[00:00:00] Rob Aragao: Welcome everyone to another episode of Reimagining Cyber. Stan and Rob here. So, Stan, who do we have joining us
[00:00:06] Stan Wisseman: Rob, our guest today is Dorota Wrobel, Chief R& D Officer for G2A, the world's largest digital marketplace for digital products such as video games and software. And she's been a driving force and technology development at the organization from day one and as well as been involved with cybersecurity and what they have to do to help secure their consumers as well as the product side of the house as well.
[00:00:31] Dorota , I have to admit, I spilled the beans to my son, who is a big gamer, that I was interviewing the head of R& D for G2A, and he was like, really? Wow, that is so cool! You know, so it is, it is one of those things where I'm not, I'm not really into video games. I was when I was young, but no longer, and he is seriously into all types, and he knows all about your company, and The marketplace and he uses it.
[00:00:59] And [00:01:00] so that's one episode I'm going to listen to.
[00:01:05] Dorota Wrobel: I'm happy to hear that, you know, but it is actually, um, really popular story, you know, in the payment ecosystem, many people, you know, they didn't heard about that. And then they are asking kids or, you know, siblings, and then they discover that within that group, it's actually well known brands.
[00:01:29] Rob Aragao: Dorota, whereabouts are you calling from?
[00:01:31] Dorota Wrobel: Right now in Poland, but I'm living like half in Poland and half in Italy of half year. Wow. Nice. I have got a project that my, my daughter should, should speak Italian as well.
[00:01:46] Stan Wisseman: Where are you living in
[00:01:47] Dorota Wrobel: Italy? Um, close to Rome in the, in the place called Ostia.
[00:01:52] Oh, actually, you know, the whole gateway is working remotely. Uh, so we are in different places. Our marketing, uh, [00:02:00] CMO is in Tenerife, our CEO is in Netherlands. So many people in Hong Kong.
[00:02:09] Stan Wisseman: It doesn't matter, does it?
[00:02:10] Dorota Wrobel: Yeah, you know, cappuccino is, is different everywhere.
[00:02:18] But the work that has been done, it actually, you know, doesn't matter where you are, right?
[00:02:25] Stan Wisseman: And G2A has just grown tremendously, right, over the last decade. I think, did you guys get started in Europe?
[00:02:31] Dorota Wrobel: Uh, yes, we started in Poland. Then we decided to expand into Europe and then we decided to expand everywhere.
[00:02:41] Rob Aragao: So, so one of the things I'd like to jump into with you Dorota is the journey that you've taken, because again, you've been there from the beginning at G2A, um, and just how rapidly things have evolved for your digital marketplace, again, from a global [00:03:00] aspect as well, kind of be precise. On the portions of cyber security and building cyber security.
[00:03:08] And as you were really again, transforming, but also quickly evolving and scaling what you needed to support, obviously, the marketplaces, rapid growth. So maybe you can talk about again, the kind of cyber security elements throughout that journey. That would be helpful for the audience.
[00:03:25] Dorota Wrobel: Sure. So we started in 2010 and G2A was a regular online store with video games only.
[00:03:34] We observed a new trend to move from box distribution into the world of digital. In 2010, almost 70 percent of the market was physical. Nowadays, it's about 5.
[00:03:46] Stan Wisseman: Really? I mean, it's that kind of a difference between when you started and today.
[00:03:52] Dorota Wrobel: Exactly. And we quickly realized that e commerce shop has some I would call them [00:04:00] limitations.
[00:04:01] So that is why we decided to start a two sided market based business model in 2014. And at the beginning, the idea was that everyone can sell digital gaming items on our platform. Later, we changed this approach and decided that only registered businesses can sell, thanks to which we were able to significantly improve customer service.
[00:04:25] Stan Wisseman: Did you do that because you started having some abuses of those that weren't known quantities? Is that why you had to register?
[00:04:34] Dorota Wrobel: Actually, because they were not treating customers as they should. And we, we've got difficulties in having customer service on the level that we wanted to have. And, and today we are a globally recognized brand with more than 200 regional payment methods.
[00:04:53] And I am the type of person who is very curious. So I registered, you know, on all the marketplaces [00:05:00] that existed at that time. From Amazon, which everyone knows to MercadoLibre in various South American countries to Asian sites like Taobao and Reddada. And these experiences, uh, have helped us build a platform for digital items.
[00:05:16] Stan Wisseman: But you, so you, so you just basically look at, let's look at the whole panoply of what everybody else is doing and sort of like, that was your research and trying to figure out, well, what works best and how can we possibly emulate the best. Practices.
[00:05:29] Dorota Wrobel: Exactly. And what would work for the digital items?
[00:05:33] Because those marketplaces, they are doing mostly with the physical stuff. And, uh, we were, you know, trying to find out, uh, what are the perks, uh, for the digital products. And, uh, that's why we became, um, Marketplace only for digital, uh, digital stuff.
[00:05:56] Rob Aragao: What were some then of the cyber kind of security elements that you kind of [00:06:00] came across right through, through that learning, but then what are the things you had to take into consideration and start building in for your side?
[00:06:07] Dorota Wrobel: Yeah. And in particular, I think that, uh, we discovered that the products delivered within minutes can be vulnerable to outside attacks, right? Much more than physical one. And one of the ways for us to increase our security level is working with top security companies on the market like Akamai. Qualis and the jazz.
[00:06:32] For example, we are covering the security of customer journey from the start to an end or covering the protection from chairbacks, uh, with help of jazz, but also technology is helping us a lot. As we are two sided marketplace from the buyer perspective. Um, we are covering, let's say, cyber security by helping those users to you.
[00:06:58] Be much more aware of the [00:07:00] dangerous within, uh, digital environment.
[00:07:04] Rob Aragao: So one of the things, ADA, as you're talking, that I'm trying to kind of connect the dots on is you've discussed from the, um, digital marketplace. You have the buyer and the seller side, right? Exactly. Um, so obviously in any sort of digital marketplace, there's concerns relative to fraud.
[00:07:21] What are some of the things that, that, that you've put in place to help identify first and foremost, uh, potential fraud, right? And then what are the other things that you've been able to actually extend that will help reduce fraud within G2A's environment?
[00:07:38] Dorota Wrobel: So the first step is ensure that offers you can find on the marketplace are safe as possible The most critical ones focusing on vetting the sellers themselves.
[00:07:48] So our seller had to go Um very strict 100 factor encompassing business verification process before they can start selling And even after that They have to [00:08:00] present a proof of purchase of any item they put on, uh, put up for sale and can sell only after it's been verified.
[00:08:09] Stan Wisseman: So you're, you're, so you're going through steps to make sure they're, you know, they're, when they're authorized sellers, your buyers know that you've gone through a big process to make sure that they're trustworthy.
[00:08:20] And then you're looking at the lineage as far as those items that they're selling. To ensure that whatever that item might be is something they can truly sell.
[00:08:30] Dorota Wrobel: Yes, exactly. And as an expert in starting, say, on a various marketplaces, uh, around the world, I think that our process of onboarding sales is really difficult.
[00:08:41] You know, I also often came across criticism, uh, but at the same time, I think that digital items are more demanding in terms of safety because they are instantly delivered. And this is why we do not allow here any compromises. And many marketplaces think about [00:09:00] how to offer, you know, same, same day delivery.
[00:09:03] We don't have that such problem. We have got one minute delivery. And our main concern is how to secure both sides of the transaction. So from one side, how to protect buyers and for the other side, how to protect sellers, because sometimes buyers, they are trying to abuse, they are getting the. product that they wanted, but still they are claiming chargebacks.
[00:09:26] Stan Wisseman: So when you're looking at the impact of regulations to the security aspects of your marketplace, which regulations are relevant and how is that? Shaped your evolution as far as the security controls you're putting in place.
[00:09:42] Dorota Wrobel: We are working with many PSP providers, and that also means making sure that our marketplace standards are up to the security requirements and in order to keep those partnerships apps, we undergo regular audits by them and they auditing representatives like [00:10:00] Deloitte or PwC, which confirm that we are trustworthy and safe and for them to ensure they partnerships with us.
[00:10:08] Uh, of course there is no marketplace in the world that isn't at risk of attempts at fraud. In that RBRG2A has a very good track record with the global marketplace fraud rate, uh, lower than global average compared to the global average of 3. 6 percent. We are a member of many organizations that search and implement new security solutions like the Merchant Risk Council or Cross Border Commerce.
[00:10:37] And we treat AI as the first line of defense in our security infrastructure to help us detect vulnerabilities before they lead to harm. However, I am a big fan of hybrid model. So from one point we are relying on AI technology and, um, solutions, [00:11:00] but I also believe that that human touch is really important because fraudster and people who are, you know, trying to harm others in the digital space, they also have emotions and only humans can, you know, detect that.
[00:11:17] Stan Wisseman:
[00:11:19] Humans might be better at detecting that. So you, you augment your AI, ML kind of driven controls with. Human interaction and, and I guess you also are outsourcing some of those security functions, um, to external providers. Um, to, to help you with the security of your security posture.
[00:11:44] Dorota Wrobel: Yes, but we still have got, uh, a big internal team of, uh, cyber, uh, security specialists, uh, who are monitoring and we really focus on monitoring what is going on with every transaction on marketplace, looking at the [00:12:00] anomalies and trying to find out the behaviors behind, uh, being sure that, you know, um, we are well protected.
[00:12:08] So, uh. Looking for anomalies, it's, it's one thing, but, uh, also, you know, any suspicious activity to help us quickly determine an appropriate course of action is important, uh, because this is also, you know, in line with some trends and in the, in digital business, you need to know also the trends, the industry trends to see what kind of type of products are, you know, trending, what, uh, you leave.
[00:12:39] Adopters are using in terms of new payment methods and so on. So we are trying to be up to date with all those factors.
[00:12:49] Stan Wisseman: So the use cases, Dorota, you're talking about specifically are on the, um, assisting and the detection of an analyst's behavior fraud and, um, being able to [00:13:00] respond faster. Are you applying AI or ML?
[00:13:04] In other areas beyond the, you know, the detection and response side of the house.
[00:13:09] Dorota Wrobel: Yes, we are also using that in terms of a KYC process and we are trying to adapt, let's say, purchase path in order to see where we should. Let's say put users into additional steps in order to be sure that they are not fraudsters, etc.
[00:13:29] Stan Wisseman: So so step up sort of step up authentication in a sense.
[00:13:33] Dorota Wrobel: Yeah, and uh, we have highly trained and committed internal teams. Uh, from the technology department, cyber security and fraud prevention, those three, they have already started implementing some plans to address potential threats. Um, but we believe also, uh, in terms of threats to the local payment methods, with a simple and intuitive payment path, what we see, um, [00:14:00] let's say, that Those payment methods are getting much more popular and big pxpzoom will gain the trust of buyers and in the future will capture the majority of the payment market for one of these transactions.
[00:14:12] And for the returning customers, we are trying to tokenize payment options such as PayPal, Venmo, of course, Google Pay, Apple Pay. This is Silicon.
[00:14:20] Stan Wisseman: So part, so part of the challenge, right? You're, you're, you're providing all these payment options, but you have to make sure each of these options are truly going to be trustworthy.
[00:14:30] For the both sides, both parties and you, right? And that nobody ultimately is, is, um, um, scammed out of, you know, the, the products they're trying to purchase or the money they're, they're, they're due for that digital item, right?
[00:14:44] Dorota Wrobel: Yeah. And, and let's say, uh, uh, last point, I would say that we heavily, uh, invest in, uh, systems to monitor.
[00:14:55] Right. To be like, uh, monitored everywhere in [00:15:00] terms of transactions in on, on every market being sure that we have good data instantly from every market in the world when we process transactions.
[00:15:11] Rob Aragao: Makes sense. Well, Dorota, we appreciate you coming on and sharing kind of digital marketplace aspects of, uh, what we've not covered in the past.
[00:15:18] So the rapid growth you had to go through the global aspects of it, the regulatory pressures, right? The, the fraud elements you've touched upon, what you're doing today and where you're going next with the power of AI from both the good and the bad side of it. We've discussed, so we appreciate you coming on and sharing your story.
[00:15:36] Dorota Wrobel: Thank you very much. It was really nice to talk to you.
[00:15:39] Stan Wisseman: Really appreciate it. Thank you Dorota