Startups Get Exposed By Payment Systems, Not Hackers by Roberto Popolizio

Published on: July 22, 2025
Managing Editor

For startups in emerging markets, the biggest cybersecurity threat isn’t malware.

Digital businesses across India, Southeast Asia, and Eastern Europe are expanding globally, but many still rely on outdated, homegrown payment systems. These setups typically combine domestic gateways, makeshift tax tools, and off-the-shelf fraud filters. The result? Up to 50% of international payments fail — and behind those failures is a deeper problem most people never see.

Those same systems are creating hidden vulnerabilities that expose both the business and their customers to fraud, data leaks, and legal risks. In this interview with Rishabh Goel, CEO of Dodo Payments, we explore why broken payment infrastructure isn’t just a business problem — it’s a security liability — and how a different approach could change the equation.

A Global Internet, But Not Global Commerce

While U.S. startups can plug into Stripe or Adyen and sell worldwide with built-in compliance, companies in emerging markets face serious issues processing international payments, creating risks for the end user (you).

Why? Because they must often rely on three or more disconnected services: one for payments, one for taxes, another for fraud protection. Here’s what problems they face more in detail, and why they matter:

First, there’s the issue of legal protection. If you buy from a company overseas and something goes wrong, you expect a receipt, a refund policy, or at least someone to contact. But many of these businesses aren’t set up to meet international consumer laws. You might not get a tax invoice, you might have no way to dispute a charge, and your personal data could be stored in regions with weak privacy enforcement.

Then there’s the handling of your payment data. Because these companies rely on a patchwork of third-party tools, your card information and personal details can pass through several systems, some of which may lack proper encryption, oversight, or security certifications. That makes it easier for data to leak, and harder to figure out who’s responsible if it does.

Even basic fraud detection breaks down. You may have had your card declined for a completely normal purchase on a lesser-known website. That’s often because the system doesn’t understand your geography or spending habits. At the same time, it may let actual fraud through, since the filters aren’t tuned to global patterns.

And when something does go wrong, support is slow, often non-existent, and rarely local.

Some companies work around these limitations in ways that are even riskier. They may set up unofficial payment accounts or register in countries they don’t operate in, just to enable sales. That means your money might go to a third party you can’t trace, and if something goes wrong, you may have no protections at all.

As Goel puts it, “Especially digital-first businesses in India, Southeast Asia, and Eastern Europe are still forced to duct-tape together outdated payment gateways, half-baked tax tools, and clunky fraud systems that weren’t designed for scaling rapidly across borders. The result? Lost revenue. Failed checkouts. Endless compliance headaches.”

It’s a broken experience for businesses, and a risky one for the customers on the other end of the transaction.

A Different (Better) Way to Handle Payments

To solve this, some startups are turning to a newer approach called the Merchant of Record (MoR). In short, instead of managing payments, taxes, and compliance themselves, they rely on a licensed provider who handles everything end-to-end.

With this setup, the provider becomes the legal seller for each transaction, ensuring payments are processed securely, taxes are collected and remitted correctly, and local regulations are followed automatically. This results in more reliable payments, stronger protections, and faster support to the user, while removing the need for businesses to duct-tape together half a dozen tools just to make a sale.

This is the exact system that enables Dodo Payments to deliver over 90% payment success rates for international transactions, nearly double what some startups achieve with traditional systems. It’s not a magic bullet, but it does offer a more secure, scalable infrastructure for global commerce, one that reduces the risks for everyone involved.

What You Can Do to Stay Safe

As a customer, you don’t always know what payment stack a business is using. But there are signs to watch for.

If the checkout looks strange, loads from an unrelated site, or doesn’t offer your local currency or language, that’s a warning flag. So is the absence of a tax invoice, refund policy, or any clear way to contact support.

Whenever possible, use trusted payment methods like Apple Pay, Google Pay, or a credit card instead of wiring money or entering bank details. These services offer better fraud protection and allow you to dispute charges. If you’re unsure about a business, use a virtual or one-time-use card number, which many banks and apps now support.

And trust your instincts. If a transaction feels off — if your card is repeatedly declined, if there’s no mention of taxes, or if the payment process seems too complex — it’s okay to back out. A secure business should never make checkout feel like a gamble