The Payments Experts Podcast

Stopping Deepfake Fraud: Identity at the Exact Moment Money Moves | How Payments Fight Back | PEP088

Expert Payments Attorneys of Global Legal Law Firm Episode 88

Share episode

Stopping Deepfake Fraud: Identity at the Exact Moment Money Moves

A familiar voice on Zoom. A “known” face on video. A routine request that moves millions. Today’s most dangerous attacks look like business as usual—until the funds are gone. With guest Peter Segerstrom (Traceless) and host Christopher Dryden, Esq., The Payments Experts Podcast tears into how AI has supercharged social engineering—and what payments teams can do about it right now. 

Why this matters to payments & fintech

Fraud has shifted from stealing numbers to stealing people—their voice, face, and work patterns. Help desks, payment ops, treasury approvals, and VIP inboxes are the new perimeter. If you move money, change bank details, or provision access, your identity workflow is your risk model.

What we cover (built for operators)
• AI-enabled impersonation: Voice/video spoofs that pass a quick “does it sound like them?” test—and how to break the illusion in seconds
• The help desk as your identity perimeter: Password resets, SSO unlocks, and privileged access handoffs that attackers abuse first
• Ephemeral data, not permanent secrets: Why short-lived artifacts and least-retained data shrink both breach blast radius and audit pain
• Payments risk beyond PCI: Real controls where losses happen—supplier changes, wire approvals, card-on-file changes, and refund pivots
• POS/IoT exposure: The quiet attack surface growing with each new device and integration
• Wire-fraud playbooks: Out-of-band verification that actually works when time is tight
• Audit, insurance, and exit readiness: Controls that lower loss and premiums, and survive technical diligence

Field patterns you’ll recognize
• Friday-afternoon wires after weeks of mailbox surveillance
• “Urgent” VIP resets that turn into lateral movement and payout edits
• Deepfake calls that pressure teams to skip second-factor checks
• Vendor banking changes greenlit on trust instead of verification

The 12-control checklist (deploy this quarter)

1. Two-channel verification on money moves: Approver must touch a second, pre-registered channel before any bank-detail change or high-value transfer
2. Reset hardening at the help desk: No single-factor resets; require device signals + OTP + recent-activity challenge
3. Short-lived secrets: Replace static screenshots and passwords-in-tickets with ephemeral artifacts that expire after use
4. Privileged session guardrails: Time-boxed elevation and approvals logged to an immutable trail
5. Vendor change surgeries: Treat IBAN/routing edits like production releases (staging → review → two-person control → deploy)
6. Location/device reputation checks: Deny or step-up when posture is off (new device, TOR/VPN, geo anomalies)
7. Tiered approvals by risk: Amount, corridor, and beneficiary novelty drive extra checks automatically


**Matters discussed are all opinions and do not constitute legal advice.  All events or likeness to real people and events is a coincidence.**

If you're playing to win, you hire Global.

We track markets, influence outcomes, and put the best people in the room.
We know the players. We know the playbook. We execute.
We don’t make noise. We move the needle.

Clients don’t come to us for effort. They come for outcomes.
For leverage, access, intelligence, and clarity when everything’s on the line.

Global isn’t the alternative. It’s the advantage.

Visit Global Legal Law Firm today: https://www.globallegallawfirm.com/

A payments podcast of Global Legal Law Firm

SPEAKER_03:

We do a lot of podcasts and we track the podcasts that are really well viewed. We had a friend of mine on here and his name's Anthony Molatesta. He works for a company called Wellesley Hills Financial. They're a broker in our space. Not just in our space, but they do transactions. But on the business side. That's like one of the most well-watched of our podcasts because it applies to anybody who's in business. Yes. Right? Like anyone. And I think this applies to anybody who's in business because we're in the technology age. It just is what it is. I mean, uh, you know, I not that I would have dealt with it the same way, but Ted Kaczynski kind of saw what was going on longer before we all did it. You're gonna get right, dude. You're gonna get your channel banned. We're gonna get demonetized, I'm gonna have to cut that out. No, no, I mean, I mean, I'm not saying I agree with the guy. I'm just saying that, you know, I mean, if you've ever read it, he seemed to have kind of a beat on where things were going. And I will say, like, we're in the technology age now. Like, yes, it it, you know, again, I'll give a shout out to Alan Kopelman again. He's in the sales. He's uh I said it last week. If you're in our business and you're not selling software, you're dead.

SPEAKER_00:

Welcome to the Payments Experts Podcast. A podcast of Global Legal Law Firm. We hope you enjoyed this episode.

SPEAKER_03:

It's very interesting. Like Michael, I don't know if you tell us Michael Burry yesterday did a huge bet against the I mean I thought it was great. Yeah, I did like he's on it's kind of bubble. But yeah, I I find it because I you know, you're on the front end of having kids. I'm somewhat on the back end of it, because I I've got a lot in my house and yeah, from 13 to 22. Yeah, amazing. And really with the 13 and 14 year old, it's front and center. And so when I went to back to school night, I was at my daughter's uh math class, and you know, he says, Look, I can tell when the kids are using AI, it's simple math. He says they're great during the during the coursework. He's all we get to the test, they're they're crappy. Yeah, so he's like, I know that they're using it at some point at that, you know.

SPEAKER_01:

That's I mean, and that's that's that's traditional education doing what it's supposed to do.

SPEAKER_03:

I yeah, I agree, I agree. But at the same time, like, you know, most people see it as it's like very, very early, like you say the internet. Yeah, I agree. Uh uh, same thing. I mean, we're I'm a little older than you. He and I are about the same age. Yeah, when the internet came, you know, it was more of this entertainment value, right? And I feel like AI will be that way to a large degree. Yeah, already to a large degree, right? Yeah, dude. The stuff that amazes me about the AI that I've seen is the optics. The the stuff that they've done with pictures and video, and it's fascinating, like what they're able to do. It's scary, yeah, but it's also fascinating.

SPEAKER_01:

Okay, so if if you if you guys don't mind, I mean that that actually is like a perfect segue into like my like what's going on. Oh, yeah, no, no, yeah, yeah, tell us. So so the um, you know, so you have this continuum of like on one hand you have the 17-year-old making the prank call. On the other hand, you have a nation state that has like a secret about Dropbox and they're not going to tell anyone, and therefore none of your information on Dropbox is potentially safe at all, right? Yeah. That theoretically, right? There's this always gonna be this unknown. So the tricky part about the 17-year-old making the prank call is that with AI, now you can sound like anyone. Now you can look like anyone. There was an instance where there was a um a UK construction firm that had an employee in Hong Kong, and he wired$25 million to I think like the wrong bank account because he was on a Zoom call with four people, and they spoofed all four people that were on the Zoom call. They they just faked the entire thing. Wow. And they and they they talked this guy into wiring$25 million. Like I'm just seeing Y2K and people like hold up in places. Yeah, exactly. Yeah, yeah. And so, so, you know, so that's essentially like where so Gene called me in 2019 and it was like it was right before the pandemic, and he said, you know, we had been we had been working on a couple different projects, and he said, Hey, I have this, I think I actually have a security vulnerability for my MSP, for my company. Um, and I was hoping that you could, you know, like maybe we could workshop something. And he said, So there's two problems that I have. One is I don't know, I don't really have a good way, just right out of the box, of making sure I know who I'm talking to when someone calls into my help desk, right? He has the the whole point of an MSP, the whole point of an IT provider is you sit by the phone and you, you know, you wait for one of your like a company that is your client, one of their employees to call in and say, Hey, I have this problem. Like my computer's- Firefighter. Yeah, exactly. You're a firefighter. And so that was one problem. And the other problem was um, you know, most of the time, this is for past resets, people call in all the time and say, I can't get into the systems that I'm that I need to use to do my job. It's extremely frustrating for, I mean, this is what this is why the IT crowd was like such a popular show, is because there's so much emotion and empathy tied up with like people just simply trying to do their job and kind of shitting on IT for giving me for give my French.

SPEAKER_03:

Oh no, no, this is wide open. You can say anything you want on here.

SPEAKER_01:

But um, you know, and so so, but you know, but that that challenge is like so that person is essentially the a level one support tech who's all who's ready to pick up the phone. They're emotionally like set to be yelled at. They're kind of like like they have that expectation, right? So that's one problem. Person calls in, they can't get they can't get into whatever business tool they're trying to use, even their email, whatever it is. They ask for a password reset. You don't know who you don't know who they are, and you also don't have a mechanism to send them their password really rapidly securely. He was doing it like there were about a bunch of MSPs are still doing it where you just send it over email. You just reset their password and then you send them the new password over email. Right. And so this is the question. What happens if you're if your email is blown, or what happens if like they don't have two factor on their email, right? So this we zoomed out and we were like, okay, this is actually like a bigger question because the internet is redundant all the way down to the protocol level, right? Like if you look at the HTTP protocol, if you send you send packets and you're like, okay, cool, I'm just gonna I'm just trying to load Instagram, and if one errors out, it'll just resend it, right? So there's redundancy from that point all the way up to, you know, if you have a Gmail account and you're sending an email to someone, and you know, if if I send you from my personal Gmail account, if I send you an email, Chris, we don't know how many places that exists on the internet. Like it could that could exist in a hundred data centers, a thousand hard drives, maybe more than that. It's not it's not unreasonable to to to say like it it exists everywhere. Wow. And so the question is is there a class of data where we shouldn't do that? And the answer is yes. Oh, of course, right? So that's so so that so essentially the foundation of traceless is we we think that the zeitgeist of ephemeral data, that's what we call it, is is here. And so there are you know mechanisms where you're sending a contract to a client and there's and there's an extremely sensitive bit of information in that contract. You're you're exchanging evidence or you're exchanging diligence, you're exchanging, you're doing discovery. Yeah, right. You're passing information back and forth with the client. Like, yes, that can live in encrypted email. That's why we live open data rooms, you know.

SPEAKER_03:

I mean, that's yeah, where we can exchange information.

SPEAKER_01:

Exactly. But then, but then you have to make sure that data room goes away. Yeah, of course.

SPEAKER_03:

Of course, yeah, in a reasonable amount of time, yeah. Exactly. Yeah.

SPEAKER_01:

So and so that's exactly the the the sort of the the philosophy and the and the the inspiration behind Trace.

SPEAKER_03:

Oh, I'll actually show my age a little bit here. I I go back to uh Will Farrell on Saturday Night Live. Lockbox. I don't know if there is a lot episode, but if you haven't seen that episode, just do Will Farrell Lockbox and watch. That's right.

SPEAKER_01:

Yeah, I mean, yeah, he's he's it's a box. That's it. That's it. That's I mean, that's I mean, 99% of the time that's all you need to do, right? Yeah. So yeah, so basically, so what Traceless is is um we, you know, we essentially create it's an AI platform, which is complicated, and I can get into that later if we want to, but basically it's a toolkit for businesses to send and receive sense information, leaving nothing at rest, and to on-demand send verify uh uh identity verifications. So specifically to present prevent the AI problem and to prevent the 17-year-old, right?

SPEAKER_03:

So I think that's really good. So, how much do you know about our world? I mean, I know you've kind of engaged in it here and there, yeah, but how much do you know about kind of excuse me, about um payments and the the people that are operating within it and the data that's associated with it?

SPEAKER_01:

Honestly, not as much as I should. Yeah. Um but it's just but it is a fascinating, variegated world, right? It's like it's it's some of it's really old, yeah. Some of it's newer.

SPEAKER_03:

Yeah.

SPEAKER_01:

It's and it's it's complex. And I mean, it there's there's some really interesting facets in it.

SPEAKER_03:

Well, there's a ton of applicability to what traceless does that would come into this world, right? And and for us, that's our audience, right? And I don't think people are really like they think data security and they're thinking stuff like PCI compliance. Encryption. Yeah. And and so for us, I don't necessarily always believe that. I mean, I believe that the stuff that you're talking about, having an audit of somebody's business, seeing where there are vulnerabilities, knowing how to shore those up. I I, you know, I haven't seen a data breach up close and firsthand, but they're happening all the time. Yes. Yeah, you know, I mean, I I I get the emails. I don't know how much the people that are operating in our space might be targets for that, but I do believe that people understanding their vulnerabilities are super important. Yes. Because at some point it may happen. And a lot of the guys that we deal with, they've actually started small, ended up big, and the footprint changes. And so and so maybe their responsibility changes, but they're not thinking about this.

SPEAKER_01:

Absolutely. Yeah. I think I mean the in the payments space and the processing space, in some ways, you guys are doing great because it is in older industry. PCI has been around forever. Yeah. Right. And so the expectation that everything that you're doing is getting passed back and forth um in a way that is encrypted. I mean, in the in the way that hopefully the entire internet is encrypted, but most of some of it's not, some of it is. Um, that's all sort of like that's been put to bed, right? There is there is like the macro level risk that quantum computers show up and all of a sudden everything that is encrypted that's been passed through the internet over the last 20 years is legible, right? But again, that's not really that's not that big a deal. Um the the strategies for fraud detection in the processing space have gotten really sophisticated. And and so I think there's a lot of there's a lot of really good stuff happening, and there's a lot of really basic stuff that can continue to happen. You know, like we like we said, it's just like you if you want uh if you want to prevent the 17-year-old from you know calling calling in and and taking over someone's identity, you all you have to do is like send them a six-digit pin code or like send a push notification to his device using like Okta or Microsoft Authenticator, something like that, right? So um across the board, I think there are always like really basic things. The the the common refrain that happens in every audit that I do is there are gonna be one or two things where I'm just like, this is so basic. You guys can you guys can patch this in five minutes and you are gonna sleep better at night. And until you do, this is like this is a legitimate liability, you know? Um but it's it's getting it is interesting because uh AI is going to uh AI is absolutely gonna be just such a uh crazy boost for the scammers for for you know people trying to scam in sort of any environment. And in the payments processing space, I think that's gonna be that could get weird, uh I guess. Um the but the but you know, to give us an example of weird.

SPEAKER_03:

Well, and I know it's hypothetical to a large degree, but like what do you see as like probable?

SPEAKER_01:

I mean, um they're just they're just gonna get progressively more sophisticated. There are instances where, you know, like we've done a couple instances where we've looked at point of sale systems, right? Um some of these point of sale systems that I've looked at have been hand-rolled, right? They're using Android, they're you or they're using uh um a Raspberry Pi system, that kind of thing. That is really simple. Obviously, we're talking about a something totally local, you know, it's a it's a mom and pop restaurant, they got these boxes, but you know, they're they're on the network. Um, there could be something set up there there's a possibility of uh a threat actor gaining a persistent foothold and essentially like listening to all of their internal internal traffic. So one risk at the one risk as more things come online and are maybe maybe like you know tied into the internet is that I mean there was a there was an instance where I think it was like in the Netherlands, like they had to shut down uh or they had to basically take a bunch of their buses offline. I mean they were Chinese-made buses, but they were phoning home. They were able to they were able to just say, like, they just bought they bought buses, and there was like a chip somewhere in the bus that was just like flying all the data back. Wow. Really sending it back to the mainland. Yep, yep. And so the the concern is that as things get more sophisticated, uh payment processor that's grown up, that gotten bigger, they have more you know, you talk about attack surface, right? They have more surface area that they need to cover. Um, one of those things is you know, if if they are using uh complex IT infrastructure, if they have a lot of if they have a lot of boxes close by, there is the likelihood that something's listening. And the the you know, this this the sort of if you you have to always think about like the actual value of the hack versus the risk taken versus like the work, right?

SPEAKER_03:

Well, dude, this it's crazy you're talking about this. I went to the goose concert in Vegas at the beginning of October. And we're hanging out. It was like this like festival like in the desert. It was actually pretty cool. It was called the Rise Festival, and they do all these paper lanterns, and there's like tens of thousands going on at the same time. It was incredible. Like I thought it was gonna be kind of gay, but it was actually super cool. And it was and visually it was really unbelievable. Yeah, yeah. But we're hanging out because be you know, it was an EDM thing, and then like Goose and John Mayer played. So I was like, okay, I'm down, but the EDM stuff, whatever. So it was kind of a ways away. I'm a raver. You're hurting my feelings. No, no, no. Well, we went and saw Spafford the other night, dude. If you haven't listened to Spafford, dude, the the we'll talk about that. It's crazy. I'll check it out. I'll check it out. I'm at the Goose show and I meet these guys, and they had come up from Phoenix. One dude was from Kansas City, another dude lived in Annapolis, right? And these guys are like everyday dudes. I would have never thought anything about him. And I'm like, well, what do you guys do? And they're like, we build skiffs. And I was like, really? And he's like, So you work for the government? He's all it's not just government building skiffs. And he's like, I said, Really? He says, Yeah, and then we started talking. He says, Well, yeah, you know, rebar? The Chinese have figured out how to use rebar as an antenna. No, so oh no, dude, like I they start telling me these stories, no kidding, about all the different things about you know, facilities where they're building these skiffs because of stuff that's happened, yes, where they figured out in the infrastructure itself how to do some sort of corporate. Let's say it was it was gnarly. And so, and and I said, if we and if they know, if the Chinese know, we obviously know, like I'm sitting there wondering about all the infrastructure that we've built over time that we've taken for granted that now is being used as a tool. 100%. And and when you're sitting here talking about like game theory and mapping stuff out and how to actually how to be on the defense and and build something defensible, which is what these guys did, which made me think of it. How much have we built already that's now being used against us potentially? Right. Like that's that's the thought that came to my mind.

SPEAKER_01:

That is that's an ongoing question. Yeah, that's an ongoing question. But so to answer to finally answer your question, you know, the the risk for a payment processor that's gotten big is like you want to watch out for the identity takeover stuff that is gonna lead to like massive financial exfiltration, right? There was uh, I mean, there was another instance in, I think it was 2021 where there was a New York bank where it was the same thing. Um, the it was a it was you know classic wire fraud, but you know, it it gets progress when when you have a persistent foothold, it gets progressively more sophisticated. There was a bank where they they unfortunately had um you know an IT guy who didn't necessarily know his stuff and they had they ran an email, an exchange server, like you know, on-prem. And it was they they had an old email server, the server, like you know, sitting there wired up to directly to the internet, sitting in their office, and quietly at a certain point it got owned. Somebody got in. And so they're able to sit there and read unencrypted emails between the the uh CFO and the CEO for six months, and they don't do the thing, they just sit there. And then at a certain point, they say, okay, we've we understand the the communication style between these two individuals enough. They sent a perfectly crafted email from the CFO or sorry, from the CEO to the CFO on like you know 3 45 p.m. on a Friday afternoon and said, Hey, we're opening up a new account, you need to wire like you know,$160 million to this like this account at Singapore. Just flat in the bank. They're gone. They're done. Wow. It's over.

SPEAKER_03:

Like it's you're done, right? And it's something so simple, right? I mean, that's yeah, yeah, that's I mean, the conversation Peter were having when we came on was about I was talking about cyber insurance for us, right? And you know, and then that conversation kind of led into the interplay between almost like chicken and the egg, a little bit of like, do you go get a cybersecurity company to audit you and then you go get insurance? Do you work in conjunction with insurance? Do you get insured and the insurance guy is asking, like, hey, you guys should probably go do this. I can lower your premiums. Yes. But you know, I mean, it's I I and I hadn't even thought about that as maybe like an opportunity.

SPEAKER_01:

Yeah, I mean, there's a there is a really virtuous cycle there. It's also you have to kind of watch out because, like, you know, both of those can be kind of predatory.

SPEAKER_03:

Yeah, no, not to be like collusive in in a way that's you know, but but to actually like work in synergy with one another. Exactly.

SPEAKER_01:

You know, I mean, I think that coming out of that, if you have um, you know, if you have an auditor that is like, they know their stuff, they're gonna, you know, they're gonna do a good job, you're you're gonna at least have more clarity on like what your attack surface is and cyber insurance if it's cheap. Like I said, it never hurts. It never really hurts.

SPEAKER_03:

Is there a profile of customer that is in your pocket? Like, like you know, when we talk about music, me and Jeremy, like when somebody's really in it, they're in the pocket. Like, you know, is there somebody that like is a is the right profile that needs you? Like really needs you, like they're either at the the life cycle of their uh of their evolution process as a corporation, or like you know, what is there some profile of a company that really is is somebody that needs like even if they don't necessarily think they need you, it would be advantageous either because they're like a year from exit or they're yeah, two years from exit or whatever it is, right? Or they just the they've got something else that's happening. Like, what does that look like? Like, where do you guys focus?

SPEAKER_01:

I mean, I think um for you know, so we don't really advertise the due diligence, like the technical due diligence stuff.

SPEAKER_03:

No, but I'm just talking about somebody that like when you look at them, they need your service.

SPEAKER_01:

Yeah, yeah, yeah. But I was I was just saying in terms of like the in terms of the platform, what we um the majority of our customers are our SaaS customers are MSPs. Um we we're we're moving into mid-market. We have some really much larger customers now um that are, you know, uh that they need us partially because of their headcount. So on on that side of things, what does that look like?

SPEAKER_03:

Like is there a certain number?

SPEAKER_01:

Yeah, like if you're north of 500 employees, if you're north of a thousand employees, then 100% you're gonna like you should expect that a part of your IT spend is essentially making sure that you have good cybersecurity cyber cybersecurity tools, right? But to your point, more specifically about due diligence stuff. Um, if you're if you're a year out from an exit, I think it's a good idea to just make sure to keep your nose clean. This happens in the traditional startup space. We think about this stuff all the time. It's like if you want to get acquired, you you're building your own data room. You're set up, you're set up so to say, like, okay, this here's our here's our books, here's like, you know, here's our last five audits. Um, this is how we do X, Y, and Z. And you want to essentially make sure that you just answer the questions of the company that's gonna come in and say, okay, we want to buy you, what does this look like? Right? Um, if you don't have this stuff together and you're making you know, north of two or five a year, then you should definitely think about it. Um and all, you know, it it doesn't hurt. I mean, the reason those are gross revenue numbers? Yeah, yeah, yeah. All right. Yeah. I mean, I think, yeah, like it really it depends on also what industry you're in, right? Because you can have a you can have a really big company that's a construction company, and they're like, okay, I have a bunch of tractors and I move dirt, and then I pour concrete, and you're like, okay, dude, you're I mean, like, obviously, we don't want you you know, you one thing that I will tell you, which is which hopefully some of your your uh your viewers will appreciate, is like from a strategic level, if you if you grow a business to a certain size, have a working capital bank account and have the other bank account. Get like obviously use a corporate savings account that is firewalled away, totally isolated, and like very few people have keys to that, yeah, to that, to that, to that money. Because I'm at I I was out at a bar with my friend the other night. Um, he was uh it was his birthday, and he's good friends with a um, I can't remember which one it is, but the guy that started um oh no, the guy that started Who Gives a Crap. I don't know that, but it's a it's a bamboo toilet paper company. They went, they went, they're it's it's literally called Who Gives a Crap. This guy's lovely, he's a wonderful human being. And and they went, you know, he started it, I think, as, you know, as he started it for environmental reasons. Like he was just like, look, we should just we should make sure we use sustainable toilet paper. Um, and he uh, you know, they started, I think, in 2018 or 2019, the pandemic hit and they just went through the roof. They had like, it was like in that year, they did like 1200% growth. Oh, uh yeah, I can only imagine. Everybody's at home. Yeah, the pandemic. And also, you know, like the sort of like, you know, the the empty shells for your factor thing or whatever. Yeah, for sure. And we're we're sitting there and we and we have this, he's like, Oh, you're at cybersecurity now. He's like, What what do you recommend for my company? I was like, Well, dude, you guys sell toilet paper, so you're fine, but also just make sure that you firewall like the majority of your capital if you guys are making good money away from like your working bank account. Yeah, and he goes, he goes, Okay. There are people there are people that run right, there are people that run really good businesses and they don't do basic stuff. Oh, no, no, look, man.

SPEAKER_03:

There, look, I have a okay, so I'll teach you something about lawyers. I have a lot of people in my organization that I think are better attorneys than I am. They know nothing about business. They know nothing about the business of what they do. Yes. They're good lawyers. Yeah. But when it comes to the business side, it's like, oh, and I can't be bothered with that, right? Like, you know. So I get you when you're talking about people that are really good at it's like we everyone's focusing on one thing. Yeah, we represent ISOs and they sell payment processing, right? Yeah. And then I've watched ISOs over time try to infuse other products and services into their sales channel. Yeah, yeah. Absolute debacle. Just completely. They're like, oh no, it's the same. We can do it. No, no, no. It's a totally different thing. Yeah. Yeah. Yeah.

SPEAKER_01:

So it's kind of crazy. So, but you know, so uh the the uh the toilet paper slash construction analogy, it's just like, you know, you can run a really big construction company, and as long as you do a couple simple things, you don't need to worry about it, it doesn't matter. However, but if but if you're in payment processing, if you have if you're in a serve, if you're in a financial services space, and let's just say you have you're a payment processor, maybe you're also a gateway, maybe you're doing a couple other things and you're seeing some synergy about how to like work these things together. Absolutely like have someone else come in and like just try to zoom out and say, okay, these are the vulnerabilities between your different products, these are the vulnerabilities between how your system could be loot like uh leveraged adversarially, right? Huge. I mean, it's like I think that that's it doesn't cost that much. I mean, I'm not I'm not trying to advertise for us, but we're definitely less than McKinsey, and and uh you can get you can definitely benefit from that.

SPEAKER_03:

Yeah, for sure. And I think that you know it's funny, we do a lot of podcasts and we track the podcasts that are really well viewed. We had a friend of mine on here, and his name's Anthony Malatesta. He works for a company called Wellesley Hills Financial. They're a broker in our space, not just in our space, but they do transactions, but on the business side. That's like one of the most well-watched of our podcasts because it applies to anybody who's in business. Yes, right, like anyone, and I think this applies to anybody who's in business because we're in the technology age, it just is what it is. I mean, uh, you know, I not that I would have dealt with it the same way, but Ted Kaczynski kind of saw what was going on longer before we all did. You're gonna get you're gonna get your channel banned. We're gonna get demonetized, I'm gonna have to cut that out. No, no, I mean, I mean, I'm not saying I agree with the guy. I'm just saying that, you know, I mean, if you've ever read it, he seemed to have kind of a beat on where things were going. And I will say, like, we're in the technology age now. Like, yes, it it, you know, again, I'll give a shout-out to Alan Kopelman again. He's in the sales. He's uh I said it last week. If you're in our business and you're not selling software, you're dead. And yeah, and I think that what you do, and now that I've seen it from a broader context versus the isolated vision of what I could see based on what you did, it's it's necessary for everybody. I mean, it is. I mean, I think that you get to a certain footprint and it's really needed. But overall, like this is a consideration that every business owner should be having.

SPEAKER_01:

That was, I mean, when Jane called me and we talked, we we talked about the the you know, sort of the problems that he was having, and he was just like, What do you think? You know, can we fix this? And I said, and that's what I told him. I said, this isn't a you problem, this is an everybody problem. Yeah, for sure. This is I mean, the the nature of the internet, the nature of remote first work, the nature of like, you know, having a lot of you know, having a uh group of employees that are you know not co-located, they're like 19 different places.

SPEAKER_03:

Yeah, especially with remote work, right? I mean, like that's I I could see that being even more problematic. Like what you were saying about AI with the video and and being able to emulate voice and and and picture, yeah. Yeah, I mean, that could be a real problem.

SPEAKER_01:

I mean Sam Altman went just went in front of the Fed. And and there are so many, um, so many companies across Wall Street that still authorize like large financial transactions through voice AI. Or excuse me, through through uh voice identification, right? So they just you know, blah, blah, blah. Did you guys see uh, you know, uh um sneakers? My voice is my passport.

SPEAKER_03:

You mean the old Robert Redford movie? Oh yeah, I love that one. I love that movie. Yeah, yeah.

SPEAKER_01:

So so you know, he you know, he uh Werner Brandez gets into his office that way. My voice is my passport. That's done. Yeah, it's gone. Yeah, it's just done. And Sam Altman went in front of the feds.

SPEAKER_03:

Is it the iRetina now? Is that how we're doing it? I mean Is BIOS the way?

SPEAKER_01:

Biometric is very good. We have a biometric solution. Um I think it I think really what you're gonna want is you know, three, four, five factor, like, you know, five points of authentic uh authentication. And what happens is it gets smoother, right? It's just like if you guys are here and you're working and you're, you know, you want to like verify something that's that's sensitive, it's just like, yeah, are they regionally there? Does their GPS say they're there? Does their IP is their IP the same? You know, is there a biometric factor? You glue all those things together and like you're you're much, much tighter than than you would be before.

SPEAKER_03:

Well, it's funny you say that because I'll send an email to my bank with something, and then they'll call me. And the lady that calls me knows me. Yeah. So I think that that goes a long way. But now with what you're talking about, I I'm interested to see what they'll do. This is a smaller business bank. Yeah. Like by the way, you're in Southern California. If you need a good bank, I got a great one for you. Yeah. Yeah, they're great. Yep. They're an unbelievable bank. But it's it's interesting the way that they've always operated, and now I'm seeing just things that I've done.

SPEAKER_01:

I mean, so here's kind of a we've already we've we've always come from a place of trust. It's like we've been we've used language, we've written things down for thousands and thousands of years, and only really in the last couple decades where we're like, oh, this really doesn't work anymore in terms of trust.

SPEAKER_03:

Yeah, for sure, for sure. Hypothetically, um where do you see? I mean, I I again like things that I have seen that I was just talking about with the bank of how they've operated, where do you see like the biggest change coming? Um if you could identify one, like because this is the way that I look at it. In payment processing, the one thing that I've watched people routinely try to build is, and now that we've gone e-commerce crazy after COVID and mobile, right? Yeah, how do you reduce fraud on the front end to and what you said about you know doing geolocation and you know, like ISP and tracking things? How do you do something that's not prohibitive? But is going to create more security around transactions. Like, do you see something that we're not seeing yet as consumers that might be coming?

SPEAKER_01:

I think, you know, I mean, that's that's this is the thing, is that it's all you have that continuum, you have the 17-year-old, you have the nation state, and it's just like if someone wants to do something and they try hard enough, it's very likely they're gonna be able to do it in terms of an actual breach or a hack. But in terms of day-to-day transactions, I think a lot of the solutions that we have in place are really good. The irony, the irony is that like, you know, AI takes it takes the limelight right now. Uh, it's a it is a radical, it's gonna be disruption in a lot of different ways. It's incredible. It is a brand new technology, everyone's excited about it. But the irony is like, you know, uh the you know, in a rolling OTP code, right? Like a six-digit code, like you know, Google Authenticator, like rolled out maybe a decade ago, maybe more than that. That is that is rock solid as a security measure. Like statistically, the likelihood of you picking a number of like between one and a million in 30 seconds, and you're you know, you're you're sending it to someone and they're expecting you to get it right on the first time, that's very, very hard to do. In the in World War II, you know, we came up with essentially uh um one-time pages. That was like that was where this all started, right? There was the Germans had Enigma, there's incredibly sophisticated encryption, but like there were all these different strategies. One-time pages were essentially you randomly like assign a number to each letter and you use that for that one page, and then the next page you have a completely different set of encryption. Works extremely well. So it's really just about application, it's just about the discipline of organizations simply saying, We have this process, maybe it's automated, like maybe look we'll wire in a couple APIs, we have an API, just you know, cook it in place, and then from there things are gonna get way, way smoother. The the the the scams are gonna continue to get more sophisticated. The human element is often gonna be the the the vulnerability.

SPEAKER_03:

Yeah, I agree with you on that one. Yeah, yeah, I see that too. Yeah. So look, well, before we go there, is there anything that we haven't talked about that you wanted to talk about while we're on here?

SPEAKER_01:

No, this has been this has been lovely and amazing. I mean, I think that yeah, the main thing, um, I mean, I know you your audience is in a in a very specific, you know, sort of area of um, you know, fintech and sort of the internet in general.

SPEAKER_03:

Yeah, but they're entrepreneurial. Like I talked to a guy yesterday that we do a lot of work for. He's probably a couple years out from selling. I'm like, what are you gonna do when you sell? And he's like, do it all over. Yeah, exactly. Yeah, it's like, yeah, are you serious? Like, yeah, because he's gonna exit for a significant amount of money. Yeah. And I'm looking at him like, really? He's like, dude, I just can't sit still. And I was like, Yeah, all right, no worries. But there are people that watch this that will be interested in contacting you. How do they get a hold of you?

SPEAKER_01:

For sure. Um, you can just go to tracks.com. Our you know, our front page is really about um securing communications infrastructure for specifically for help desks for companies that have um have an internal sort of like, you know, like hotline or they have a helpline where people call in. That is that is where our tool shines. Um, but we do a lot of consulting and um, you know, they can they can find me through that or they can find me on LinkedIn. And, you know, I think that um the main thing is, you know, just just to what we just talked about, like there what we try to do is we try to offer like a relatively reasonable price tool that is very simple, that will in real time secure your business. And so if you've you know, if you're if you're if you're operating a business and you sort of feel like you're not able to, if you're if you're over driving your headlights to use the car analogy, yeah, if you feel like there's like darkness out there that you're gonna potentially hit, give us a call.

SPEAKER_03:

Well, it's funny you say that like just randomly. Um, one of the vulnerabilities I continually see is people calling in, acting like somebody else, changing the bank account information for where the uh funds get settled from a merchant account. Yep. And then by the time anybody figures it out, they don't even know where it went. Yeah.

SPEAKER_01:

And, you know, trying to track that down once the like you know, so it's these are things that like just to give you, yeah, just to give you an example of implementation, we we're working with one of the larger uh telecoms in Canada, and they uh they feel between I think like something between like 10 and uh 10 to 15,000 phone calls a month. And so they're they're they're actually turning on an AI service that will use our system to verify the end user. So it's just like if you can if you can automate two-factor anywhere you have a human, you know, uh getting into a situation where they're interacting with the bank or any of your services.

SPEAKER_03:

Yeah, I just think consulting, like consulting on this type of stuff to implement very simple processes and very simple technology as a safeguard. Like, I there's so many things that I see that happen that are avoidable. Absolutely. I mean, Jeremy, I'll tell you, I preach, like, dude, we just that that problem was avoidable. All the time. Yeah, you know, why like why why didn't we figure that one out on the front end, right? Like exactly, you know, and so I think that what you do provides great service and value to really plugging holes where you unnecessarily are vulnerable.

SPEAKER_01:

I I appreciate you saying that. I mean, I think you know, we're it's it's very easy to drink your own Kool-Aid. We try, you know, we try not to be to go crazy about this, but it's like, you know, we use our own products, we integrate with Slack and Teams, Duo, uh, Okta, Microsoft Authenticator, um, all the different sorts of like, you know, your CRMs, we're gonna integrate with HubSpot pretty quick. We integrate with Salesforce, uh, we integrate with Zendesk, you know. So anywhere there's a spot where people are calling in and you can just say, here, like, let me just send you a quick, you know, two-factor out-of-band push that says, okay, no, no I know who I'm talking to. And now that person can't change again.

SPEAKER_03:

I look, I see so much human error that happens that's avoidable. Like it's so I think that's great.

SPEAKER_00:

You got anything you want to ask, Peter, while we got him here? Uh yeah, I thought it was a great conversation, Peter. And and I think one thing I'd like to talk about maybe on another podcast in the future is what you talked about running your business remotely. Oh, yeah, for sure. I think that'd be a fascinating topic and would apply to a generally business-centric audience, which we have.

SPEAKER_01:

Yeah, absolutely. Absolutely. That's a that is a I mean, that is one of the pain points that we have that we're that's not going to go away, right?

SPEAKER_03:

So yeah, well, look, we this is great. Thank you for coming on. Thank you guys. This has been a joy. Yeah, man. So we have Peter Segerstrom from uh Tracelist and also a fellow UCSD alumnus, but there's not many of us.

SPEAKER_00:

Thank you for listening to this episode of the Payments Experts Podcast, a podcast of global legal law firm. Visit us online today at global legalawfirm.com. Matters discussed are all opinions that do not constitute legal advice. All events are likeness to real people, and events is a coincidence.