People of WePay: Vinodh Poyyapakkam, Vice President of Risk Management
One of WePay’s competitive advantages is that we can indemnify our customers against the risk inherent in payments. In order to do that we use advanced machine learning techniques as well as an expert human risk team that combine to deliver best-in-class protections. In this interview with Vinodh Poyyapakkam, Vice President of Risk Management we take a look at our approach to risk and his thoughts on the current state of risk management.
What in your mind makes up risk? What aspects of payments come into the mix?
Risk can be defined as potential liability to the firm. This could be in the form of financial risk due to merchant fraud or credit risk; regulatory compliance risk due to not adhering to regulations; card network compliance risk from a payment card network (Visa, MasterCard, etc.) standpoint; information security risk from a data breach standpoint; or reputational risk to the company due to bad press because of something we did or did not do.
What makes you excited about tackling the issues of risk in payments?
The biggest challenge in the world of risk is being able to confidently identify who are the good customers. This excites me the most, because this is not only challenging to decipher, with the limited amount of information we usually have on our users, but being able to enable small and medium businesses that others won’t service to accept payments is very satisfying. On the other hand, keeping fraudsters and bad actors out of the payments ecosystem is equally satisfying since they can cause tremendous disruption to the financial ecosystem
What does WePay do to make sure we deliver on our promises to customers around risk?
WePay is primarily focused on serving software platforms such as FreshBooks and Joist. Our promise to our customers is what we call a ‘two thumbs up’ value proposition. The idea is they can manage the experience for their users, while WePay will manage the necessary risk and compliance obligations, including protecting them from any financial loss liabilities. We take this very seriously and strive to provide the best experience possible to the users of the software platforms, including customizing the processes and communications where necessary. We do this while making sure we provide the full force of our innovations to keep the bad actors out and take on and minimize financial liabilities, to shield the platform customers from having to worry about how to manage risk and compliance
What’s a lesson we’ve learned in dealing with risk and how do we act on it?
It’s important for us to keep things real and not get carried away by numbers alone. We are in the business of enabling livelihood for thousands and thousands of small businesses and also helping people in need. Every payment we wrongly deny for risk reasons could be lost revenue for a merchant or a missed donation for a fundraiser with GoFundMe. Any delays in settling the payment proceeds to a legitimate merchant can cause cash flow issues, which might mean not being able to pay their employees on time. We have learnt these lessons over time and keep them in mind while still trying to protect WePay and the broader financial ecosystem
What metrics matter most to you around risk and why?
We try to balance metrics between loss mitigation, customer experience and business enablement. While we focus on keeping losses down by measuring the ratio of unrecovered losses to payment volume, we also make sure to balance this with customer experience metrics such as how long we take to review suspicious or risky transactions, or how fast we settle to the good merchants.
What’s a great lesson you’ve learned around risk and fraud that everyone could benefit from?
Fraudsters are not amateurs. Fraud has turned into a thriving and professional industry. It’s a cat-and-mouse game so you should never rest easy, because they are always figuring out the next approach to commit fraud, steal or launder money. All the technological advances are not only available to fraud fighters, but fraudsters as well. The stakes have never been higher, so it’s important we do all we can to be on the watch for the next fraud trend or scam.
Can you share a story about how our team solved a challenging risk issue and how it highlights the importance of this role?
With our business model facilitating instant boarding of merchants to accept payments, it was only natural for fraudsters to try to take advantage of this through some of our partners who provide frictionless and free sign-up experiences. This drove fraud in our portfolio and caused material fraud losses to WePay. However, we invested heavily in innovations, such as advanced machine learning models and contextual data sources, to identify and stop these fraudsters upfront. This has resulted in a huge reduction of our fraud losses in the last couple of years.
What are the things that one of our customers – a platform – can do to minimize risk to their platform?
While it’s important for software platforms to provide frictionless access to services for their users, platforms also should take their responsibility to protect their users seriously. For example, making sure user credentials are not compromised, and preventing account take-overs (ATO) are very important to ensure the integrity of the platform and maintaining the trust of users. This could mean introducing thoughtful friction points to account access, when necessary, without impacting vast majority of account logins. The goal would be to arrive at the right trade-off between ensuring platform integrity and keeping user friction minimal.
What’s the next stage in risk? The upcoming challenges we will face in the next few years?
The payments industry has always been synonymous with two things, uneven access to fledgling entrepreneurs and constant attempts by fraudsters to take advantage. With advances such as deep learning and increased competition in the space, it’s only a matter of time before payment processors not only provide frictionless access to anyone who wants payments acceptance, but at an acceptable cost by also keeping fraud downto levels that allow both payments providers and their customers to thrive.