June 11, 2025 • 24 mins
Digital commerce security stands at a critical crossroads, with an average of 66 third-party vendors present during the typical e-commerce checkout flow. Each of these represents a potential security vulnerability that could compromise your customers' payment data. Few understand this landscape better than Rui Ribeiro, Co-Founder and CEO of Jscrambler.
Ribeiro's journey began in Portugal with a computer science background that led him through the banking industry before identifying a crucial gap in 2014: client-side security. What started as a broad security mission has evolved into specialized protection for payment processes, with Jscrambler now serving major e-commerce platforms across airlines, retail, and hospitality sectors.
The timing couldn't be more relevant. With the PCI Council's recent release of PCI DSS v4, client-side security has moved from a best practice to a compliance requirement. Companies must now implement strategies that protect cardholder data by securing JavaScript and payment pages while detecting unauthorized access - exactly what Jscrambler specializes in.
"Security should never be a barrier for innovation," Ribeiro emphasizes. His company's approach allows businesses to continue adding frictionless checkout features while ensuring third parties can't access sensitive payment information. This balance becomes increasingly challenging as merchants integrate chatbots, payment calculators, installment options, and other tools that improve customer experience but potentially expand the attack surface.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
Welcome to the Leaders in Payments podcast,
where we talk to C-level leadersfrom across the payments
landscape.
We'll be discussing theproducts and services that
impact the payment space today,as well as trends and
predictions for the future ofpayments.
We will also hear stories fromour guests about their journeys
to the top.
Speaker 2 (00:18):
Hello everyone and welcome to the Leaders in
Payments podcast.
I'm your host, greg Myers, andon today's show we have a very
special guest, rui Ribeiro, theco-founder and CEO of J
Scrammler.
So, rui, thank you so much forbeing here and welcome to the
show.
Thank you, it is my pleasure tobe here, great.
So let's start out by havingyou tell a little bit about
yourself, maybe where you grewup, where you went to school,
where you currently live, a fewthings like that.
Speaker 3 (00:40):
So, born and raised in Portugal, studied in Porto
but then ended up living inLisbon.
Computer sciences major Overall, always with an engineering
perspective, love working incomplex problems, started my
(01:02):
career working in the bankingindustry, worked there almost
half my life, working life.
And then I founded andchallenged my good friend and
co-founder, pedro Fortuna.
In 2014,.
We founded J Scrambler andbecause we saw an emerging
problem in the industry soclient-side security In 2014, it
was at its infancy and we wereone of the main precursors, but
(01:25):
that started this movement andthis career move that I'm now in
.
And because things keepevolving, from client-side
security, we have nowspecialized mainly in credit
card payments and in securingcredit card payments and in
securing the credit card paymentprocess.
So this is my evolution from acareer perspective.
Speaker 2 (01:44):
Okay, well, let's dive in and talk about the
company.
So maybe tell us exactly whatyou do, who your target audience
is, those types of things.
Speaker 3 (01:52):
So we are making sure that no third party is
accessing credit card payment orpayment data.
It might be credit cards, itmight be other payment data, and
we are preventing mainly creditcard skimming attacks on web
pages and, as you can understand, when any purchase is being
done, only a very few specificcompanies need to have access to
(02:14):
that information and normallythese are like verified.
These follow very strictsecurity rules and also follow
the PCI DSS security standard.
But on a normal website, on anormal e-commerce website, you
have a lot of third-partyvendors, some of them doing
analytics, some of them doingperformance, verifying that
(02:39):
there are not bots.
On average it ranges, but onaverage, about 66 different
third-party vendors that are onan e-commerce web store On the
checkout process.
Normally it's less, but stillit's a lot of companies that can
be there, so there is a verybig security challenge to solve.
(03:00):
The PCI Council launched a newsecurity standard, a new version
of the PCI DSS PCI DSS v4, that, in response to these growing
cybersecurity risks, mapped theclient-side security topic into
the standard and clearly theydefined that strategies that
(03:20):
allow us or the companies toprotect sensitive data of the
cardholder, securing JavaScriptand or the payment pages,
detecting unauthorized accessthat could lead to fraud later
down the road.
So this is where we are workingon, this is where we have
specialized ourselves, while theindustry is still changing
(03:43):
daily, as I was reviewingseveral of your episodes, and
you keep introducing innovationto the payment industry.
So it's an evolving topic andwe are also seeing this on our
side that it's not just creditcards Like today.
The payment process includes alot more complexity than we
(04:05):
would look back maybe five yearsago, with alternative methods
of payment, new forms of payment, country-specific forms of
payment, all with the samerequirements.
All should have the samerequirements or at least as
strict as the PCI DSS as defined.
And this is very importantbecause it means that everyone
(04:29):
is making an effort to securethese transactions and, in that
effect, we are reducing thefraud of the industry.
Speaker 2 (04:36):
So who are your main customers?
Speaker 3 (04:38):
So mainly we are working with e-commerce
companies, large e-commercecompanies, l1s and L2s in terms
of level of PCI.
That has been our main focusbecause not only do they do a
lot of transactions, becausethey are also very security,
sensitive.
Accepting credit cards iscritical for any company today
(04:59):
and that's where we have beenoperating.
We have been operating itranges from airlines, very large
clothes retailers, also in thetravel and hospitality, so those
have been like the main marketsthat we have been exposed to.
Okay, and since these are largemerchants, I assume the
(05:19):
footprint is global right,because people can buy on these
websites from all over the worldand that's part of the
complexity that they faceBecause, if you look at it, when
we are engaging with most ofthese companies, we talk about
one payment page, but thatpayment page is so volatile that
it changes from region toregion, person to person, device
(05:41):
or technology of that device.
It's a very complex problem tosolve when they have, at the
same time, to provide a verygood experience to their end
users, provide also theassurances for the security
requirements and also thebusiness interests at the same
time, where everyone isdemanding new, innovative ways
(06:04):
to engage with the user base andwe keep adding stuff to the
checkout process to assist inthis checkout process.
So it's a very complex.
These scenarios are always verycomplex and also very sensitive
, like if you add something andit's not performing well, the
impact for the business isimmediate.
Speaker 2 (06:22):
Yeah, so you know, I've been in the industry a long
time and used to always hearfraud and security in the same
sentence.
Maybe talk about how that'schanged, or maybe how that's
still the same.
Speaker 3 (06:33):
I think that it has changed a lot in this case of
the requirements and we mainlywork in the security space, not
in the fraud space, but we endup avoiding fraud.
We create mechanisms for thecompanies to be able to control
what their third parties areaccessing or what type of
information they're accessing.
In the particular case ofpayments in the payment industry
(06:57):
, we are protecting the creditcard information.
Data Security is not fraud, butwe end up avoiding and reducing
fraud, because if there areless cards being stolen, if
there's less exposure, we end upproducing fraud, because most
of the time, in terms of creditcard industry, we understand
fraud as chargebacks, so it'slater on the process, not at the
(07:19):
moment of capturing the data orthe credit card data.
Speaker 2 (07:23):
Yeah, I'm also curious because in the last five
years or so there's been thisbig push to remove as much
friction as possible from thecheckout.
So how has that affected whatyou've done?
Speaker 3 (07:36):
You are removing friction, but to do so,
sometimes you are adding morethird parties to the process,
like there was a moment where wewere having assistance in the
checkout process, where we werehaving assistants in the
checkout process, so while wewere typing our credit card
information, there was also achat that could help us in that
process.
If we're facing some roadblockNow, it's most likely an AI
(07:58):
chatbot or something similarthat is there.
The problem is that, by default,the browsers don't have the
controls to limit the reach ofthese third parties, so these
chat applications or these chatagents by default, the browsers
don't have the controls to limitthe reach of these third
parties, so these chatapplications or these chat
agents could access that type ofcredit card information and in
(08:18):
that sense, it was reducing thefriction, but it's increasing
the exposure and risk of thecompany.
That's why we come in and we arebasically making sure that, yes
, the companies can continue toreduce the friction, can
continue to add solutions toexpedite the sales process, to
provide proper estimates interms of postage, to even break
(08:40):
down the payment into multipleinstallments and stuff like that
, which is something that wehave seen as an evolution of the
industry, but at the same timemaking sure that none of these
third parties are overstepping,because there are two types of
problems that can occur.
One is intentional attackSomeone that is adding a credit
(09:02):
card schemer to the webpage.
So that's an attack, that's acybersecurity problem.
But there is also themisconfiguration, all the other
problems that could lead to yousending credit card information
to a company that should neverhave credit card information
because they are not built tohave it and so they don't meet
the security standards, and thatcould pose a very big risk on
(09:26):
the world.
Speaker 2 (09:27):
What would you say, differentiates Jsccrambler from
the competitors out there?
Speaker 3 (09:32):
That's a very good question.
First, we are pure play.
We have been doing this since2014,.
Since I told you, we are themain or the initial precursor of
all this movement regardingclient-side security.
This is years of expertise thatcannot be easily copied.
We were the first to launchthis category and this type of
(09:54):
product, and we keep simplifyingand making it very simple for
e-commerce or vendors to adoptour technology, in a sense that
security should never be abarrier for them to innovate.
Security shouldn't be anotherstep in the process.
As you said, we are streamliningthe process.
We want to be invisible, wewant to make sure that we stay
(10:17):
in the background, but at thesame time, we are able to
provide the controls for theindustry to be able to accept
payments, as they have done inthe past or even in future, ways
that are much more evolved thanwe are today.
We are moving into instantpayments and stuff like that.
It's going to be a very bigchallenge in terms of fraud
because we lose the chargebackcapabilities if we are talking
(10:39):
about instant payments.
So, while this is evolving, weneed to provide the security
capabilities and we are notlimited to just achieving
compliance.
We go much beyond that and Iwould say that when in here we
are talking about the forum,that is about payments.
But if you look at it, westarted the company focused on
every type of data privacyconcern that can happen on the
(11:03):
client side Social security,healthcare data, like everything
that can be considered asprivate information.
We have focused on that.
The payment is a subset of whatwe can do, so this means that
we're also bringing a vendorthat can help you today with the
compliance, today with thepayment information, but in the
future we can help you cover allthe other aspects of privacy
(11:27):
and security of your users,which is a very big and complex
problem in today's world.
Speaker 2 (11:34):
Okay.
Well, when you step back andlook at the payments industry as
a whole, where do you see itheaded, say in the next three to
five years?
And certainly you can answerthat in kind of the lens of what
you do, but curious your viewson the future.
Speaker 3 (11:46):
So we have a worldwide scope.
Okay, so US is our main focus.
We also have Europe, and wealso have Latin America and also
Asia customers across the world, and what we have seen in many
countries is that the paymentlandscape is changing a lot.
Governments are issuing theirown payment or instant payment
(12:06):
solutions that compete directlywith credit cards.
In Brazil, we have PIX I thinkthey were one of the initial
ones where the governmentcreated an alternative method of
payment that is now the mainmethod of payment In Europe.
Each country has its own kind ofsystem that is becoming
sometimes more popular thancredit cards.
(12:27):
And, of course, we have theexample of China, but that's a
totally different market systemthat is becoming sometimes more
popular than credit cards.
And, of course, we have theexample of China, but that's a
totally different market, whereWeChat is the main method of
payment.
So I think that this trend isnot going to stop.
It's going to accelerate, and Isee that the industry is also
looking at it and in the case ofMasterCard, for example, they
(12:49):
are even talking about identityas the proof of payment, with
all the privacy slash, securitychallenges that are going to
come up, like we are trading thecredit card number for the
identity of the user.
What are the challenges forthat?
And I would even say and theymust have studied this many
(13:11):
governments are going tochallenge them on using identity
as a way of payment, but thattrend is going forward.
For sure, the biggest evolutionthat we have in the latest years
, at least for me as a user, hasbeen paying using the phone.
I forget to wallet at home andI can do everything nonetheless
(13:31):
Online.
It's a mix, like where we aredoing PIN 3DS, different types
of authorizations, and we go tothe bank.
It's a challenging process, butthe priority must be given
towards we need to have thesecurity capabilities in place
before we move into other formsof payment, because we risk that
(13:54):
we go forward and then we lookback and we say we opened a
Pandora box and now no one istrusting this payment system.
There's a lot of complexproblems to solve down the road.
Speaker 2 (14:07):
Right right them.
There's a lot of complexproblems to solve down the road,
right right.
Well, what do you think aboutsort of the AI side, where you
know MasterCard, visa made someannouncements I don't know if
you saw Google earlier wherebasically you have agents that
can now buy for you without youeven practically knowing?
I mean sort of how does that?
I mean, does that really matter?
Or, at the end of the day,they're still checking out.
(14:27):
So your solutions make sense.
Speaker 3 (14:30):
The first security challenge that we are facing
with AI is that AI needs data tooperate and while we are
controlling third parties AIagents that can be embedded into
these pages, they pose asecurity risk for many companies
.
So our strategy as a companyhas always been, or is, in the
case of AI we need to define thelimits of the information that
(14:54):
they can access to make whateverthey want to do Because AI
works well if it ingests a lotof data, but which data do we
want it to be accessible?
Do we want AI to access creditcard information data when
you're doing a checkout page?
I would challenge that, butmaybe no one is enforcing this,
(15:14):
and I am proactively enforcinglike.
If something doesn't haveaccess to that information, we
don't risk anything.
You're talking about like, then.
About like using agents, whichis more or less the same as
saying using bots to dopurchases for you.
We had these challenges likewhen no one could buy a
(15:35):
PlayStation, or when no one canbuy a concert because the new
ticket or the newest release ofthe PlayStation runs out in five
seconds.
And then it's the secondarymarket where you're buying from
someone else, and then you'relosing that relationship with
the brand.
You're losing even thatwarranty.
Maybe you're losing a lot ofthings by doing it that way.
(15:58):
So I think that we need to beattentive to making sure that
the relationship between theconsumer and the brand is intact
.
It's a trust relationship.
It has always been like that.
We buy from store A and notfrom store B because of price,
but because we trust store A togive us the right product with
(16:21):
quality, in time and being ableto provide the support after
that sale.
If we're using agents, we'regiving the power to the people
that build the agents and notthis relationship.
I don't like it that much as aconsumer, but it depends on how
easy it's going to be and whatare the advantages for us.
Speaker 2 (16:43):
Right, right.
Still a lot to come on the AIand payment side, I think.
Speaker 3 (16:47):
We still need to use it and feel comfortable, because
at the moment some things areamazing, but how much do they
impact my day-to-day life?
It's still to be seen andhopefully it's all in a positive
way.
Speaker 2 (17:03):
Let's hope so.
Well, let's switch gears alittle bit and talk about you,
so maybe walk us through yourbackground up until you founded
the company and whatprecipitated the finding of the
company.
Speaker 3 (17:13):
So my background is in IT.
We were very focused onsecurity from.
I was very focused and myco-founder also was also very
focused on security.
We understood that the worldwas changing, like everyone was
going to buy online, and thatour life was very different from
when we first started thecompany.
(17:33):
And we understood that thebrowsers were going to be the
main mechanism for us tointeract.
And we understood that thebrowsers were going to be the
main mechanism for us tointeract, and so we started
building technology to make surethat that interaction with the
user was secure.
So we started by protectingapplications so protecting
JavaScript, protecting web pagesand then we evolved into the
data privacy aspect that I havebeen mainly focusing on in this
(17:56):
discussion, where we aremonitoring the third parties and
making sure that informationstays within the people that
should be accessing thatinformation.
So we have always been tryingto do and having a very good
success at doing it sosimplifying the security of the
client side.
Simplifying in a sense, that wecannot demand from the
developers to be able to build agood experience and still build
(18:20):
all the tools that they need todo that experience in a secure
way.
So we need to assist them andthat's why we keep building new
and innovative products thathelp companies build more secure
applications and maintain thedata privacy of their users.
Because, again, and going backto the trust, I trust a company
(18:44):
not to lose my data.
I trust a company, when I'mpaying, that they're going to
use that credit card only forthat transaction or, if it is a
subscription, for that productsubscription.
We cannot break this.
These trust relationships iswhat makes a company great and
makes the continuous process ofgrowing, and if we lose these
(19:07):
capabilities, this is a criticalresource.
It's like power, water and theability to buy online.
Maybe I would put, today,internet, power and water as the
priorities that most peoplehave, and then the ability to
buy stuff.
So it's a critical resource andwe need to basically continue
(19:29):
to produce technology to makesure that it continues to work
with the security consciousprocess that assures the privacy
of the users.
Speaker 2 (19:37):
Okay, Well, what are some things you're passionate
about?
So, maybe one work-relatedpassion and one personal passion
.
It's clear that I'm a very big.
Speaker 3 (19:46):
Security is the main topic that I lead from every day
.
But my passion, to be honest,is when I see our progress and I
see our customers come back tous and say this is a solution
that was easy, that we deployed,that we are getting value.
So I value the technologyitself, but I value more the
(20:07):
fact that today I cannot pass aday without recognizing a
customer of ours that is moresecure because we are there with
them, a customer of ours thatis more secure because we are
there with them.
This is what kind of makes metick every day when the day is
not going so well.
And then you see oh, I helpedthat brand.
Oh, I helped that brand.
So I really enjoy that process.
(20:28):
From a personal perspective, I'mkind of boring because I'm a
geek.
I have passion for what I do,because I'm the CEO.
I don't code, I am not allowedto touch the code base of the
company, but still I still haveall those instincts and on my
free time I continue to be ageek.
(20:49):
So I really enjoy tinkeringwith the fucking stuff.
The camera is like this is thewide view that you guys have,
but if you guys were able to seeto the other side.
There's like a router that isopened up and stuff like that
and a soldering iron and all ofthat, because I need those
elements to continue to be happyto feel that we are still
(21:10):
building stuff and not justbeing the CEO and focusing on
financial and customers andstuff like that.
Speaker 2 (21:16):
Right, right.
Well, if someone came to you,maybe they just graduated from
college, they're looking at thepayments industry and they say,
hey, I want to build a career inpayments or fintech, and maybe
they're even changing careersfrom another industry and they
want to come into paymentsbecause of all the excitement in
this industry what would youtell them they need to do to be
successful in this industry?
Speaker 3 (21:41):
I think that, first, there's no better time Banking
payments I've never seen so manychanges as now.
Before, everything was verystatic in banking.
Everything was very static inpayments.
There's no better time thanthis.
The other would be associatefine startups that you relate to
For you to grow personally.
Startups or a big company witha startup culture is the best
(22:01):
way for you to grow.
I started in a bankingenvironment, but I have to say
that I had to leave to continueto innovate at some point.
And it's not that there are alot of very competent, very
intelligent people in all thebanking industry, but they are
limited in terms of their scope,what they can do.
They have to go through a lotof red tape, they have to go
(22:23):
through a lot of control, soit's very tough for them to
innovate.
And if you're not fighting thesystem in a persistent way, you
can end up in a nine to five jobwhere the thing that motivates
you is the paycheck.
Paycheck is important, but itshouldn't be your main
motivation, don't get me wrong.
Like, it's very important, butthe main motivation is that you
(22:46):
are growing, that you arelearning stuff, that you are
making a difference, andstartups provide that
environment for you and luckilynow there are a lot of startups
and even banks are pushing forthat startup environment with
new brands and new branches thatare more dynamic and more
focused on the customer.
Speaker 2 (23:06):
Okay, Well, Rui, we've covered a lot of ground,
obviously, about you, about thecompany, about the industry.
Is there anything else you'dlike to mention before we wrap
up the show?
Speaker 3 (23:15):
I think it's very exciting the things that are
happening in the paymentindustry.
Is there anything else you'dlike to mention before we wrap
up the show?
I think that it's very excitingthe things that are happening
in the payment industry, and weneed to make sure that we
implement all the controls, andthat's why we require technology
and innovation like the onethat J Scramble is building, so
I'm very excited about thefuture of payments.
Speaker 2 (23:31):
Yeah, okay, well, thank you so much for being on
the show today.
I know your time is veryvaluable, so thank you so much
for being on, thank you, thankyou.
Thank you very much, and, toall your listeners out there, I
thank you for your time as well,and until the next story.
Speaker 1 (23:43):
Thank you for joining us this week on the Leaders in
Payments podcast.
Make sure you visit our websiteat leadersinpaymentscom, where
you can subscribe to the showand where you'll find our show
notes.
If you enjoyed listening,please share on your social
(24:03):
channels as well.
Welcome to the Leaders in Payments podcast,
where we talk to C-level leadersfrom across the payments
landscape.
We'll be discussing theproducts and services that
impact the payment space today,as well as trends and
predictions for the future ofpayments.
We will also hear stories fromour guests about their journeys
to the top.
Speaker 2 (00:18):
Hello everyone and welcome to the Leaders in
Payments podcast.
I'm your host, greg Myers, andon today's show we have a very
special guest, rui Ribeiro, theco-founder and CEO of J
Scrammler.
So, rui, thank you so much forbeing here and welcome to the
show.
Thank you, it is my pleasure tobe here, great.
So let's start out by havingyou tell a little bit about
yourself, maybe where you grewup, where you went to school,
where you currently live, a fewthings like that.
Speaker 3 (00:40):
So, born and raised in Portugal, studied in Porto
but then ended up living inLisbon.
Computer sciences major Overall, always with an engineering
perspective, love working incomplex problems, started my
(01:02):
career working in the bankingindustry, worked there almost
half my life, working life.
And then I founded andchallenged my good friend and
co-founder, pedro Fortuna.
In 2014,.
We founded J Scrambler andbecause we saw an emerging
problem in the industry soclient-side security In 2014, it
was at its infancy and we wereone of the main precursors, but
(01:25):
that started this movement andthis career move that I'm now in
.
And because things keepevolving, from client-side
security, we have nowspecialized mainly in credit
card payments and in securingcredit card payments and in
securing the credit card paymentprocess.
So this is my evolution from acareer perspective.
Speaker 2 (01:44):
Okay, well, let's dive in and talk about the
company.
So maybe tell us exactly whatyou do, who your target audience
is, those types of things.
Speaker 3 (01:52):
So we are making sure that no third party is
accessing credit card payment orpayment data.
It might be credit cards, itmight be other payment data, and
we are preventing mainly creditcard skimming attacks on web
pages and, as you can understand, when any purchase is being
done, only a very few specificcompanies need to have access to
(02:14):
that information and normallythese are like verified.
These follow very strictsecurity rules and also follow
the PCI DSS security standard.
But on a normal website, on anormal e-commerce website, you
have a lot of third-partyvendors, some of them doing
analytics, some of them doingperformance, verifying that
(02:39):
there are not bots.
On average it ranges, but onaverage, about 66 different
third-party vendors that are onan e-commerce web store On the
checkout process.
Normally it's less, but stillit's a lot of companies that can
be there, so there is a verybig security challenge to solve.
(03:00):
The PCI Council launched a newsecurity standard, a new version
of the PCI DSS PCI DSS v4, that, in response to these growing
cybersecurity risks, mapped theclient-side security topic into
the standard and clearly theydefined that strategies that
(03:20):
allow us or the companies toprotect sensitive data of the
cardholder, securing JavaScriptand or the payment pages,
detecting unauthorized accessthat could lead to fraud later
down the road.
So this is where we are workingon, this is where we have
specialized ourselves, while theindustry is still changing
(03:43):
daily, as I was reviewingseveral of your episodes, and
you keep introducing innovationto the payment industry.
So it's an evolving topic andwe are also seeing this on our
side that it's not just creditcards Like today.
The payment process includes alot more complexity than we
(04:05):
would look back maybe five yearsago, with alternative methods
of payment, new forms of payment, country-specific forms of
payment, all with the samerequirements.
All should have the samerequirements or at least as
strict as the PCI DSS as defined.
And this is very importantbecause it means that everyone
(04:29):
is making an effort to securethese transactions and, in that
effect, we are reducing thefraud of the industry.
Speaker 2 (04:36):
So who are your main customers?
Speaker 3 (04:38):
So mainly we are working with e-commerce
companies, large e-commercecompanies, l1s and L2s in terms
of level of PCI.
That has been our main focusbecause not only do they do a
lot of transactions, becausethey are also very security,
sensitive.
Accepting credit cards iscritical for any company today
(04:59):
and that's where we have beenoperating.
We have been operating itranges from airlines, very large
clothes retailers, also in thetravel and hospitality, so those
have been like the main marketsthat we have been exposed to.
Okay, and since these are largemerchants, I assume the
(05:19):
footprint is global right,because people can buy on these
websites from all over the worldand that's part of the
complexity that they faceBecause, if you look at it, when
we are engaging with most ofthese companies, we talk about
one payment page, but thatpayment page is so volatile that
it changes from region toregion, person to person, device
(05:41):
or technology of that device.
It's a very complex problem tosolve when they have, at the
same time, to provide a verygood experience to their end
users, provide also theassurances for the security
requirements and also thebusiness interests at the same
time, where everyone isdemanding new, innovative ways
(06:04):
to engage with the user base andwe keep adding stuff to the
checkout process to assist inthis checkout process.
So it's a very complex.
These scenarios are always verycomplex and also very sensitive
, like if you add something andit's not performing well, the
impact for the business isimmediate.
Speaker 2 (06:22):
Yeah, so you know, I've been in the industry a long
time and used to always hearfraud and security in the same
sentence.
Maybe talk about how that'schanged, or maybe how that's
still the same.
Speaker 3 (06:33):
I think that it has changed a lot in this case of
the requirements and we mainlywork in the security space, not
in the fraud space, but we endup avoiding fraud.
We create mechanisms for thecompanies to be able to control
what their third parties areaccessing or what type of
information they're accessing.
In the particular case ofpayments in the payment industry
(06:57):
, we are protecting the creditcard information.
Data Security is not fraud, butwe end up avoiding and reducing
fraud, because if there areless cards being stolen, if
there's less exposure, we end upproducing fraud, because most
of the time, in terms of creditcard industry, we understand
fraud as chargebacks, so it'slater on the process, not at the
(07:19):
moment of capturing the data orthe credit card data.
Speaker 2 (07:23):
Yeah, I'm also curious because in the last five
years or so there's been thisbig push to remove as much
friction as possible from thecheckout.
So how has that affected whatyou've done?
Speaker 3 (07:36):
You are removing friction, but to do so,
sometimes you are adding morethird parties to the process,
like there was a moment where wewere having assistance in the
checkout process, where we werehaving assistants in the
checkout process, so while wewere typing our credit card
information, there was also achat that could help us in that
process.
If we're facing some roadblockNow, it's most likely an AI
(07:58):
chatbot or something similarthat is there.
The problem is that, by default,the browsers don't have the
controls to limit the reach ofthese third parties, so these
chat applications or these chatagents by default, the browsers
don't have the controls to limitthe reach of these third
parties, so these chatapplications or these chat
agents could access that type ofcredit card information and in
(08:18):
that sense, it was reducing thefriction, but it's increasing
the exposure and risk of thecompany.
That's why we come in and we arebasically making sure that, yes
, the companies can continue toreduce the friction, can
continue to add solutions toexpedite the sales process, to
provide proper estimates interms of postage, to even break
(08:40):
down the payment into multipleinstallments and stuff like that
, which is something that wehave seen as an evolution of the
industry, but at the same timemaking sure that none of these
third parties are overstepping,because there are two types of
problems that can occur.
One is intentional attackSomeone that is adding a credit
(09:02):
card schemer to the webpage.
So that's an attack, that's acybersecurity problem.
But there is also themisconfiguration, all the other
problems that could lead to yousending credit card information
to a company that should neverhave credit card information
because they are not built tohave it and so they don't meet
the security standards, and thatcould pose a very big risk on
(09:26):
the world.
Speaker 2 (09:27):
What would you say, differentiates Jsccrambler from
the competitors out there?
Speaker 3 (09:32):
That's a very good question.
First, we are pure play.
We have been doing this since2014,.
Since I told you, we are themain or the initial precursor of
all this movement regardingclient-side security.
This is years of expertise thatcannot be easily copied.
We were the first to launchthis category and this type of
(09:54):
product, and we keep simplifyingand making it very simple for
e-commerce or vendors to adoptour technology, in a sense that
security should never be abarrier for them to innovate.
Security shouldn't be anotherstep in the process.
As you said, we are streamliningthe process.
We want to be invisible, wewant to make sure that we stay
(10:17):
in the background, but at thesame time, we are able to
provide the controls for theindustry to be able to accept
payments, as they have done inthe past or even in future, ways
that are much more evolved thanwe are today.
We are moving into instantpayments and stuff like that.
It's going to be a very bigchallenge in terms of fraud
because we lose the chargebackcapabilities if we are talking
(10:39):
about instant payments.
So, while this is evolving, weneed to provide the security
capabilities and we are notlimited to just achieving
compliance.
We go much beyond that and Iwould say that when in here we
are talking about the forum,that is about payments.
But if you look at it, westarted the company focused on
every type of data privacyconcern that can happen on the
(11:03):
client side Social security,healthcare data, like everything
that can be considered asprivate information.
We have focused on that.
The payment is a subset of whatwe can do, so this means that
we're also bringing a vendorthat can help you today with the
compliance, today with thepayment information, but in the
future we can help you cover allthe other aspects of privacy
(11:27):
and security of your users,which is a very big and complex
problem in today's world.
Speaker 2 (11:34):
Okay.
Well, when you step back andlook at the payments industry as
a whole, where do you see itheaded, say in the next three to
five years?
And certainly you can answerthat in kind of the lens of what
you do, but curious your viewson the future.
Speaker 3 (11:46):
So we have a worldwide scope.
Okay, so US is our main focus.
We also have Europe, and wealso have Latin America and also
Asia customers across the world, and what we have seen in many
countries is that the paymentlandscape is changing a lot.
Governments are issuing theirown payment or instant payment
(12:06):
solutions that compete directlywith credit cards.
In Brazil, we have PIX I thinkthey were one of the initial
ones where the governmentcreated an alternative method of
payment that is now the mainmethod of payment In Europe.
Each country has its own kind ofsystem that is becoming
sometimes more popular thancredit cards.
(12:27):
And, of course, we have theexample of China, but that's a
totally different market systemthat is becoming sometimes more
popular than credit cards.
And, of course, we have theexample of China, but that's a
totally different market, whereWeChat is the main method of
payment.
So I think that this trend isnot going to stop.
It's going to accelerate, and Isee that the industry is also
looking at it and in the case ofMasterCard, for example, they
(12:49):
are even talking about identityas the proof of payment, with
all the privacy slash, securitychallenges that are going to
come up, like we are trading thecredit card number for the
identity of the user.
What are the challenges forthat?
And I would even say and theymust have studied this many
(13:11):
governments are going tochallenge them on using identity
as a way of payment, but thattrend is going forward.
For sure, the biggest evolutionthat we have in the latest years
, at least for me as a user, hasbeen paying using the phone.
I forget to wallet at home andI can do everything nonetheless
(13:31):
Online.
It's a mix, like where we aredoing PIN 3DS, different types
of authorizations, and we go tothe bank.
It's a challenging process, butthe priority must be given
towards we need to have thesecurity capabilities in place
before we move into other formsof payment, because we risk that
(13:54):
we go forward and then we lookback and we say we opened a
Pandora box and now no one istrusting this payment system.
There's a lot of complexproblems to solve down the road.
Speaker 2 (14:07):
Right right them.
There's a lot of complexproblems to solve down the road,
right right.
Well, what do you think aboutsort of the AI side, where you
know MasterCard, visa made someannouncements I don't know if
you saw Google earlier wherebasically you have agents that
can now buy for you without youeven practically knowing?
I mean sort of how does that?
I mean, does that really matter?
Or, at the end of the day,they're still checking out.
(14:27):
So your solutions make sense.
Speaker 3 (14:30):
The first security challenge that we are facing
with AI is that AI needs data tooperate and while we are
controlling third parties AIagents that can be embedded into
these pages, they pose asecurity risk for many companies
.
So our strategy as a companyhas always been, or is, in the
case of AI we need to define thelimits of the information that
(14:54):
they can access to make whateverthey want to do Because AI
works well if it ingests a lotof data, but which data do we
want it to be accessible?
Do we want AI to access creditcard information data when
you're doing a checkout page?
I would challenge that, butmaybe no one is enforcing this,
(15:14):
and I am proactively enforcinglike.
If something doesn't haveaccess to that information, we
don't risk anything.
You're talking about like, then.
About like using agents, whichis more or less the same as
saying using bots to dopurchases for you.
We had these challenges likewhen no one could buy a
(15:35):
PlayStation, or when no one canbuy a concert because the new
ticket or the newest release ofthe PlayStation runs out in five
seconds.
And then it's the secondarymarket where you're buying from
someone else, and then you'relosing that relationship with
the brand.
You're losing even thatwarranty.
Maybe you're losing a lot ofthings by doing it that way.
(15:58):
So I think that we need to beattentive to making sure that
the relationship between theconsumer and the brand is intact
.
It's a trust relationship.
It has always been like that.
We buy from store A and notfrom store B because of price,
but because we trust store A togive us the right product with
(16:21):
quality, in time and being ableto provide the support after
that sale.
If we're using agents, we'regiving the power to the people
that build the agents and notthis relationship.
I don't like it that much as aconsumer, but it depends on how
easy it's going to be and whatare the advantages for us.
Speaker 2 (16:43):
Right, right.
Still a lot to come on the AIand payment side, I think.
Speaker 3 (16:47):
We still need to use it and feel comfortable, because
at the moment some things areamazing, but how much do they
impact my day-to-day life?
It's still to be seen andhopefully it's all in a positive
way.
Speaker 2 (17:03):
Let's hope so.
Well, let's switch gears alittle bit and talk about you,
so maybe walk us through yourbackground up until you founded
the company and whatprecipitated the finding of the
company.
Speaker 3 (17:13):
So my background is in IT.
We were very focused onsecurity from.
I was very focused and myco-founder also was also very
focused on security.
We understood that the worldwas changing, like everyone was
going to buy online, and thatour life was very different from
when we first started thecompany.
(17:33):
And we understood that thebrowsers were going to be the
main mechanism for us tointeract.
And we understood that thebrowsers were going to be the
main mechanism for us tointeract, and so we started
building technology to make surethat that interaction with the
user was secure.
So we started by protectingapplications so protecting
JavaScript, protecting web pagesand then we evolved into the
data privacy aspect that I havebeen mainly focusing on in this
(17:56):
discussion, where we aremonitoring the third parties and
making sure that informationstays within the people that
should be accessing thatinformation.
So we have always been tryingto do and having a very good
success at doing it sosimplifying the security of the
client side.
Simplifying in a sense, that wecannot demand from the
developers to be able to build agood experience and still build
(18:20):
all the tools that they need todo that experience in a secure
way.
So we need to assist them andthat's why we keep building new
and innovative products thathelp companies build more secure
applications and maintain thedata privacy of their users.
Because, again, and going backto the trust, I trust a company
(18:44):
not to lose my data.
I trust a company, when I'mpaying, that they're going to
use that credit card only forthat transaction or, if it is a
subscription, for that productsubscription.
We cannot break this.
These trust relationships iswhat makes a company great and
makes the continuous process ofgrowing, and if we lose these
(19:07):
capabilities, this is a criticalresource.
It's like power, water and theability to buy online.
Maybe I would put, today,internet, power and water as the
priorities that most peoplehave, and then the ability to
buy stuff.
So it's a critical resource andwe need to basically continue
(19:29):
to produce technology to makesure that it continues to work
with the security consciousprocess that assures the privacy
of the users.
Speaker 2 (19:37):
Okay, Well, what are some things you're passionate
about?
So, maybe one work-relatedpassion and one personal passion
.
It's clear that I'm a very big.
Speaker 3 (19:46):
Security is the main topic that I lead from every day
.
But my passion, to be honest,is when I see our progress and I
see our customers come back tous and say this is a solution
that was easy, that we deployed,that we are getting value.
So I value the technologyitself, but I value more the
(20:07):
fact that today I cannot pass aday without recognizing a
customer of ours that is moresecure because we are there with
them, a customer of ours thatis more secure because we are
there with them.
This is what kind of makes metick every day when the day is
not going so well.
And then you see oh, I helpedthat brand.
Oh, I helped that brand.
So I really enjoy that process.
(20:28):
From a personal perspective, I'mkind of boring because I'm a
geek.
I have passion for what I do,because I'm the CEO.
I don't code, I am not allowedto touch the code base of the
company, but still I still haveall those instincts and on my
free time I continue to be ageek.
(20:49):
So I really enjoy tinkeringwith the fucking stuff.
The camera is like this is thewide view that you guys have,
but if you guys were able to seeto the other side.
There's like a router that isopened up and stuff like that
and a soldering iron and all ofthat, because I need those
elements to continue to be happyto feel that we are still
(21:10):
building stuff and not justbeing the CEO and focusing on
financial and customers andstuff like that.
Speaker 2 (21:16):
Right, right.
Well, if someone came to you,maybe they just graduated from
college, they're looking at thepayments industry and they say,
hey, I want to build a career inpayments or fintech, and maybe
they're even changing careersfrom another industry and they
want to come into paymentsbecause of all the excitement in
this industry what would youtell them they need to do to be
successful in this industry?
Speaker 3 (21:41):
I think that, first, there's no better time Banking
payments I've never seen so manychanges as now.
Before, everything was verystatic in banking.
Everything was very static inpayments.
There's no better time thanthis.
The other would be associatefine startups that you relate to
For you to grow personally.
Startups or a big company witha startup culture is the best
(22:01):
way for you to grow.
I started in a bankingenvironment, but I have to say
that I had to leave to continueto innovate at some point.
And it's not that there are alot of very competent, very
intelligent people in all thebanking industry, but they are
limited in terms of their scope,what they can do.
They have to go through a lotof red tape, they have to go
(22:23):
through a lot of control, soit's very tough for them to
innovate.
And if you're not fighting thesystem in a persistent way, you
can end up in a nine to five jobwhere the thing that motivates
you is the paycheck.
Paycheck is important, but itshouldn't be your main
motivation, don't get me wrong.
Like, it's very important, butthe main motivation is that you
(22:46):
are growing, that you arelearning stuff, that you are
making a difference, andstartups provide that
environment for you and luckilynow there are a lot of startups
and even banks are pushing forthat startup environment with
new brands and new branches thatare more dynamic and more
focused on the customer.
Speaker 2 (23:06):
Okay, Well, Rui, we've covered a lot of ground,
obviously, about you, about thecompany, about the industry.
Is there anything else you'dlike to mention before we wrap
up the show?
Speaker 3 (23:15):
I think it's very exciting the things that are
happening in the paymentindustry.
Is there anything else you'dlike to mention before we wrap
up the show?
I think that it's very excitingthe things that are happening
in the payment industry, and weneed to make sure that we
implement all the controls, andthat's why we require technology
and innovation like the onethat J Scramble is building, so
I'm very excited about thefuture of payments.
Speaker 2 (23:31):
Yeah, okay, well, thank you so much for being on
the show today.
I know your time is veryvaluable, so thank you so much
for being on, thank you, thankyou.
Thank you very much, and, toall your listeners out there, I
thank you for your time as well,and until the next story.
Speaker 1 (23:43):
Thank you for joining us this week on the Leaders in
Payments podcast.
Make sure you visit our websiteat leadersinpaymentscom, where
you can subscribe to the showand where you'll find our show
notes.
If you enjoyed listening,please share on your social
(24:03):
channels as well.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.