody had caught yet was where those users were coming from.

In a local marketplace, far removed from the startup’s target demographic, people were being told the app was a government platform. Sign up, make a deposit, collect your reward, keep getting paid. The people who believed it were not sophisticated fraudsters. They were ordinary people who trusted whoever told them. The damage was the same.

I have sat in on user calls for a different product, trying to understand why certain users go quiet after a promising start. One by one, the so-called active users picked up the phone with no idea what the app was. Some had never downloaded it. Some vaguely remembered someone asking to use their number. None of them had signed up willingly. The accounts existed, but the users did not.

Recalling these experiences, I let my client know that their startup was being attacked by what I like to describe as a raid cell.

What Is A Raid Cell?

A raid cell is a group of individuals who share updates about loopholes or arbitrage opportunities. In certain circles, finding and exploiting a new fintech app is not fraud — it is a skill to make it out of the trenches.

These groups range from loose amateur collectives to highly coordinated operations running across multiple Telegram groups and Discord servers simultaneously. The structure is what makes them dangerous, and they recreate these behaviours in targeting multiple popular fintechs across the ecosystem.

It starts with the scouts. Their job is simple: track every new fintech launch. A new app goes live, a beta opens, a reward plan drops, and the scout knows before most of your team does. Once they have something worth sharing, they alert the group, and the next set of hands takes over.

The explorers move in. They test everything: signups, KYC flows, first deposits, transaction limits. At the KYC stage, they try combinations of documents and details to see what passes and what breaks. Some will get on a call with your support team — not because they need help, but because a friendly customer service agent is a source of information. They are mapping your product from the inside.

When the explorers are done, the observers settle in. These are the ones who log in daily, check rates, poke at new features, and wait. They are usually the first to know when your app has a rate glitch that makes a transaction more profitable than it should be. They know your product sometimes better than your own team does.

If your compliance is lax, the information gathered gets passed to darker actors. Accounts get created with stolen or synthetic identities and resold. What started as an arbitrage play becomes something harder to clean up.

The amateurs in this ecosystem usually stick to referral bonuses and rate arbitrage. They are annoying but manageable. It is the coordinated cells that can quietly distort your early metrics while your dashboards are still being set up.

This is why even startups that do a silent launch — tell nobody — find that within minutes to a few hours, they are already inside.

They are not waiting for your press release. They are looking for the next app to run operations on, because they have already been blacklisted on another.

One more thing worth noting: not every raid cell is after your compliance gaps or reward loopholes. Some are hunting for the best app to serve a temporary need. They come in, use what they need, and leave.

No fraud, no foul play, just churn. But they are equally dangerous because they show up in your growth numbers the same way real users do and disappear just as quietly, leaving you with inflated acquisition figures and a retention curve that makes no sense. Chasing them leads you to make decisions based on users who were never really there.

So What Do You Do?

The first thing to accept is that you cannot escape them. Compliance helps. A well-structured reward system helps. But raid cells are a permanent fixture of this industry, as reliable as the market itself. They were here before you launched, and they will be here after. The goal is not elimination — it is making sure they never steer your product decisions or distort your growth projections.

Data as a Shield

At Timon, we had two things locked in from day one: a vertical focus on travellers, and compliance with zero referral rewards.

The vertical focus mattered because in a market with this many players, knowing exactly who you are building for keeps everything else honest. Your growth strategy, your partnerships, your messaging — all of it follows from that clarity.

The zero referral rewards decision was harder than it sounds. It slowed early acquisition. Nobody was sharing the app because there was nothing in it for them. But the alternative — waking up to find that 20% of your operational cash has gone to ghost users — was worse.

We started seeing growth and celebrated as any team would. But the churn caught our attention. During investigations, we found a cohort of users with interesting use cases. Nothing illegal, but inventive. For a moment, we considered building to serve some of them because the volume, at surface level, looked great.

Experience reminded me what that path looks like. Certain cohorts flood new products, inflate your numbers, and churn the moment something shinier or cheaper launches elsewhere. Building for them is like decorating a burning house.

Here is what we did instead, and what you should do:

First, understand your vertical focus before anything else. Know who you are building for well enough that a deviating cohort does not confuse you.

Second, filter your active users into broad cohorts: those who match the patterns you expect, and those who do not. Track average transaction value, revenue, and any other key metrics for each group.

Third, compare those metrics and watch for consistency over time, not just volume spikes.

Fourth, act on what you find.

When we compared, the numbers were clear. The raid cohorts had higher volume but lower average transaction value and poor retention. Our intended vertical showed the opposite. We stopped entertaining the idea of building for the other cohort, tightened our messaging, and went deeper on who we were actually for. Our average transaction value grew 5x in a year.

Raid cells send signals that will sink you if you follow them. Filter and focus.er and focus.

When the Signal Is Real

That said, not every unexpected signal is a raid cell, and not every deviating cohort should be dismissed.

Accrue discovered a turning point when a user in Ghana used a deposit feature to send money to a relative in Nigeria. That was not what the feature was built for. But instead of dismissing it, the team paid attention, investigated the behaviour, and found real engagement behind it — not arbitrage volume, but people with a genuine need. They repurposed the feature for cross-border payments, and within seven months, it grew from 3 to 4 percent of revenue to over 70 percent.

The difference between a raid cell and a genuine insight is what the data looks like when you go deeper. Volume without retention and poor average transaction value is a raid cell. Unexpected behaviour with strong engagement and real use cases is a door worth opening.

Keep Compliance Close

If you have a compliance person or team, talk to them regularly. It can feel like they spend more time trying to slow down growth than enable it. But they are the ones who will catch what your dashboards miss. They do an amazing job.

For rewards, the rule is simple: the commitment should always be greater than the reward. Someone deposits $10 to qualify — give them $1, but make it withdrawable only after a certain timeframe, or convertible to points that can be spent in the app. That single design decision changes the entire incentive structure for raid cells.

Your first 1,000 users will test your product in ways you did not plan for. The ones worth keeping are the ones still there after the loopholes close.

Share

*Feranmi is currently running startup growth clinics where he shares insights and context from his experience working with startups to navigate go-to-market entry in West and East African markets. More details Here