SARAH RENDE: Have you ever wondered how many businesses operating online are up to no good? By that I mean they’re not who they say they are, and they’re not selling what they say they’re selling. Estimates suggest that between $800 billion and $2 trillion are laundered each and every year. Turns out bad business is big business. My team’s mission is simple: to build trust in the internet economy. We’re in the business of understanding who our customers are, what they’re selling, and how they’re using Stripe to run their business. We work with businesses like yours, platforms and marketplaces that use Stripe to enable payments every day. Today we want you to understand the role of Stripe and your business in the ecosystem, learn about the risk expertise and capabilities that Stripe offers, and how we can help you. We hope after hearing from some of our customers, you’ll be motivated and inspired to evolve your risk and compliance roadmap along with the growth of your business.

Now, whether you’re new to payments or a seasoned risk professional, one thing we can all agree on is that payments is a very risky business. As your business grows, you’ll be processing higher and higher payment volumes and onboarding more and more customers, which adds complexity. Managing risk is really about minimizing undesirable outcomes that can lead to losses, liabilities, and erode trust. To explain our approach to managing risk, I’ll start by describing the broader ecosystem, the role that Stripe plays, and finally your business. 

Let’s start with the big picture. As a financial services provider, Stripe is part of a much larger ecosystem that includes you, our users, governments, regulators, networks, financial partners, and banks. Together, we create and uphold the rules and guidelines that enable access to financial services. These guidelines are intended to provide trust in the ecosystem and foster that among all its participants, including businesses like yours and the customers that you serve.

Now, going back to this idea of trust, I think this is easiest to think about from your point of view as a consumer. When you’re shopping online, how often do you think about whether what you’re buying could be a scam, junk, or just never arrive at all? Ultimately, having trust in the financial ecosystem means you rarely have to ask these kinds of questions. You have confidence that the merchant you’re buying from is real and vetted, that you’ll get what you paid for, and that if you have a problem you’ll have recourse to take action.

At Stripe, our role in the broader financial ecosystem influences how my team manages risk. We aim to maintain trust with all participants and at every level. For us, building trust isn’t just about preventing bad outcomes. It’s about ensuring that our good users have access that’s uninterrupted to the financial ecosystem and services that they depend on. Put simply, managing risk is a balancing act. We try to enable the growth of our customers by making it easy for you to onboard new customers and access new features while also protecting our customers and our business from legal, compliance, and financial risks. If we’re too loose, we lose trust in the ecosystem and incur higher losses. If we’re too restrictive, it makes it hard to onboard new customers and for them to go live and grow on Stripe. 

Now, on the legal and compliance side, we’re checking to make sure that businesses on Stripe meet the rules and regulations to process payments and access financial services. What does this mean? It means we’re collecting information about who our customers are and confirming the goods and services they offer can be legally sold in all the countries we support. For some industries, there are additional requirements, such as for financial services, pharma, crypto, digital games, where we have additional requirements we need to check. On the financial risk side, we’re focused on minimizing losses from bad actors and fraudulent businesses, as well as from good businesses that may unexpectedly go out of business. These businesses may be unable to fulfill orders, leading to a spike in refunds or disputes. Now, as your payment service provider, we have a vested interest in the sustainable growth and long-term success of your business because when our customers can’t cover their refunds or disputes, very often these costs turn into losses for Stripe.

To minimize losses, we monitor payment volumes, refunds, and dispute activity for all of our customers. In some cases, we come and ask for additional financial information, and we may hold a percentage of payment volume as reserves against future losses. When we’re successful, we have fewer disputes in the ecosystem from fraudulent and failed businesses, and we have merchant funds that have been set aside to cover anticipated losses. Lower losses are good. Lower losses mean we have more money to invest in new products and unlock new business opportunities for our customers on Stripe.

While each year we get better and better at this balancing act, Stripe’s rapid growth means a lot is at stake. We’re always trying to respond to new emerging threats that keep us on our toes. Let’s look at an example. Last year we saw a sharp increase in transaction alerts. These were related to prepaid cards. Our investigators found activity that was tied to hundreds of accounts. In this case, bad actors were using AI to quickly open accounts and transact before our systems could detect them. Our fraud team that includes engineers, data science, and investigators together were able to deny access to over 10,000 prepaid cards linked to this scheme. We developed alerts to quickly identify similar accounts and related accounts when they popped up again, and we reported 650 accounts to law enforcement. In short order, this group of bad actors simply gave up and moved on.

We not only stopped this specific attack, but we also used insights from this event to enhance our alerting system and prevent similar attacks in the future. By kicking these bad actors out of Stripe and our ecosystem, we kept them away from your business and your customers. This is just one example of Stripe’s robust fraud detection capabilities. Platforms and marketplaces like you that are embedding payments for your customers play a similar role in keeping your customers and the broader ecosystem safe.

Now, we know managing risk is especially challenging for businesses like yours. You need to manage the risk of your customers, the businesses operating on your platform or sellers in your marketplace, alongside your own business risk. For example, if you’re an event organizer and you’re selling tickets directly, you’re probably focused on preventing customers from using stolen credit cards where those transactions are likely to get disputed. But if you’re building an event management platform, it gets much more complex. You now need to consider risk tied to both the event organizers that you onboard, your customers, and their ability to manage risk from their customers buying tickets.

So what does this look like in practice? What if you onboard a fraudulent event organizer? Customers could be scammed, leaving you at the center of the fallout. Or if you onboard an organizer who goes out of business and can’t hold their event, suddenly your PR team could be left managing those responses and you could be liable for the refunds or chargebacks. In extreme cases, these kinds of situations could completely derail your business. These examples highlight just a few of the complexities of managing risk at scale and finding the right balance. This is one that enables your business to grow with guardrails to protect your brand and your bottom line.

You can’t simply stop onboarding event organizers just out of fear that one could be fraudulent or go out of business. It’s your entire business. You can’t collect every piece of information or hold onto your customer’s funds until all dispute windows have passed. Your customers will be frustrated and churn in no time, hence the importance of finding balance. Embedding payments into your platform positions you as a key player in reinforcing trust across the financial ecosystem. Like us, you have a responsibility to understand who your customers are and what they’re selling and who’s behind them.

While our job is never done and the balancing act continues, you can leverage Stripe’s risk expertise and capabilities to help you with your risk strategy. Through our interconnected roles, together we can meaningfully build and maintain trust in the internet economy. Now let’s hear from Allison on how our product investments can help you shape your own risk strategy.

ALLISON SILBER: All right. Today I’ll share some new features my team is working on to help you manage risk throughout the lifecycle of businesses on your platform. These features will give your risk and compliance team superpowers, let Stripe do the heavy lifting by automating critical workflows, and allow you to tailor our risk intelligence to your needs. So, to start, we’ve made hundreds of improvements to the Stripe Dashboard. So whether you are a risk analyst, a customer support representative, or a business decision-maker, we want you to easily access the information you need to help support your customers. I’ll share an example using my demo platform, Pose, a vertical SaaS platform for yoga studios. 

In the Stripe Dashboard, I now have a single list where I can easily monitor risk and compliance issues for businesses on Pose. I notice that my customer, Vinyasa Flow, needs to provide some additional information about their business. When I click into Vinyasa Flow, I can see exactly what’s needed and what would happen if I don’t take action on this request. In this case, they’ve recently updated their business website, and they need to provide additional information. I’ll reach out to Vinyasa Flow and see how I can help so that they can continue accepting payments and keep their business running smoothly. This is just one of the hundreds of workflow improvements my team is implementing to help you manage risk more effectively.

But what happens when you have thousands of businesses on your platform and you need to drive action at scale? Well, when designing risk experiences, we’ve often found that the best way to drive action often lies directly within your own product experience. By leveraging Stripe’s UIs for account health, including embedding onboarding like you can see here, account management, and user notifications into your own product, you can automate workflows that collect updated information for your users and future-proof your integration as global requirements evolve. These components are especially helpful for driving action when you offload risk management to Stripe.

Okay. So say I haven’t been able to reach Vinyasa Flow, but I know that they log in to their Pose dashboard every day. That’s how they’re running their business, after all. The next time they log into Pose, they’ll see this notification banner alerting them that action’s needed. This will take them to a form where they can provide information without ever leaving the Pose platform. Both of these are Stripe components that seamlessly blend into your own product experience. And done. They’ve added their information. Now you’ve ensured that Vinyasa Flow stays up and running on Pose, and you’ve saved your team a ton of work in the process. Companies like DoorDash have seen a 22% increase in resolved compliance requests by integrating these workflows directly into their own product experience.

Okay. So lastly, let’s talk about how you can leverage our data to enhance your own risk models. Many customers ask us for help identifying risky businesses onboarding to their platforms. Now, with Radar for Platforms, you’ll have the ability to tap into our extensive risk intelligence, which draws on data from billions of transactions across millions of businesses over our 15,000 platforms and marketplaces on Stripe. This gives you access to the same technology that Stripe uses to manage our financial risk and stop fraudsters. Okay. So, unfortunately, now I see that Vinyasa Flow has been flagged highest risk due to potential fraud, and I need to review. If I scroll, I can see exactly which indicators contribute to this score. It looks like there’s a recent spike in refunds.

I now have all of the information I need to determine whether I need to take further action on this account. I can continue refining these custom rules so that I can restrict suspicious businesses from coming onto my platform. Tapping into our risk intelligence has helped customers like FreshBooks detect and block over 300 fraudulent accounts from onboarding. Preventing bad actors from coming onto their platform has helped companies like FreshBooks maintain trust within their ecosystem. What excites me most about these improvements is their ability to help you manage risk effectively throughout the evolution of your own business. Risk is not static, and the tools that you rely on to manage and mitigate risk should help you constantly evolve as your business grows.

This is just a snapshot of the improvements that we’re making to help businesses like yours effectively manage risk. Tools that our customers are already leveraging to future-proof their growth. Our customers, like Guesty, Kajabi, and Wix, each adopt a tailored approach to managing risk for their businesses, and they’ve evolved those strategies in ways that can really inspire your own. So please join me in welcoming Amit, Vered, and Vinay, and my colleague Tim to the stage to hear more.

TIM SMITH: Welcome. It’s great to have you all here so we can learn a little bit today. Let’s dive right in. Maybe talk first a little bit about how you have all integrated risk into your business strategies. So maybe can each of you start with how you factored risk into your core strategy? Maybe, Vered, you can go first.

VERED RAVIV-SCHWARZ: Yeah. So in the past couple of days at Stripe Sessions, we heard a lot about emerging technologies and how AI can help us improve our business, our productivity, our scale. And guess what? It also helps fraudsters increase their productivity and scale. We’ve all been seeing that with an influx of fraud cases and increased levels of sophistication and creativity in terms of fraud, which means that in today’s world risk management is not a nice-to-have; it’s a must-have for any payment-related business. For us specifically at Guesty, we’re a property management software platform for the short-term rental industry, which means we enable our customers, with the help of Stripe, to process online transactions for millions of guests across the globe.

In order to do that effectively, it’s not just about processing transactions; it’s about protecting them from fraud, from excessive chargebacks, and from damage to their reputation. So we need to have a holistic management approach to risk in order to serve our customers.

TIM SMITH: Yeah, exactly. It’s not risk as a side effect; it’s risk as a core to your model. Vinay, you want to talk a little bit about that for Kajabi?

VINAY MYSOOR: Yeah.

TIM SMITH: How you factored risk into your business model?

VINAY MYSOOR: Absolutely. So Kajabi is a platform for creator commerce. We allow creators to sell, basically, anything they can think of, from a course to a community to a podcast to a newsletter, using our platform. Just inherent in that, you hear me kind of making up—they’re making up products as they go through this, right? These aren’t like set physical products. So we want to make it very easy for them to onboard and sort of iterate and come up with these ideas. But that, of course, makes it very easy for people to onboard and take advantage of your platform, right?

You’re trying to allow a lot of innovation, a lot of difference occurring, but fraudsters take advantage of those things. So the position that we’ve taken is, one, risk by design, right? Design the platform to have pieces of it that allow you to sort of gate people from certain things, to prevent them from getting past you. Then, two, we’ve really—I’ve hired a great team and just focused on making sure that the customer experience is as fantastic as possible, even though we’re dealing with risk on the backend.

TIM SMITH: Yeah. I mean, it’s interesting. We’ve talked a little bit about how you’ve almost got a cone of uncertainty in your business of—like, a creator might start with not a well-formed idea. You’re helping them develop it, and your sense of what risk you’re dealing with will grow as they get further along. You’ve got to keep working with them as they go through that.

VINAY MYSOOR: Yeah. I think most people onboard to Kajabi not knowing at all what they’re going to end up selling. They might onboard thinking like, “Oh, I’ve been really good at gardening, so I’m going to sell a gardening course,” and they might actually end up selling a course on something completely different. So we have to sort of measure their supportability at different points in their lifecycle.

TIM SMITH: Yeah. Maybe jump a little bit. Amit, I know this is a topic you’re passionate about. Can you just talk about what are the misconceptions people often have about risk and building a platform business?

AMIT SAGIV: So I think the biggest misconception about risk is that the risk job is to say no. It’s to stop. It’s to stop the bad people at the gate. I think the risk job is actually to allow the good people in. The more risk is at the core of your strategy and you understand the data points that revolve around the economy that you’re supporting, the more people you get to pass through the door and give a really good experience to. Whether it’s the buyer on the checkout or the merchant on the platform, you always want to be at a place where you’re an enabler, not a blocker.

So I think there’s a really deep misconception that I’ve found with risk that we should safeguard, we should be the gatekeepers at the door and stop. That is very true, but it has to be first and foremost as an enabler of the business.

TIM SMITH: Yeah. It’s something where you just keep digging and learning and it makes your decisions better as you go through it.

AMIT SAGIV: Yes. It’s a never-ending evolution of data. You see new patterns, you see new usage. At Wix, you can, basically, build anything you want. It’s an operating system to the world. We have—from ecomms to services to hotels to digital media. So we get a really big variety. Because we made it in our core values to make it simple for the user, then a lot of people come and try and grow with us. As they grow, we need to grow with them. So it all kind of revolves back to the way you collect and look at your data. If you look at your data in a positive way, like what could this data generate for me in a positive manner, then your risk will generate revenues and you will grow. If you look at the data and you constantly look at, okay, these are fraudulent patterns and I have to block and block, then you’re kind of in a regression.

TIM SMITH: Totally, 100%. Vered, maybe I’ll jump back to you. I know you, at some point, had to make a decision, like, is risk a thing that you’re going to manage in-house, or are you going to have a partner handle it for you. How did you make that decision at Guesty?

VERED RAVIV-SCHWARZ: Yeah, well, first of all, at the end of the day we chose a hybrid solution where we use external tools for protection and detection of fraud, AI-based algorithms, and so on. But we also have our in-house team of underwriters and risk managers, and I’ll explain why. Well, first of all, it’s a matter of scale, of course. If you don’t process at least hundreds of millions, don’t even start and don’t try to get there, and you can completely rely on Stripe and not do anything internal. But the other issue is really the industry you’re in.

In our case, our in-house team specializes in hospitality just like Stripe specializes in payments. So what we look at is things like booking trends, and guest behaviors, and patterns that could allow us to help our customers make better choices. I’ll give you a very simple example. In hurricane season, we see a spike in chargebacks in hurricane-impacted areas, and that’s not because of stolen credit cards, right? It’s because of what we call friendly fraud. It’s guests who want to cancel their booking without penalty, so they just charge back their cards. Now we know that. We understand that behavior, and we can protect our customers against the risks of that.

TIM SMITH: Yeah. I think you have such domain knowledge that we don’t always have access to, and you just see the pattern in a different light, and you can act on it more appropriately in some of those cases. It makes sense. Let’s talk [about] just maybe some of the tactics you use, if you want to talk a little bit about is there a specific indicator you’ve learned or something you’ve added to your flows that you’re checking for, that you watch on the platform. Amit, maybe I’ll start with you.

AMIT SAGIV: Yes. That connects really well to the misconception. There is no single data point. I think that looking for that unicorn piece of information is something any kind of business, whether it’s small or big, should avoid.

TIM SMITH: Because the fraudster is eventually just going to take that thing and use it, right?

AMIT SAGIV: Exactly. So, yes, there are some key parameters we all look at: velocity, chargeback ratios, refund rates, other things. But I think what’s really interesting is to fully understand your user journey and how does the data move as that user matures and what risks it brings you. When you have that holistic view, that’s where you’re really powerful. Of course, the road to get to that point of view where you have that full spectrum is not immediate. You would start by collecting the entry points data, your compliance, your KYC [Know Your Customer], understanding who’s in front of you. Then you have your classical risk—financial risk—that you’re heading. Very straightforward from the beginning. What’s coming in my checkout, who’s buying, what kind of cards, that kind of behavior.

But very fast you’ll realize that that scattered point of view doesn’t give you real robust ability to fight off a smart fraudster, that all they do all day long is plan how they’re going to attack your platform. So if you have static controls, that’s good to an extent. If you have only models, that’s also good to an extent. So I really relate to what Vered said before about that hybrid model. Some things you’ll build in-house. Some things you’ll bring from the outside. But definitely what will be your own is your perspective of data.

TIM SMITH: You said to me just before, “The fraudsters don’t go away. They just get better. And that’s why you’ve got to keep getting better.”

AMIT SAGIV: Yeah.

TIM SMITH: And that goes to your point on AI earlier: the adversaries are only going to get stronger going forward.

VERED RAVIV-SCHWARZ: Yes, definitely. Just to add to Amit’s point: when it comes to being industry-specific, we can identify certain criteria that would help us identify frauds in ways that you cannot identify on financial fraud tools. Again, just is it a last-minute booking? That raises a flag for us, right? So all those—and you all have your business KPIs, and you can all find what are those doing in terms of risk management.

TIM SMITH: Vinay, maybe I’ll jump to you and just talk. At Kajabi, the time you’ve been there, what significant changes have you made to the risk strategy over time?

VINAY MYSOOR: Yeah. So I would actually say the biggest change, which I was actually candidly very surprised by, is we’ve actually started educating our customers a lot more about risk, or being a little bit more sort of up front about what we’re doing and why we’re doing it. So you have these creators come onto the platform. They’re like, “Hey, we want to sell a live event in the Bahamas in six years.” We look at them, and we’re like, “That doesn’t make any sense.” They’re like, “No, you should support this. Why aren’t you supporting this?” We’re like, “Look, you have event risk. You might decide in a year that you don’t even want to have this, and then you’re going to have to refund this money. And if you’ve spent it, you won’t have it.”

So I think the thing that we’ve sort of tried to incorporate more and more into our risk actioning is not just saying, “Hey, we’re not going to allow this,” but why we’re not allowing it and making sure that we’re building trust with the customer, especially with these new creators who are generally younger. They’re generally first-time business builders. They don’t necessarily know the problems that they’re going to encounter. So working with them, educating them, being part of that process.

TIM SMITH: After the Fyre Festival, I think everybody’s got their eye out for the dubious upcoming events. Maybe just one question to close out. Vered, you can take this. What’s one thing you think we can do to just build more trust in the internet economy that—you know, we saw the bubbles on the last slide of the ecosystem risk. What are the things we can be doing to improve there?

VERED RAVIV-SCHWARZ: Yeah, sure. So two things. One, to your point, a lot of it is about user education. How do we really help our customers get better at identifying fraud and preventing it, and the behaviors of their guests that they should be looking at? Of course, the other thing is just building unified processes and best practices because the more aligned we are as an industry in fraud prevention, the better we’ll get.

TIM SMITH: Totally. When you talk to risk professionals, they often talk about that first line of defense. In your case, that can be like a host, or a property owner, or something. They become the first line of defense. What are the things they’re looking for? The transactions that never make it into the system are probably the best ones in terms of risk. 

Well, we’re at time for the panel. I just want to say, Amit, Vered, Vinay, thank you so much for sharing your insights, the real things you’re doing on your platforms.

AMIT SAGIV: Thank you for having us.

TIM SMITH: Yeah, we’re really appreciative of it. And just—yes. For the audience, if you’re a platform or marketplace and you’re enabling payments, it should just, hopefully, be clear from this session that risk has to be an integral part of what you’re doing. It’s not like, “Oh, I offer payments and I have this negative side effect.” You have to own it. You have to put it in the center of that business. Obviously, also, we want to educate you on the broader financial ecosystems, the role Stripe plays, the business plays. We don’t want it just to be like, “Oh, there’s a bad guy that’s forcing a thing,” a regulator or somebody. It’s got to be in the core, in building trust. So you really have to understand those things to strike the right balance in your strategy.

With that, I think we look forward to partnering with all of you as you evolve your risk strategies and turning this into a business opportunity. We appreciate you joining us today, and thank you for your time.