Can I get a merchant account while on the MATCH list?

Yes, you can still obtain a merchant account through high-risk processors or offshore providers that specialize in MATCH-listed businesses.

How long does a MATCH listing last?

MATCH listings typically last 5 years unless you successfully appeal through your previous acquiring bank.

How do I get removed from the MATCH list early?

Early removal requires identifying the MATCH reason code, correcting the violation, and appealing to your former acquiring bank with legal documentation.

What is MATCH reason code 04?

MATCH Code 04 indicates merchant fraud. It is considered one of the hardest codes to remove and typically requires legal defense.

Do I need an attorney to get off the MATCH list?

Yes, an attorney can help negotiate with acquiring banks, build your legal case, and represent you in appeals involving serious accusations like fraud or laundering.

PEP Episode 088 — Stopping Deepfake Fraud: Identity at the Exact Moment Money Moves | How Payments Fight Back

January 2, 2026

Stopping Deepfake Fraud: Identity at the Exact Moment Money Moves

A familiar voice on Zoom. A “known” face on video. A routine request that moves millions. Today’s most dangerous attacks look like business as usual—until the funds are gone. With guest Peter Segerstrom (Traceless) and host Christopher Dryden, Esq., The Payments Experts Podcast tears into how AI has supercharged social engineering—and what payments teams can do about it right now.

Why this matters to payments & fintech

Fraud has shifted from stealing numbers to stealing people—their voice, face, and work patterns. Help desks, payment ops, treasury approvals, and VIP inboxes are the new perimeter. If you move money, change bank details, or provision access, your identity workflow is your risk model.

What we cover (built for operators)

• AI-enabled impersonation: Voice/video spoofs that pass a quick “does it sound like them?” test—and how to break the illusion in seconds
• The help desk as your identity perimeter: Password resets, SSO unlocks, and privileged access handoffs that attackers abuse first
• Ephemeral data, not permanent secrets: Why short-lived artifacts and least-retained data shrink both breach blast radius and audit pain
• Payments risk beyond PCI: Real controls where losses happen—supplier changes, wire approvals, card-on-file changes, and refund pivots
• POS/IoT exposure: The quiet attack surface growing with each new device and integration
• Wire-fraud playbooks: Out-of-band verification that actually works when time is tight
• Audit, insurance, and exit readiness: Controls that lower loss and premiums, and survive technical diligence

Field patterns you’ll recognize

• Friday-afternoon wires after weeks of mailbox surveillance
• “Urgent” VIP resets that turn into lateral movement and payout edits
• Deepfake calls that pressure teams to skip second-factor checks
• Vendor banking changes greenlit on trust instead of verification

The 12-control checklist (deploy this quarter)

1. Two-channel verification on money moves: Approver must touch a second, pre-registered channel before any bank-detail change or high-value transfer
2. Reset hardening at the help desk: No single-factor resets; require device signals + OTP + recent-activity challenge
3. Short-lived secrets: Replace static screenshots and passwords-in-tickets with ephemeral artifacts that expire after use
4. Privileged session guardrails: Time-boxed elevation and approvals logged to an immutable trail
5. Vendor change surgeries: Treat IBAN/routing edits like production releases (staging → review → two-person control → deploy)
6. Location/device reputation checks: Deny or step-up when posture is off (new device, TOR/VPN, geo anomalies)
7. Tiered approvals by risk: Amount, corridor, and beneficiary novelty drive extra checks automatically
8. POS/IoT segmentation: No flat networks; isolate devices, push updates, and monitor laterals
9. CRM/ticketing hooks: Embed identity challenges directly in the tools teams already use (no swivel-chairing)
10. Automated 2FA for call centers: IVR + OTP + account-specific knowledge before any sensitive action
11. Evidence kits for disputes/insurance: Bank-change logs, step-up auth events, device IDs, call recordings, and approval artifacts
12. Tabletop monthly: Rehearse the top two fraud scenarios with legal, ops, and finance; patch the slow steps immediately

Who should watch/listen

Acquirers, PayFacs, ISOs, PSPs, marketplaces, vertical SaaS, treasury, payment ops, and support leaders who own identity, wires, bank edits, refunds, and card-on-file changes.
Bottom line

Even as AI raises the ceiling for scammers, disciplined identity at the moment of action makes them fail when it counts. Treat bank-detail changes and high-value approvals like surgery. Keep secrets short-lived. Put layered verification where your teams already work. Then sleep better.
If this sparks an idea, share it with the colleague who handles wires or help-desk resets—and tell us which control you’re implementing first.

*Matters discussed are all opinions and do not constitute legal advice. All events or likeness to real people and events is a coincidence.*

If you’re playing to win, you hire Global.

We track markets, influence outcomes, and put the best people in the room.
We know the players. We know the playbook. We execute.
We don’t make noise. We move the needle.

Clients don’t come to us for effort. They come for outcomes.
For leverage, access, intelligence, and clarity when everything’s on the line.

Global isn’t the alternative. It’s the advantage.

Transcript

Christopher Dryden (00:00):

We do a lot of podcasts and we track the podcasts that are really well viewed. We had a friend of mine on here, and his name’s Anthony moa. He works for a company called Wellesley Hills Financial. They’re a broker in our space, not just in our space, but they do transactions. But on the business side, that’s one of the most well watched of our podcast because it applies to anybody who’s in business, anyone. And I think this applies to anybody who’s in business because we’re in the technology age. It just is what it is. I mean, not that I would’ve dealt with it the same way, but Ted Kozinski kind of saw what was going on a lot longer before we all did.

Peter Segerstrom (00:44):

You’re going to get your channel banned demonetized. I’m going to have to cut that out. No, no. I’m not

Christopher Dryden (00:50):

Saying I agree with the guy. I’m just saying that if you’ve ever read it, he seemed to have kind of a beat on where things were going.

Peter Segerstrom (00:58):

Completely.

Christopher Dryden (00:58):

Completely. And I will say we’re in the technology age now. Again, I’ll give a shout out to Allen Kopelman again. He’s in the sales. I said it last week. If you’re in our business and you’re not selling software, you’re dead.

Jeremy Stock (01:14):

Welcome to the Payments Experts podcast, a podcast of global legal law firm. We hope you enjoy this episode.

Christopher Dryden (01:28):

It’s very interesting, Michael. I don’t know if you saw this, Michael Burry yesterday did a huge bet against ai. Oh yeah. I mean, which I thought was great. Did he really? Oh yeah, dude, it’s kind a bubble, but I find it on the front end of having kids. I’m somewhat on the back end of it. I’ve got a lot in my house, and from 13 to 22,

Peter Segerstrom (01:51):

Amazing.

Christopher Dryden (01:51):

And really with the 13 and 14-year-old, it’s front and center. And so when I went to back to school night, I was at my daughter’s math class and he says, look, I can tell when the kids are using ai. It’s simple math. He says they’re great. During the coursework. He said, we get to the test, they’re crappy. So he’s like, I know that they’re using it at some point at that. That’s traditional education, doing what it’s supposed to do. Yeah, I agree. I agree. But at the same time, most people see it as it’s very early. You say the internet. I agree. Same thing. I mean, I’m a little older than you. He and I are about the same age. When the internet came, it was more of this entertainment value, and I feel like AI will be that way

Peter Segerstrom (02:39):

Already

Christopher Dryden (02:39):

To a large degree. The stuff that amazes me about the AI that I’ve seen is the optics, the stuff that they’ve done with pictures and video, and it’s fascinating what they’re able, it’s scary, but it’s also fascinating.

Peter Segerstrom (02:51):

Okay, so if you guys don’t mind, that actually is a perfect segue into my what stuff.

Christopher Dryden (02:57):

Yeah, tell us.

Peter Segerstrom (03:00):

So you have this continuum of, on one hand you have the 17-year-old making the prank call. On the other hand, you have a nation state that has a secret about Dropbox and they’re not going to tell anyone, and therefore none of your information on Dropbox is potentially safe at all. Right?

Christopher Dryden (03:12):

Yeah.

Peter Segerstrom (03:12):

That theoretically, right? There’s this always going to be this unknown. So the tricky part about the 17-year-old making the prank call is that with ai, now you can sound like anyone. Now you can look like anyone. There was an instance where there was a UK construction firm that had an employee in Hong Kong, and he wired 25 million to I think the wrong bank account because he was on a Zoom call with four people, and they spoofed all four people that were on the Zoom call. They just faked the entire thing, and they talked this guy into wiring $25 million. I’m just seeing Y 2K and people hold up in places at this point.

Christopher Dryden (3:52):

I’m just seeing Y 2K and people hold up in places at this point.

Peter Segerstrom (03:55):

Yeah. Wow. Yeah, so that’s essentially where, so Gene called me in 2019 and it was right before the pandemic, and he said, we had been working on a couple of different projects, and he said, Hey, I think I actually have this security vulnerability for my MSP for my company, and I was hoping that you could, maybe we could workshop something. And he said, so there’s two problems that I have. One is I don’t really have a good way just right out of the box of making sure I know who I’m talking to. When someone calls into my help desk, he has the whole point of an MSP. The whole point of an IT provider is you sit by the phone and you wait for one of your, A company that is your client, one of their employees to call in and say, Hey, I have this problem. My computer’s

Christopher Dryden (04:42):

Firefighter.

Peter Segerstrom (04:43):

Yeah, exactly. You’re a firefighter. And so that was one problem. And the other problem was most of the time, this is for past recess, people call in all the time and say, I can’t get into the systems that I need to use to do my job. It’s extremely frustrating for, I mean, this is why the IT crowd was such a popular show is because there’s so much emotion and empathy tied up with people just simply trying to do their job and shitting on IT. Forgive my French.

Christopher Dryden (05:09):

Oh, no, no, this is wide open. You can say anything going on here.

Peter Segerstrom (05:14):

But that challenge is so that person is essentially a level one support tech who’s ready to pick up the phone. They’re emotionally set to be yelled at. They’re kind of, they have that expectation. So that’s one problem a person calls in, they can’t get into whatever business tool they’re trying to use, even their email, whatever it is, they ask for a password reset. You don’t who they are, and you also don’t have a mechanism to send them their password really rapidly, securely. He was doing it. There were a bunch of MSPs still doing it where you just send it over email, you just reset their password, and then you send ’em the new password over email. And so this is the question, what happens if your email is blown or what happens if they don’t have two factor their email?

Peter Segerstrom (06:00):

We zoomed out and we were like, okay, this is actually a bigger question because the internet is redundant all the way down to the protocol level. If you look at the HTTP protocol, if you send packets and you’re like, okay, cool, I’m just trying to look at Instagram, and if one errors out, it’ll just resend it. So there’s redundancy from that point all the way up to if you have a Gmail account and you’re sending an email to someone, and if I send you from my personal Gmail account, if I send you an email, Chris, we don’t know how many places that exists on the internet that

Christopher Dryden (06:32):

Pings off of

Peter Segerstrom (06:33):

That could exist in a hundred data centers, a thousand hard drives, maybe more than that. It’s not unreasonable to say it exists everywhere. And so the question is, is there a class of data where we shouldn’t do that? And the answer is yes, of course. So that essentially the foundation of traceless is we think that the zeitgeist of ephemeral data, that’s what we call it, is here. And so there are mechanisms where you’re sending a contract to a client and there’s an extremely sensitive bit of information in that contract. You, you’re exchanging evidence or you’re exchanging diligence, you’re exchanging, you’re doing discovery, you’re passing information back and forth with the client. Yes. That can live in encrypted email.

Christopher Dryden (07:21):

That’s why we live open data rooms. I mean, exactly. Yeah. Where we can exchange information.

Peter Segerstrom (07:25):

Exactly. But then you have to make sure that data room goes away. Of course, of course.

Christopher Dryden (07:30):

In a reasonable amount of time. Yeah,

Peter Segerstrom (07:31):

Exactly. And so that’s exactly the philosophy and the inspiration behind Tracy.

Christopher Dryden (07:37):

I’ll actually show my age a little bit here. I go back to Will Ferrell on Saturday Night Live lock box. I dunno, you guys, if you haven’t seen that episode, just do Will Ferrell lockbox and watch.

Peter Segerstrom (07:52):

It’s great. Yeah,

Christopher Dryden (07:53):

It’s a box with a lock.

Peter Segerstrom (07:56):

That’s it. That’s it. I mean, 99% of the time, that’s all you need to do, right? Yeah. So basically what traceless is, we essentially create, it’s an AI platform, which is complicated and I can get into that later if we want to. But basically it’s a toolkit for businesses to send and receive sensitive information, leaving nothing at rest and to on-demand, send identity verifications. So specifically to prevent the AI problem and to prevent the 17 year olds. So

Christopher Dryden (08:28):

I think that’s really good. So how much do you know about our world? I mean, I know you’ve kind of engaged in it here and there.

Christopher Dryden (08:35):

But how much do you know about payments and the people that are operating within it and the data that’s associated with it?

Peter Segerstrom (08:45):

Honestly, not as much as I should, but it is a fascinating variated world. Some of it’s really old, some of it’s newer and it’s complex. And I mean, there’s some really interesting facets to it.

Christopher Dryden (08:58):

Well, there’s a ton of applicability to what Traceless does that would come into this world, and for us, that’s our audience. And I don’t think people are really, they think data security and they’re thinking stuff like PCI compliance

Peter Segerstrom (09:12):

Encryption.

Christopher Dryden (09:13):

Yeah. And so for us, I don’t necessarily always believe that. I mean, I believe that the stuff that you are talking about, having an audit of somebody’s business, seeing where there are vulnerabilities, knowing how to shore those up, I haven’t seen a data breach up close and firsthand, but they’re happening all the time. Yeah, I mean, I get the emails. I don’t know how much the people that are operating in our space might be targets for that, but I do believe that people understanding their vulnerabilities are super important because at some point it may happen, and a lot of the guys that we deal with, they’ve actually started small, ended up big, and the footprint changes completely. And so maybe their responsibility changes, but they’re not thinking about this completely

Peter Segerstrom (10:00):

In the payments space and the processing space. In some ways, you guys are doing great because it is an older industry. PCI has been around forever,

Peter Segerstrom (10:10):

And so the expectation that everything that you’re doing is getting passed back and forth in a way that is encrypted in the way that hopefully the entire internet is encrypted, but some of it’s not, some of it is. That’s all sort of that’s been put to bed, right? There is the macro level risk that quantum computers show up and all of a sudden everything that is encrypted that’s been passed through the internet over the last 20 years is legible. But again, that’s not that big a deal. The strategies for fraud detection in the processing space have gotten really sophisticated. And so I think there’s a lot of really good stuff happening and there’s a lot of really basic stuff that can continue to happen. Like we said, it’s just like if you want to prevent the 17-year-old from calling in and taking it for someone’s identity, all you have to do is send them a six digit pin code or send a push notification to his device using Okta or Microsoft Authenticate or something like that.

Peter Segerstrom (11:09):

So across the board, I think there are always really basic things. The common refrain that happens in every audit that I do is there are going to be one or two things where I’m just like, this is so basic. You guys can patch this in five minutes and you are going to sleep better at night. And until you do, this is a legitimate liability. But it is interesting cause AI is going to, AI is absolutely going to be just such a crazy boost for the scammers for people trying to scam in any environment and in the payments processing space. I think that could get weird, I guess. But to

Christopher Dryden (11:55):

Give us an example of weird, well, and I know it’s hypothetical to a large degree, but what do you see as probable?

Peter Segerstrom (12:04):

I mean, they’re just going to get progressively more sophisticated. There are instances where we’ve done a couple instances where we’ve looked at point of sale systems. Some of these point of sale systems that I’ve looked at have been hand rolled. They’re using Android or they’re using a raspberry pie system, that kind of thing. That is really simple. Obviously we’re talking about something totally local. It’s a mom and pop restaurant. They’ve got these boxes, but they’re on the network. There could be something set up. There’s a possibility of a threat actor gaining a persistent foothold and essentially listening to all of their internal traffic. So one risk as more things come online and are maybe tied into the internet is that, I mean, there was an instance where I think it was in the Netherlands, they had to shut down or they had to basically take a bunch of their buses offline. So Chinese made buses, but they were phoning home. They were able to just say, look, they bought buses and there was a chip somewhere in the bus that was just flying all the data back,

Christopher Dryden (13:15):

Really

Peter Segerstrom (13:15):

Sending it back to the mainland. And so the concern is that as things get more sophisticated payment pro that’s grown up, they’ve gotten bigger, they have more, you talk about attack surface, they have more surface area that they need to cover. One of those things is if they are using complex IT infrastructure, if they have a lot of boxes close by, there is the likelihood that something’s listening and the sort, you have to always think about the actual value of the hack versus the risk taken versus the work. Right.

Christopher Dryden (13:52):

Well, dude, it is crazy. You’re talking about this. I went to the GOOSE concert in Vegas at the beginning of October and we’re hanging out. It was like this festival in the desert. It was actually pretty cool. It was called the Rise Festival. And they do all these paper lanterns and there’s tens of thousands going at the same time. It was incredible. I thought it was going to be kind of game, but it was actually super cool and visually it was really unbelievable,

Christopher Dryden (14:17):

But we’re hanging out. It was an EDM thing, and then Goose and John Mayer played. So I was like, okay, I’m down. But the EDM stuff, whatever. It was kind of a ways away. I’m a raver. You’re hurting my feeling. No, no, no. Well, we went and Sawford the other night, dude. Absolutely. If you haven’t listened to Spa, dude, it’s basically an EDM show. I’ll check it out with instruments, but I’m at the Goose Show and I meet these guys and they had come up from Phoenix. One dude was from Kansas City, another dude lived in Annapolis, and these guys are like everyday dudes. I never thought anything about him. And I’m like, well, what do you guys do? And they’re like, we build skiffs.

Christopher Dryden (14:56):

And I was like, really? And he’s like, so you work for the government? He said, it’s not just government building skiffs. And I said, really? He says, yeah. And then we started talking. He says, well, rebar, the Chinese have figured out how to use rebar as an antenna.

Peter Segerstrom (15:12):

No,

Christopher Dryden (15:14):

No, dude, they start telling me these stories, no kidding. About all the different things about facilities where they’re building these skiffs because of stuff that’s happened where they figured out in the infrastructure itself how to do some sort of core convert.

Peter Segerstrom (15:34):

That’s totally Wild.

Christopher Dryden (15:35):

And I said, and if the Chinese know, we obviously know,

Peter Segerstrom (15:39):

But

Christopher Dryden (15:39):

I’m sitting there wondering about all the infrastructure that we’ve built over time that we’ve taken for granted then now is being used as a tool.

Peter Segerstrom (15:46):

Hundred percent.

Christopher Dryden (15:47):

And when you’re sitting here talking about game theory and mapping stuff out and actually how to be on the defense and build something defensible, which is what these guys did, which is made me think of it. How much have we built already that’s now being used against us potentially, right? That’s the thought that came to my mind.

Peter Segerstrom (16:06):

That’s an ongoing question. That’s an ongoing question. So to finally answer your question, the risk for a payment processor that’s gotten big is you want to watch out for the identity takeover stuff that is going to lead to massive financial exfiltration. There was another instance in, I think it was 2021, where there was a New York bank where it was the same thing. It was classic wire fraud, but it gets progress when you have a persistent foothold. It gets progressively more sophisticated. There was a bank where they unfortunately had an IT guy who didn’t necessarily know his stuff, and they ran an email, an exchange server, and they had an old email server, a server sitting there wired up directly to the internet sitting in their office and quietly at a certain point it got owned, somebody got in. And so they’re able to sit there and read unencrypted emails between the CFO and the CEO for six months, and they don’t do a thing. They just sit there. And then at a certain point they say, okay, we understand the communication style between these two individuals enough. They sent a perfectly crafted email, from the CEO to the CFO on 3:45 PM on a Friday afternoon and said, Hey, we’re opening up a new account. You need to wire 160 million to this account in Singapore, just flatten the bank. They’re gone. They’re done.

Jeremy Stock (17:35):

Wow.

Peter Segerstrom (17:35):

It’s over. You’re done.

Christopher Dryden (17:38):

Right? It is something so simple. I mean, the conversation Peter were having when we came on was about, I was talking about cyber insurance for us, right? Yes. And then that conversation led into the interplay between almost like chicken and the egg, a little bit of, do you go get a cybersecurity company to audit you and then you go get insurance? Do you work in conjunction with insurance? Do you get insured? And the insurance guy asking, Hey, you guys should probably go do this. I can lower your premiums. And I hadn’t even thought about that as maybe an opportunity.

Peter Segerstrom (18:13):

Yeah, I mean, there is a really virtuous cycle there. It’s also you have to kind of watch out because both of those can be kind of predatory. Yeah.

Christopher Dryden (18:19):

No, not to be collusive in a way, but to actually work in synergy with one

Peter Segerstrom (18:26):

Another. Exactly. I mean, I think that coming out of that, if you have an auditor that is like they know their stuff, they’re going to do a good job, you’re going to at least have more clarity on what your attack surface is. And cyber insurance, if it’s cheap, like I said, it never hurts. It never really hurts.

Christopher Dryden (18:45):

Is there a profile of customer that is in your pocket when we talk about music, me and Jeremy, when somebody’s really in it, they’re in the pocket. Is there somebody that is the right profile that needs you, really needs you? They’re either at the life cycle of their evolution process as a corporation, or is there some profile of a company that really is somebody that needs, even if they don’t necessarily think they need you, it would be advantageous either like a year from exit or they’re two years from exit or whatever it is, or they’ve got something else that’s happening. What does that look like? Where do you guys focus?

Peter Segerstrom (19:35):

I mean, think for, so we don’t really advertise the due diligence, the technical due diligence stuff.

Christopher Dryden (19:40):

No, but I’m just talking about somebody that when you look at them, they need your service.

Peter Segerstrom (19:44):

Yeah, yeah. But I was just saying in terms of the platform, the majority of our customers are SaaS customers are MSPs. We are moving into mid-market. We have some really much larger customers now that they need us partially because of their headcount. So on that side of things,

Christopher Dryden (20:05):

What does that look like? Is there a certain number

Peter Segerstrom (20:08):

If you’re north of 500 employees, if you’re north of a thousand employees, then 100%. You should expect that a part of your IT spend is essentially making sure that you have good cybersecurity tools. But to your point, more specifically about due diligence stuff, if you’re a year out from an exit, I think it’s a good idea to just make sure to keep your nose clean. This happens in the traditional startup space. We think about this stuff all the time. It’s like if you want to get acquired, you are building your own data room. You’re set up to say, okay, here’s our books. Here’s our last five audits. This is how we do X, Y, and Z. And you want to essentially make sure that you just answer the questions of the company that’s going to come in and say, okay, we want to buy you. What does this look like? If you don’t have the stuff together and you’re making north of two or five a year, then you should definitely think about it. It doesn’t hurt.

Christopher Dryden (21:04):

Those are gross revenue numbers.

Peter Segerstrom (21:05):

Yeah. Yeah. Alright. I think it depends on also what industry you’re in. You can have a really big company that’s a construction company and they’re like, okay, I have a bunch of tractors and I move dirt and then I pour concrete. And you’re like, okay, dude. I mean, obviously we don’t want, one thing that I will tell you, which hopefully some of your viewers will appreciate is from a strategic level, if you grow a business to a certain size, have a working capital bank account and have the other bank account, obviously use a corporate savings account that is firewalled away, totally isolated, and very few people have keys to that money. I was out at a bar with my friend the other night, it was his birthday, and he’s good friends with, I can’t remember which one it is, but the guy that started, oh no, the guy that started, who gives a crap?

Christopher Dryden (22:04):

I don’t know that, but

Peter Segerstrom (22:05):

It’s a bamboo toilet paper company. It’s literally called Who Gives a Crap? This guy’s lovely. He’s a wonderful human being. And he started it, I think as he started it for environmental reasons. He was just like, look, we should make sure we use sustainable toilet paper. They started, I think in 2018 or 2019, the pandemic hit and they just went through the roof. It was in that year they did like 1200% growth.

Christopher Dryden (22:37):

Oh, yeah. I could only imagine

Peter Segerstrom (22:40):

Because of everybody’s at home, the pandemic and also the empty shells fear factor thing or whatever. For sure. And we’re sitting there and we have this, he’s like, oh, you’re in cybersecurity. He’s like, well, what do you recommend for my company? I was like, well, dude, you guys sell toilet paper, so you’re fine. But also just make sure that you firewall the majority of your capital if you guys are making good money away from your working bank account. And he goes, okay, there are people that run. There are people that run. There are people that run really good businesses and they don’t do basic stuff like that.

Christopher Dryden (23:17):

Oh, no. Look, man, look. Okay, so I’ll teach you something about lawyers. I have a lot of people in my organization that I think are better attorneys than I am. They know nothing about business. They know nothing about the business of what they do. They’re good lawyers. But when it comes to the business side, it’s like I can’t be bothered with that. So I get you when you’re talking about people that are really good at everyone’s focusing on one thing. Yeah. We represent ISOs and they sell payment processing, right?

Peter Segerstrom (23:46):

Yes.

Christopher Dryden (23:47):

And then I’ve watched ISOs over time try to infuse other products and services into their sales channel. Absolute debacle, just bombs.

Peter Segerstrom (23:55):

Totally. Just

Christopher Dryden (23:56):

Completely like, oh, no, it’s the same. We can do it. No, no, no. It’s a totally different thing. It’s kind of crazy.

Peter Segerstrom (24:02):

So the toilet paper slash construction analogy, it’s just like you can run a really big construction company, and as long as you do a couple simple things, you don’t need to worry about it. It doesn’t matter, however. But if payment processing, if you’re in a financial services space, and let’s just say you’re a payment processor, maybe you’re also a gateway, maybe you’re doing a couple other things and you’re seeing some synergy about how to work these things together, absolutely. Have someone else come in and just try to zoom out and say, okay, these are the vulnerabilities between your different products. These are the vulnerabilities between how your system could be leveraged. Right. Huge. I think that it doesn’t cost that much. I’m not trying to advertise for us, but we’re definitely less than McKinsey, and you can definitely benefit from that

Christopher Dryden (24:54):

For sure. And I think that it’s funny, we do a lot of podcasts and we track the podcasts that are really well viewed. We had a friend of mine on here, and his name’s Anthony esa. He works for a company called Wellesley Hills Financial. They’re a broker in our space, not just in our space, but they do transactions. But on the business side, that’s one of the most well watched of our podcast because it applies to anybody who’s in business, anyone. And I think this applies to anybody who’s in business because we’re in the technology age. It just is what it is. I mean, not that I would’ve dealt with it the same way, but Ted Kozinski kind of saw what was going on a lot longer before we all did.

Peter Segerstrom (25:42):

You’re going to get your channel banned demonetized. I’m going to have to cut that out. No, no. I mean,

Christopher Dryden (25:47):

I’m not saying I agree with the guy. I’m just saying that if you’ve ever read it, he seemed to have kind of a beat on where things were going.

Peter Segerstrom (25:55):

Completely.

Christopher Dryden (25:55):

And I will say we’re in the technology age now. Again, I’ll give a shout out to Allen Kopelman again, he’s in the sales. I said it last week, if you’re in our business and you’re not selling software, you’re dead. And I think that what you do, and now that I’ve seen it from a broader context versus the isolated vision of what I could see based on what you did, it’s necessary for everybody. I mean it, I think that you get to a certain footprint and it’s really needed. But overall, this is a consideration that every business owner should be having.

Peter Segerstrom (26:33):

That was, I mean, when Jane called me and we talked about the problems that he was having, and he was just like, what do you think? Can we fix this? And I said, and that’s what I told him. I said, this isn’t a you problem. This isn’t everybody problem.

Christopher Dryden (26:45):

Yeah, for sure.

Peter Segerstrom (26:46):

I mean, the nature of the internet, the nature of remote first work, the nature of a lot of having a group of employees that are not like 19 different places,

Christopher Dryden (26:59):

Especially with remote work, right? I mean, I could see that being even more problematic, what you were saying about AI with the video and being able to emulate voice and picture. Yeah. I mean, that could be a real problem.

Peter Segerstrom (27:11):

I mean, Sam Altman just went in front of the Fed, and there are so many companies across Wall Street that still authorize large financial transactions through voice ai, or excuse me, through voice identification. So they just blah, blah, blah. Did you guys see sneakers? My voice is my passport.

Peter Segerstrom (27:32):

Verify Me

Christopher Dryden (27:33):

You mean the old Robert Redford movie? Oh yeah. Love. I love that movie.

Peter Segerstrom (27:38):

So Werner Brandes gets into his office that way. My voice is my passport. That’s done.

Christopher Dryden (27:44):

Yeah, it’s gone. Yeah, totally.

Peter Segerstrom (27:45):

It’s done. And Sam Altman went in front of the fence.

Christopher Dryden (27:47):

Is it the eye retina now? Is that how we’re doing it?

Christopher Dryden (27:50):

Is Bios the way

Peter Segerstrom (27:51):

Biometric? Biometric is very good. We have a biometric solution. I think really what you’re going to want is 3, 4, 5 factor five points of authentication. And what happens is it gets smoother, right? It’s just like if you guys are here and you’re working and you want to verify something that’s sensitive, it’s just like, yeah, are they regionally there? Does their GPS say they’re there? Is their IP the same? Is there a biometric factor? You glue those things together and you’re much, much tighter than you would be before.

Christopher Dryden (28:23):

Well, it’s funny you say that because send an email to my bank with something and then they’ll call me and the lady that calls me knows me.

Jeremy Stock (28:30):

Yup

Christopher Dryden (28:31):

Think that that goes a long way. But now with what you’re talking about, I’m interested to see what they’ll do. This is a smaller business bank, by the way. You’re in Southern California. If you need a good bank, I got a great one for you. Talk about off they are. They’re great. They’re an unbelievable bank. But it’s interesting the way that they’ve always operated. And now I’m seeing just things that I’ve done. I, so here’s, kind of a

Peter Segerstrom (28:55):

We’ve always come from a place of trust. It’s like we’ve used language, we’ve written things down for thousands and thousands of years and only really in the last couple decades where we’re like, oh, this really doesn’t work anymore in terms of trust.

Christopher Dryden (29:12):

Yeah, for sure. For sure. Hypothetically, where do you see, I mean, again, things that I have seen that I was just talking about with the bank of how they’ve operated, where do you see the biggest change coming, if you could identify one, because this is the way that I look at it in payment processing. The one thing that I’ve watched people routinely try to build is, and now that we’ve gone e-commerce crazy after COVID and mobile, how do you reduce fraud on the front end to, and what you said about doing geolocation and like ISP and tracking things. How do you do something that’s not prohibitive but is going to create more security around transactions? Do you see something that we are not seeing yet as consumers that might be coming?

Peter Segerstrom (30:10):

I think this is the thing is that it’s all, you have that continuum. You have the 17-year-old, you have the nation state, and it’s just like if someone wants to do something and they try hard enough, it’s very likely they’re going to be able to do it in terms of an actual breach or a hack. But in terms of day-to-day transactions, I think a lot of the solutions that we have in place are really good. The irony is that AI takes the limelight right now. It is a radical, it’s going to be a disruption in a lot of different ways. It’s incredible. It is a brand new technology. Everyone’s excited about it. But the irony is a rolling OTP code, like a six digit code like Google Authenticator rolled out maybe a decade ago, maybe more than that,

Peter Segerstrom (30:55):

That is rock solid as a security measure. Statistically, the likelihood of you picking a number between one and a million in 30 seconds and you’re sending it to someone and they’re expecting you to get it right on the first time, that’s very, very hard to do. In World War ii, we came up with essentially one-time pages. That was where this all started. The Germans had enigma. There’s incredibly sophisticated encryption, but there were all these different strategies. One time pages where essentially you randomly assign a number to each letter and you use that for that one page, and then the next page you have a completely different set of encryption works extremely well. So it’s really just about application. It’s just about the discipline of organizations simply saying, we have this process. Maybe it’s automated. Maybe we will wire in a couple of APIs. We have an a p, I just cook it in place. And then from there, things are going to get way smoother. The scams are going to continue to get more sophisticated. The human element is often going to be the vulnerability.

Christopher Dryden (32:01):

Yeah, I agree with you on that one. I see that too. Look, well, before we go there, is there anything that we haven’t talked about that you wanted to talk about while we’re on here?

Peter Segerstrom (32:12):

No, this has been lovely and amazing. I mean, I think that the main thing, I mean, I know your audience is in a very specific area of FinTech and the internet in general,

Christopher Dryden (32:27):

But they’re entrepreneurial. I talked to a guy yesterday that we do a lot of work for. He is probably a couple of years out from selling. I’m like, what are you going to do when you sell? And he’s like, start the company. Do it all over. Yeah, exactly. I was like, are you serious? Because he’s going to exit for a significant amount of money. And I’m looking at him really? He’s like, dude, I just can’t sit still. And I was like, alright, no worries. But there are people that watch this that will be interested in contacting you. How do they get ahold of you?

Peter Segerstrom (32:55):

For sure. You can just go to traceless.com. Our front page is really about securing communications infrastructure specifically for help desks, for companies that have an internal hotline or they have a helpline where people call in. That is where our tool shines. But we do a lot of consulting and they can find me through that or they can find me on LinkedIn. And I think that the main thing is just to what we just talked about, what we try to do is we try to offer a relatively reasonable price tool that is very simple that will in real time secure your business. And so if you’re operating a business and you sort of feel like you’re not able to, if you’re overdr your headlights to use the car analogy, if you feel like there’s darkness out there that you’re going to potentially hit, give us a call.

Christopher Dryden (33:51):

Well, it’s funny you say that just randomly, one of the vulnerabilities I continually see is people calling in acting like somebody else, changing the bank account information for where the funds get settled from a merchant account, and then by the time anybody figures it out, they don’t even know where it went. And trying to track that down once. These are things that,

Peter Segerstrom (34:18):

Just to give you an example of implementation, we are working with one of the larger telecoms in Canada, and they feel between, I think something between 10 to 15,000 phone calls a month. And so they’re actually turning on an AI service that will use our system to verify the end user. So it’s just like if you can automate two-factor anywhere you have a human getting into a situation where they’re interacting with a bank or any of your services,

Christopher Dryden (34:51):

I just think consulting on this type of stuff to implement very simple processes and very simple technology as a safeguard. There are so many things that I see that happen that are avoidable. Absolutely. I mean, Jeremy tell you, I preach, dude, that problem was avoidable all the time. Why didn’t we figure that one out on the front end? Right, exactly. And so I think that what you do provides great service and value to really plugging holes where you unnecessarily are vulnerable.

Peter Segerstrom (35:26):

I appreciate you saying that. I think it’s very easy to drink your own. We try not to go crazy about this, but it’s like we use our own products. We integrate with Slack and Teams, duo Okta, Microsoft Authenticator, all of the different, your CRMs. We’re going to integrate with HubSpot pretty quick. We integrate with Salesforce, we integrate with Zendesk. So anywhere there’s a spot where people are calling in and you can just say, here, lemme just send you a quick two factor out of band push that says, okay, now I know who I’m talking to. And now that person can’t choose.

Christopher Dryden (36:00):

Look, I see so much human error that happens. It’s avoidable. I think that’s great. You got anything you want to ask Peter while we got him here?

Jeremy Stock (36:09):

I thought it was a great conversation, Peter. And one thing I’d like to talk about, maybe on another podcast in the future is what you talked about running your business remotely.

Peter Segerstrom (36:19):

Oh yeah, for sure.

Jeremy Stock (36:20):

I think that’d be a fascinating topic and would apply to a generally business centric audience, which we have.

Peter Segerstrom (36:26):

Yeah, absolutely. Absolutely. I mean, that is one of the pain points that we have. That’s not going to go away, right?

Christopher Dryden (36:32):

Yeah. Well, look, this is great. Thank you for coming on.

Peter Segerstrom (36:34):

Appreciate it. Thank you guys both, this has been enjoyable.

Christopher Dryden (36:35):

Yeah, man. So we have Peter Segerstrom from Traceless and also a fellow UCSD alumnus. There’s not many of us.

Jeremy Stock (36:45):

Thank you for listening to this episode of the Payments Experts Podcast. A podcast, a global legal law firm. Visit us online today at global legal law firm.com. Matters discussed are all opinions and do not constitute legal advice. All events or likeness to real people and events is a coincidence.