Guest: Mairtin O’Riada and Martin Sweeney
Today I’m talking with Mairtin O’Riada and Martin Sweeney, two of the co-founders of Ravelin, and this episode really is one of those fraud conversations where we get to nerd out a little. In a good way. Because when you have people who built fraud tools after first trying to solve the problem on the merchant side, the conversation usually gets a lot more practical very quickly.
That is exactly what happened here.
We get into PSD2 and account takeover fraud, but we do not stay in one lane. We also talk about mobile wallet fraud, merchant fraud trends, digital wallet risk, what their merchants are seeing in Europe, and how the fraud vendor landscape is shifting. And honestly, that mix matters. Because fraud teams are not dealing with these issues one at a time. They are dealing with them all at once, inside real businesses, with real tradeoffs.
And that matters.
Because if you work in ecommerce payment fraud or fraud prevention in Europe, you already know the pressure. PSD2 changed the environment. Authentication changed the environment. Customer expectations changed the environment. Fraudsters adapted, of course, because that is what they do. So this episode is really about how those moving parts fit together and what merchants should be paying closer attention to now.
Here is what that means in practice:
- PSD2 and account takeover fraud are connected because changes in authentication always change attacker behavior too
- Merchant fraud trends make more sense when you look at payments, wallets, and account abuse together
- Fraud prevention in Europe requires teams to balance PSD2 compliance, customer experience, and evolving fraud pressure
- Fraud tech insights are most useful when they come from people who have solved fraud on both the merchant and vendor side
What you’ll hear in this episode:
- How PSD2 and account takeover fraud are affecting merchants across Europe
- What Mairtin and Martin are hearing through their fraud and payments study and merchant conversations
- Why mobile wallet fraud and digital wallet fraud keep creating new merchant payment challenges
- What current fraud topics are getting the most attention from European merchants
- How the vendor fraud landscape may be changing as fraud pressure keeps evolving
You should listen to this episode if you:
- Work in fraud, risk, payments, or trust and safety and want a better handle on PSD2 and account takeover fraud
- Care about PSD2 compliance, authentication and fraud, or fraud prevention in Europe
- Need a clearer view of mobile wallet fraud, digital wallet fraud, and ecommerce payment fraud
- Want practical fraud tech insights grounded in merchant experience
- Are trying to understand UK fraud trends, EU fraud regulations, and how they are changing fraud strategy
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
In this episode, I talk with the Martins about the intersection of regulation, authentication, merchant reality, and fraud adaptation. Because that is really what this conversation is about. Not just PSD2 in isolation, and not just ATOs in isolation, but how the whole payments and fraud environment shifts when regulation changes and attackers start testing the new seams.
Why PSD2 changed more than just compliance
Let’s break this down.
A lot of people hear PSD2 and think compliance. Rules. Authentication requirements. Issuer behavior. Regulatory burden. All true. But that is not the full story. PSD2 also changed the fraud environment, because any time the payment experience changes, fraudsters start studying the new shape of trust.
That is what makes this interesting.
PSD2 and account takeover fraud belong in the same conversation because stronger authentication around one part of the journey can push attackers toward another. If checkout gets harder, account access matters more. If authentication becomes more visible, attackers start looking for where that process can be bypassed, manipulated, or shifted somewhere else in the customer journey.
Right.
That is the part merchants need to keep in mind.
- PSD2 compliance affects fraud strategy, not just legal or payments workflows
- Authentication and fraud are always connected because controls change attacker incentives
- EU fraud regulations can reduce some risks while increasing pressure somewhere else
- Fraud prevention in Europe works better when teams focus on where attackers move next
Why account takeover fraud is still such a major issue
Here’s what’s actually happening.
Account takeover fraud keeps showing up because it gives attackers something incredibly useful, access to a relationship the customer already trusts. And once an attacker gets that access, they do not have to start from zero. They may inherit payment methods, order history, stored value, loyalty balances, wallet access, and a cleaner path through parts of the system that were built for legitimate users.
That is a problem.
And when we talk about PSD2 and account takeover fraud together, that is part of what matters. Stronger payment authentication does not make the account layer less important. If anything, it can make the account layer even more valuable to attackers because that is where some of the existing trust already sits.
We have seen this playbook before.
- Account takeover fraud remains attractive because it gives attackers access to established trust
- PSD2 and account takeover fraud are linked through shifting attacker focus and customer authentication patterns
- Ecommerce payment fraud often starts earlier in the journey than the payment step itself
- Merchant payment challenges get harder when fraud moves from transaction abuse into account abuse
Why mobile wallets and digital wallets deserve more attention
This is where things get especially interesting.
Mobile wallet fraud and digital wallet fraud tend to get discussed like niche payment issues, but I do not think that is the right read. They sit right in the middle of how consumers want to pay and how fraud teams have to think about convenience, authentication, and trust.
Because wallets change the context.
They can create smoother customer experiences, which is great. They can also create new assumptions around device trust, user authentication, and payment legitimacy that may or may not hold up as well as people want them to. And when merchants start seeing more of the "...Pay" methods, those assumptions matter a lot.
That is part of the reason this conversation was so useful.
- Mobile wallet fraud creates risk when convenience and trust signals are overestimated
- Digital wallet fraud often exposes assumptions around device trust and authentication quality
- Ecommerce payment fraud is changing as wallet adoption grows across markets
- Merchant fraud trends become easier to understand when wallet behavior is analyzed alongside ATO and payments abuse
What merchant fraud trends are saying right now
One of the things I liked about this conversation is that it was not just theoretical. The Martins brought in what they are seeing from merchants directly, and that always makes a discussion more useful. Because current fraud topics are interesting, but merchant reality is what tells you whether something is actually becoming a bigger operational problem.
And that matters.
Merchant fraud trends are usually not about one dramatic attack. They are about repeated friction points. More ATO pressure. More payment adaptation. More digital wallet questions. More tension between conversion and control. More fraud teams trying to figure out whether the environment is shifting enough that their old assumptions need to be reworked.
That usually means it is time to pay attention.
- Merchant fraud trends are most useful when they reflect what operators are actually seeing
- Fraud and payments study insights matter because they help separate pattern from noise
- UK fraud trends and broader European patterns often reveal where attacker behavior is changing first
- Current fraud topics become much more actionable when tied to merchant pain points
Why the vendor fraud landscape keeps shifting too
I also really liked that we got into the vendor fraud landscape, because that part of the ecosystem is changing too. Fraud teams are asking harder questions. Merchants need tools that fit newer attack patterns. And vendors that were built around one era of fraud do not always fit the next one especially well.
That is not exactly subtle.
What stands out to me here is that founders who started by solving merchant problems themselves tend to have a more grounded view of where tools help and where they do not. And that is useful. Because merchants do not need more abstract claims right now. They need practical answers to practical fraud pressure.
- The vendor fraud landscape is changing as merchant needs become more complex
- Fraud tech insights matter more when they are grounded in operator experience
- Fraud prevention in Europe requires solutions that reflect both regulation and attacker adaptation
- Merchant payment challenges are forcing vendors to think more realistically about integration and value
The big takeaway from this episode is pretty straightforward. PSD2 and account takeover fraud are not separate issues sitting on opposite sides of the fraud stack. They are part of the same broader shift in how authentication, payments, wallets, and account trust are evolving in Europe. That is exactly why this conversation with Mairtin and Martin is so useful.
