PayPal CRO’s Three Trends for Security and Risk Management

PayPal’s business is built on its ability to manage security and risk to protect its customers and the millions of financial transactions that move through its system every day.

At the Gartner Security & Risk Management Summit in National Harbor, Maryland, Avivah Litan, vice president and distinguished analyst at Gartner, asks Tomer Barel, Chief Risk Officer at PayPal, to share his three essential trends for innovating risk management and fraud detection solutions.

#1. Trust
Managing risk is tied to customer confidence and trust in the brand and company,” Barel says. “I view myself as the chief trust officer at PayPal.” He earns that trust by “futureproofing” PayPal’s risk operation. At his core, is a belief that trust isn’t just about keeping the bad guys out, but enabling the good guys to do commerce anywhere and across any device.

#2. Business outcomes
Effective risk management must be tied to business outcomes. Noting that he is accountable for KPIs and actual losses to the company, Barel suggests that this makes him more effective in his role.

Rethink the Security & Risk Strategy

Why leaders must embrace modern cybersecurity practices

Download Free eBook

#3. Match human intelligence with big data
PayPal invests in state of the art data analytics techniques; however, big data algorithms have not yet reached a level of accuracy without human intelligence, according to Barel. “What we’ve found over the years, is that if your goal is to get to a high level of accuracy, then you must complement what machines do with people who understand how other people behave and translate these human insights into code,” he says. “And anyone who wants to manage risk with accuracy has to do that.”

Barel describes a scenario where a U.S. customer conducts a transaction in Thailand. Human intelligence is necessary to instruct machines to spot an earlier travel-related transaction, say for a Thai resort or activity at her home state airport, to identify the transaction as low risk. “We need an analyst to translate that type of information into code,” Barel says. “Machines can’t do that yet.”

When it comes to mobile, Barel shares that mobile devices generate a real opportunity to increase the accuracy of risk management because of location data and the one-to-one association of a device to a person. However, most PayPal transactions are conducted on PCs and laptops. The security and risk community has work to do in making consumers realize that mobile devices are secure for financial transactions, he suggests.


Video replays from the Summit are available at Gartner Events on Demand.

Get Smarter

Gartner Security & Risk Management Summits

The latest insights on IT trends, evolving security tech and the ever-changing threat landscape.

Explore Gartner Conferences

2019-2021 Emerging Technology Roadmap for Large Enterprises

We gathered expertise from IT professionals across 198 organizations to benchmark adoption stages and risk and value factors for 108 infrastructure and operations technologies for this year. The emerging technologies profiled are spread across six technology buckets: compute and storage, compute and storage (cloud), digital workplace, IT automation, network and security.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching