Greg: Hi, I am your host. Greg Myers. This is Episode 11 of the Leaders in Payments Podcast. This week. My special guest is Martin Sweeney, the CEO of Ravelin. Martin talks in detail about Ravelin’s fraud solution, about their global customer set and provides some great insights about PSD2 and 3D secure. He also talks about why the U. S. Market is so attractive for Ravelin. So, let’s get started…
Hi, Martin. Thank you for being here and welcome to the Leaders in Payments podcast.
Martin: Pleasure. Thank you for having me.
Greg: Great. So, tell the audience a little bit about yourself – maybe where you’re from, where you grew up, went to school a few things like that.
Martin: Yes. So, I’m Martin Sweeney. I’m from the UK. I grew up in the northwest of the UK near a little place called Liverpool, which you may have heard of. And I currently live in London, which is where our company’s based.
Greg: Okay, great. So let’s talk about the company Ravelin a little bit. Tell the audience exactly what you do.
Martin: So, we do fraud detection for online merchants, particularly those who are looking to grow as fast as possible, with as little risk as possible and with the best customer experience possible. We do that by taking data from merchants about their customers and making educated predictions about who is going to be a fraudster and who is not and enforcing business policy in terms of service is well to make sure that the whole payments and revenue assurance piece is as smooth as possible and as efficient as possible. And the end result is that we deliver as high as possible growth figure with low false positives, which is when you make a mistake in your prediction and low fraud numbers at the end of the day. And really this is transformative for our merchants, making a huge difference to the companies that we work with and helping them grow their businesses even more. So, we work with a wide variety of merchants. They tend to be the bigger merchants. They tend to be sort of international. Many of our merchants trade in north of 20 or 30 different countries, and we have a team here in London of about 65 people and then around the world we’ve got about another 10 or I think, maybe 15 these days, 15 remote employs around the world. So, we service every single market in the world. But we operate primarily in Europe, and that’s where our operations are based. But we service our clients international, and that’s a real core component for us.
Greg: Great. Yeah. And when I interview CEOs for this show and I asked them about what are the trends in the future, almost all of them talk about fraud detection, and the value that it provides and how you know that’s a great area of growth. So, I think you’re in a great market.
Martin: Sure. Well, it’s a slight, perverse thing because we don’t want there to be fraud. And so, sadly, we’re in the environment where actually fraud is growing faster than the underlying rate of e-commerce is obviously different in different markets. But we see the trade-off between convenience and conversion, having the proportion trade often increased freedom risks. So, what we help people do is to find the third way. Instead of just accepting poor conversion or high risk, we offer you good conversion and low risk. That’s fundamentally where we are. We think that whichever version the future comes first fraud is going to be a big part of that. And we’re confident that for merchants having the ability to manage their risk effectively, flexibly is going to be crucial way to compete in the future.
Greg: Absolutely talk a little bit – I read about on your website that the company was born out of a taxi app business. So maybe tell that story.
Martin:Yeah, so you know, it’s right the way through our DNA less the taxi specific, but more the fact that we used to be merchants ourselves, and I think that’s really important because we understand fundamentally the businesses that we work with. What it means is that we really understand what you’re trying to do, and I think the taxi app business is a quite unique way of starting. So, when we were in taxi apps this is sort of 2010. We were competing with this little company called Uber actually Uber Cab at the time. And actually it was a totally wide open market. And what we were doing at the time was quite novel for apps, which was to take payments and allow people to book taxis and pay for them in real time. Any commerce pre the smartphone revolution has not really changed a huge amount. You know, it’s all very desktop based. It was primarily airlines, hotels, retail, e-commerce, and some services. Actually, the fraud profile in that environment hadn’t changed either. Now, actually, what we saw with the start the smartphone revolution is that all the people like ourselves who are producing these mobile laps with all about user experience? We were conversion mad, so we would optimize every single page, every single view, every single button, every single form field to understand if we add that or will remove that, what is the proportional increase or decrease in our traffic? Because when you’re in the growth stage of your company, you’re looking to spend a marketing and you’re looking to get those people through the funnel as efficient as possible and in the taxi app space, we were no exception to that. So, really, when we thought about fraud and when we understood, understood how it would impact our business, we always came at it from a conversion point of view first. So if you think about you’ve designed this app, you’ve made this wonderful, beautiful experience. You’ve essentially crafted a Ferrari. This is your Ferrari. And then if you hit your trailer to the back of your Ferrari, which is the traditional way of managing fraud with rules engines, manual review teams and lots of high touch intervention, it’s going to massively impede the performance of this beautiful Ferrari you’ve spent years and millions of bucks creating. So actually, what we would do is to create the perfect, most symbiotic fraud tool to help you with that. And the nice thing about taxi apps is that in many ways they sort of exemplified the future of e-commerce, which is a bit of a mind bender. But let’s just go through it. So, it was all about high volume real-time and low margin those of the big three characteristics that we were exploring in the taxi app space. So, taxi apps only really work at scale. So, you’re going to have millions of orders flowing through every year. Low margin, you are in the market where you’re taking a 20 or 15% cut of every order and after all your fees and taxes, your margin is probably sub 10% which is quite low margin, actually. And so the cost of fraud is disproportionate to those businesses, especially once you consider the average transaction value of a fraudulent transaction is sometimes more than double the normal average transaction value so it can take you 20 orders to pay off one fraudulent order. So the cost of fraud is massive in the low margin industry, and then real-time is kind of the future of e-commerce. So, whether you’re selling services like taxi apps or food delivery or digital goods or any others of service, or even when you’re selling retail physical goods through a warehousing process, everyone’s going to really time. It’s all about moving towards same day delivery towards real-time. You know who wants to wait three days for your stuff to arrive. Nobody. That’s not how you compete in the modern world. So when we think back to what we were doing and taxi apps starting out life in this low margin, real-time, high-volume environment, actually, we see all those characteristics playing out in every industry in e-commerce that we live in today, so everyone is pushing for real time. Everyone is competing, and that often means lower margins. And high volume is wherever makes the money when you make lower margin. So this is a really good place to set us up. And when we think about the company today, the kind of merchant first understanding from our product and from our relationship point of view means that we really get our customers. And we work incredibly closely, incredibly strongly with our customers together, rather than you know, having a sort of vender supplieresk relationship, which can be a bit too transactional. This is a hugely important part of our customers businesses we are making not quite life and death, but you know some big decisions on behalf of our clients and which of their customers can use the service or not so they really have to trust us, and we really have to know what their business is trying to do to deliver it for them. So that’s the background. That’s why I think it’s so compelling to have that background in the company today?
Greg: Sure, absolutely makes a lot of sense. Let’s talk a little bit about the PSD2, which I believe, if I have my facts right came into effect for e-commerce in September of last year. There’s a lot of acronyms in there – maybe explained that through the lens of what you do in your solutions and then maybe also for U.S. merchants what that sort of effect is for e-commerce operations here.
Martin: Sure. Okay, so it’s not actually in effective yet. There was a delay because of the complexity of delivery, because payments is a very complex field and there’s lots of different moving parts and actually delivering the infrastructure to support that legislation turned out to be way more complex than the regulators initially thought. So, actually, it’s coming into force on the 31st of December this year, 2020 although I suspect there may be a further delay on that, given the environment we’re in at the moment. So, PSD2 essentially means there’s two big parts, one is open banking, which I’m not going to talk about. The other is greater security and less fraud. So, let’s just rewind a few steps and get back to how payments work in the EU or in parts of the EU, when you pay in store, you do chip and pin, so you put your card into a machine and then you enter your pin and then the payment is authorized if you get the pin right. And if you get the pin right, that means your bank knows it’s you who’s paying. And so, if there’s any fraud it is the bank who pays for fraud. When you think about online payments, it works a little different. So, when you go to pay with your card on-line, there is no chip and pin right. You don’t enter your pin onto a website. You’ve got to if you want to authenticate, so identify yourself to your bank to prove it’s really you, the cardholder. There’s something called 3D Secure and 3D Secure is a way of I would say proving yourself to your bank to say that I am the real cardholder and it sort of works apart from sort off isn’t really good enough. So, it turns out that when you use 3D Secure, which you may not know the term, but you’ll certainly know the interfaces – it pops up an i-frame or pops up a window open or open i-frame inside your browser on your phone, and then it asks you your password, maybe a text messages or SMS you a code, and you have to enter the six digits from the SMS. It turns out, looking at the data that for all of the uses that use 3D secure, about 20% of them fail to authenticate. And that’s a massive number. Imagine going through the conversion journey of a merchant and saying, hey, right at the end of your user flow, we’re going to put in something that means that 20% of the uses that you’ve acquired into your business I’m not going to be able to buy the service is that you’re selling all the goods yourself. I mean, that’s crazy, right? So actually, 3D Secure is bad for business, and they’re improving it with new versions out there that are better. But fundamentally, this is software designed by banks that is not very consumer friendly. So, what we say is back to my original proposition, which is either you accept poor conversion or you accept lots of fraud. You know? Why not have a third way? So, we deliver that third way. This is great conversion and low fraud, because we give you the best of both. Now, what PDS2 does is it changes the whole landscape. It says, hey, guys, you know that equation you have right now of using 3D Secure and only your highest risk customers? Well we’re going to tear that up. We’re going to say that you now have to use 3D Secure on every transaction. Stunned silence from merchants around the world. This is huge. So, you’re telling me that I have to take my Ferrari and hook up a horse trailer to the back of it? Because the regulators are telling me to – so this is insane. So, when the regulators came out with their drafts for this new regulation, they got a lot of pushback from industries that guys, this is insane. You’re going to kill us. This is going to halve the GDP of the Internet. It’s going to be really bad for everybody. Can you reconsider? So, they reconsider. They came back and they came back with this thing called an exemption. So, you can think of this very high level as saying you have to use 3D Secure on every transaction unless… drumroll unless you’re good at fraud detection. And so what that means is that for all those merchants out there, all those merchants out there who are concerned about their users and their conversion, those guys can invest in fraud detection technology to make educated decisions about which customers are high risk and which are lower risk. And if you think, low risk, then you can apply for an exemption to say, I don’t want to use 3D Secure on this transaction and there’s lots of caveats. There’s lots of complexities in this field, but broadly that’s the picture here. PSD2 is more 3D Secure. Unless you have a good reason to not use it and the best good reason is because you’re good at fraud detection.
Greg: Okay, great. So where does the SCA fall into that?
Martin: So SCA is 3D Secure. SCA is a defined as strong customer authentication When you are regulated, you don’t like using proprietary technologies. You want to put in the law broad brushstrokes about how you think things should be implemented. So regulators don’t say use that technology because that would be anticompetitive. Instead, they talk about the underlying principles off that technology. And so they say, authentication, strong customer authentication means actually, you have authenticate yourself with two out of three factors and in practice for online card payments, that means 3D Secure.
Greg: Okay, makes sense. In the U. S. EMV is a relatively recent initiative. In fact, at the gas pumps, it’s really recent. But, you know, in implementing that, obviously we’ve seen fraud move online. You know, my understanding is that you guys are moving into the U.S. market – maybe talk about that a little bit if EMV had anything to do with that or talk about your growth here in the U.S. and what your plans are here.
Martin: Yeah, Yes. Oh, absolutely right that when you put in EMV or Chip & Pin depending on how you want to brand it, it absolutely works in the real world. It turns fraudsters away from, you know, the gas pump or the in-store version, and it moves them onto the wild west of online card, not present transaction. So, what we saw in Europe about coming up to 10 years ago is that the big shift in fraud was to online and the U.S. is now on that same journey. Fraud online in the U. S. is booming. You know, that’s a pretty attractive target for someone like us. We think we could make a huge difference to people in the industry, merchants and payment service providers to say, hey, there is an alternative. And in the U.S., the adoption of the 3D Secure technology by the issuing banks has been somewhat lower than in the EU. And I think in the EU tend, let’s take the UK as an example. You know, we have here nine big banks that represent over 95% of cardholders in the UK have an account with one of the nine big banks. And so it doesn’t take much for your nine companies, but nine fairly well run big banks to actually implement technology. Now in the U.S. the picture is a little bit more fractured. There’s many more, many more banks, and the penetration of the big five is much lower than it is in Central Europe. So when you consider rolling out a technology that has cost to implement and it’s relatively complex and consider all of the different banks and card providers across the U.S., actually being quite hard to roll out as Visa and EMVCo have found. So, in the U.S. I think is a good opportunity. It does mean that, you know, consider in Europe what we recommend is either for each transaction, yes, no, maybe, should we accept that transaction or should we just drop it on the floor or its 3D Secure. Now in the U.S. the equations little different because what we do is, we take the card and we look up if it’s capable of 3D Secure. So, is the issuing bank capable of implementing or have they implemented? Are they capable of performing an authentication on the card? If yes, then we would recommend it. But actually, it just means your calculation of what to do in that situation gets just a little bit more complex. Because if you know the bank doesn’t support it or that this particular customer is very unlikely to complete it, then you’re kind of back to just your yes, no, rather than your yes, no, maybe. The U.S. is a fascinating opportunity from a sort of payments or authentication rollout point of view. But we also think that because many, many of our existing clients already trade in the U.S. and we have many customers in the U.S. already our expansion there is, I think, a very logical extension of the business plan. So far, we’ve been extremely pleased with the traction. We’ve got some amazing deals and some wonderful customers here we’re going be talking about in the next couple months as we release those press releases and start talking publicly about who we’re working with there.
Greg: Great. So as with the payments industry as a whole, it’s very competitive, and I’m sure in your space is as well. So, talk about what makes your company different than your competitors.
Martin: So, we really pride ourselves on the relationships we have with our customers. I mean, let’s take it for granted that we are just better than everyone else. I think we can agree that. But in principle, actually, what that means is that the fraud performance that we deliver is amazing. But more than that, it’s about the actual day to day relationship we have with our customers. So this is It’s not just a sort of transactional. You provide me the tool, I will use it. I will get better or you provide me the predictions and I have no say over what happens. Actually, because we’re working with connoisseur buyers, experts in their own field, real specialists who get their businesses. What we find is because we’ve chosen to specialize in that section, the market. You know that the large enterprise merchants of the world those guys have expectations around relationships, account management and performance that we’re able to deliver because we are focusing on that segment and because we have been merchants before and I think that really differentiates us in the market. And then beyond that, we’ve got some amazing technology which I can talk about for hours. But broadly means that we have a very different way of spotting fraudsters, visualizing fraudsters and in the future we will also be performing the 3D Secure authentication ourselves as we roll out into that side of payments industry.
Greg: Okay, great, I think would be remiss if we didn’t touch on what’s currently going on in the world today. So maybe tell the audience what Ravelin is doing to support your employees and your customers during this sort of challenging times we’re in.
Martin: Yeah, well, it’s certainly on everyone’s minds right, and I think we’re probably all working from home at the moment, and that places lots of different demands on everyone. We’ve got our families in the office. You might be able to, in the home office hear my children running around in the background, shouting and screaming. So, I think that is firstly, the obvious impact on employees is you can’t expect everyone’s working routines to stay the same. And so, you’ve got to be flexible and what we’ve done well for the past three years at Ravelin is to work from home as a matter of course. So every week we have one day a week mandatory working from home every Wednesday, which meant that all of our systems and all of our technology is already set up for working from home and that feel we’re extremely privileged to be in this position where everyone has laptops. Everyone has a home office already. Everyone has access to all of the data and systems they need, rather than scrambling around from the desktop-based environment, with then having to go through VPNs that no one’s used before. We’re sort of ahead of the curve, and I think that’s one of the very lucky as a new tech company to be sort of native to the remote working, so adapting to that has been easy, but I do think the biggest impact from employees is just, you know, working from home on not having the social contact of those around you and having to adapt to a situation where your kids are at home as well. And clearly there’s impacts that so we’ve done lots of things to keep everyone’s morale up, little stupid things like we have a constantly open video chat where anyone can just drop in and have a cup of coffee together and talk about how their day is going. We have interactive board game nights. We have dog walking channels. If you want to go on a walk with someone’s dog with them remotely, they’ll take that camera with you. All sorts of stupid things. But it makes a huge difference to everyone’s morale.
Greg: Sure, What about your customers? What are you hearing from them? How is this time changing them?
Martin: Well, I think the general trend is that you know, all the cards have been throwing up in the air at once, and there’s definitely impacts. People have changed their consuming habits and merchants of feeling that for good or bad. And I think it wouldn’t be surprising to say that the merchants who rely on travel would be suffering some because, really, that’s happening a lot less. And then beyond that, you have people who are providing goods and services you can consume well said at home all day. They’re doing very well, so you know if you’re providing video streaming services, video conferencing, education tech for children in schools. Gaming in general is booming. And so, there’s swings and roundabouts, we would say. And there are winners and losers from this situation, I think then the natural conversation turns to how long it will last and what the long-term effects are going to be. And I think you know, in general when this all passes and we’re all back in the office is there will be some changes in consumer activity that may be more of a shift to remote working in general. I think that would be a great thing. There would be maybe less travel in general. Maybe people realize they don’t need to fly as much as they may have done already, and we could see changes in the macro environment. I do think there’s also the decent risk of there being a sort of a recession, a question of how long for? But in recessions, you know, we’ve found that fraud goes up and there’s more attention paid to people’s margins as they’re looking to run their businesses slightly more conservatively, so I think there’s a bunch of knock on effects, but I would be very cautious about pretending I have any answers for them.
Greg: Right. That sort of leads into the next question. Where do you see the fraud industry heading in the next 2 to 3 years?
Martin: Well, I think PSD2 is a good sort of indication of things to come. So, the role of regulators if we could just get big picture for a second. The role of regulators is to step in when markets have not been operating efficiently and to set direction requirements for the market. And I think in Europe that’s what’s happened. They said that there’s too much fraud online. We’re setting some benchmarks and some expectations and everyone has to get with the program. So now Europe has a habit of being a bit heavy handed with these sort of regulations, and it certainly wouldn’t go down well, I think in other places around the world, so I don’t think we should all expect that PSD2 will land in the U.S. But I think there’s going to be flavors of it. So, if you look at Australia, get Brazil, Canada, South Africa actually you can see versions of PSD2 coming, so the new normal is more authentication. But as a result, there will be more people looking to optimize the use of authentication. So, I think that’s going to be the new normal. Fraud is ever present and ever changing. So, fraudsters will change their habits in response to the changing regulator and technological landscape. So, I think broadly 3D Secure It’s definitely not immune from fraud. Fraudsters are very adept attacking it. They know exactly what to do and how to get around it. So, you can expect that 3D Secure will go up as 3D Secure is more used. And then I think a big trend that we see a lot of is account takeover, which is a function of general poor security across the consumer side of things. Where, and I think we would all recognize this of ourselves, we reuse passwords. You know we’re not good at password hygiene of using totally unique and simultaneously memorable passwords across all of the service’s you use. And as a result, if you let’s say, have two or three passwords, if just one of them gets hacked, all of the service is that you’ve used that password on there now vulnerable, and many of those service is these days have a card on file. And so it doesn’t take much for an attacker to compromise your password from another service, log into a second service using your password and in the mail combination, and then shop on your account, benefiting from your from your very good reputation because you’ve been a great customer for a long time, and then they get to ride through all the fraud prevention that didn’t know about it can takeover. So, I think if you’re in that situation, which many are, it’s not just a fraud problem its much bigger than that. It’s a reputational data protection issues, information security. So, I think fraud is expanding more and more And the trends, I would say, are two generally card not present fraud will evolve, fraud will find other ways of coming through, and fraud as a whole is getting bigger. So those would be the only high-level trends are commit to you rather than a specific predictions.
Greg: Sure, great. Okay, we’re about to wrap up, any final thoughts for the audience today.
Martin: I think. Stay safe. Stay home. Wash your hands and this too shall pass. And I’m looking forward to the shape of the world on the other side.
Greg: Yeah, I agree. 100%. Well, Martin, thank you so much for your time today. I know your time is very valuable, so I really appreciate you being here.
Martin: Always happy to talk about the industry. Thank you very much for the time. Pleasure to be on.
Greg: Yeah. Thank you. And to all you listeners out there, thank you for your time as well. And until the next story…