As payment fraud continues to become more sophisticated, many payments companies advocate for a return to fundamental security practices while using new technologies to protect their clients.
For example, Mike Rivers, chief technology officer at open payments platform Spreedly, emphasized the importance of a multilayered approach to security and the benefits of an open payments strategy.
“We have to start with the basics,” Rivers told PYMNTS as part of the “What’s Next in Payments” series, explaining Spreedly’s defense-in-depth approach to protecting against external and internal threats. The strategy involves implementing multiple layers of controls, which Rivers likened to “layers in an onion” to reduce the risk of threats being realized.
“To us, security is a competitive advantage,” he said. “And so, we do explain to our customers where we are and what we do from a security standpoint.”
The foundation of this approach includes working with independent third-party assessors to maintain PCI DSS Level 1 compliance and annual SOC 2 Type 2 certification. Rivers highlighted the importance of conducting multiple penetration tests throughout the year, typically every quarter, as well as ongoing vulnerability scanning and remediation as part of a comprehensive risk management program. At Spreedly, this includes a defined risk appetite and risk tolerance approved by the executive leadership team.
“We highly encourage and educate our employees to escalate risk of any type to the information security team via the processes we’ve set up,” Rivers said.
The company’s chief information security officer meets regularly with the executive leadership team to discuss potential risks to the organization and develop mitigation plans. Rivers noted that risks are prioritized based on their severity, with more critical issues addressed more quickly.
As payment processing becomes increasingly global and digital, Rivers emphasized the importance of an open payments strategy.
“Any company out there needs to look at an open payment strategy because it basically future-proofs their payment processing environment,” he said.
This approach allows businesses to connect to multiple payment service providers and access the right tools for their payments stack. This can also include security, like fraud prevention and artificial intelligence-related technologies.
Rivers highlighted the role of partnerships in enhancing security measures. Spreedly works closely with vendors and partners to stay ahead of the curve and determine future needs. This collaborative approach enables the company to offer its clients access to any number of processors, fraud tool providers and other partners that can help tighten the overall security landscape.
He also discussed the growing importance of AI and machine learning in combating fraud. With the increasing speed of transactions and payments, Rivers said solutions must be able to identify and resolve issues quickly to keep pace with payment processing time frames.
Rivers warned that fraudsters are becoming more sophisticated, using advanced AI tools to develop unique attack methods. He noted that certain parts of the world are more active in fraud attempts than others, and specific areas within the payment space are under more intense attack. This evolving threat landscape underscores the need for robust security measures and continuous innovation.
One area of particular concern is the interception of transactions between processors, banks and merchants, he said. This is where Spreedly focuses much of its attention. For businesses looking to enhance their security posture, Rivers recommended implementing a defense-in-depth approach, even if it’s not as comprehensive as Spreedly’s. He advised companies to start with the basics and then consider partnering with an open payments platform provider to access additional tools and expertise.
Rivers also highlighted Spreedly’s efforts to improve authorization rates, lower the overall cost of payments, and help clients deliver a positive customer experience, securely. These initiatives, while not directly related to security, contribute to a more robust and efficient payments ecosystem.
He also emphasized the need for agility and resilience. Spreedly maintains centers of excellence focused on agile product development and works closely with vendors, partners and customers to anticipate future needs and stay ahead of emerging threats.
