Pushpendra Mehta, Executive Writer at CTMfile.com and host of the OpenTreasury Podcast, interviewed Dr. Buddha Nepal, Head of Security at Boost Payment Solutions, Inc.*

The interview has been lightly edited for clarity and length.

This interview focuses on the evolving fraud and data security landscape in B2B payments, examining how threats are becoming more sophisticated, where organizations commonly have blind spots, and how artificial intelligence (AI) is reshaping both offence and defence. It reinforces why security must be treated as a strategic enabler, not merely a compliance obligation, and highlights how Boost approaches security proactively and holistically to stay ahead of emerging threats.

Buddha Nepal serves as the Head of Security at Boost Payment Solutions, where he leads the strategic development of the company's global enterprise security program. He is responsible for building and scaling the infrastructure needed to protect the company's digital assets and ensure the long-term resilience of its technical operations. Dr. Nepal holds a Doctor of Engineering (D.Eng.) in Cybersecurity Analytics from The George Washington University, with a research focus on Decentralized Federated Learning and advanced cyber threat detection. He is currently an Executive MBA candidate at the Duke University Fuqua School of Business (Class of 2026).

 

Dr. Nepal, what is the current state of fraud and data security in B2B payments, and what trends are emerging?

Fraud in B2B payments is no longer a back-office nuisance. It has become a strategic threat and is evolving more rapidly than many organizations can keep pace with. With trillions of dollars flowing through increasingly digital channels, the stakes are high, and a single breach can ripple through supply chains, disrupt working capital, and erode hard-earned trust and goodwill.

The short answer is that it's getting harder. Fraudsters have industrialized their operations, running them with the sophistication of legitimate businesses. They outsource tasks, share playbooks, and scale campaigns across borders. Businesses are accelerating digitization and shifting away from paper checks and manual invoicing toward seamless electronic payments. That efficiency comes with an expanded attack surface.

One notable trend is the use of supply chain infiltration. Instead of attacking a large company directly, fraudsters compromise a smaller vendor or service provider and use that trusted relationship to launch highly convincing payment diversion schemes. Another is the rise of deepfake-enabled social engineering, where audio and video manipulation makes it harder to verify identities in real time.

In this environment, static controls and one-off audits simply can't keep pace. Security has to be dynamic, adaptive, and deeply integrated into payment processes.

How is AI influencing the way companies approach fraud prevention?

AI has changed the conversation in two ways. On the defensive side, machine learning models can sift through millions of transactions in real time, spotting outliers too subtle for humans to detect. This shifts the posture from reactive investigation to predictive prevention. Done well, AI enables companies to intervene before funds leave the system.

But fraudsters are also embracing AI. Synthetic identity fraud, where algorithms stitch together fragments of real and fabricated data to create "people" who can pass KYC checks, is on the rise. Generative AI is also powering adaptive phishing campaigns, where fraudulent messages learn from failed attempts and refine themselves until they succeed.

The risk is falling into an AI arms race, where both sides continuously escalate. That's why the companies seeing the best results are blending human expertise with machine intelligence. Algorithms provide the scale and speed; humans supply the context and judgment.

What are the common blind spots in how companies are approaching security and risk management?

Many firms still treat security as a compliance exercise, a set of boxes to tick rather than a strategy to build resilience. That mindset creates a dangerous blind spot. As such compliance is becoming a ceiling, instead of a floor. Meeting PCI DSS or SOC 2 standards is necessary, but attackers don't respect compliance boundaries, so our security programme must be more than meeting the compliance requirements.

Secondly, people are still the forgotten layer and as such employees remain the most common entry point for fraud. Training is often cursory, despite the fact that one misplaced click can undo millions in security investments.

And finally, third-party exposure is another one of those blind spots. Payment networks are only as strong as their weakest supplier or service provider. Companies underestimate how quickly a compromise in their ecosystem can cascade. It's a balance sheet issue as much as a technical one. A single fraud event can trigger liquidity shortfalls, delayed settlements, and even reputational contagion effects that can spread beyond the initial victim.

Dr. Nepal, what would make the biggest difference in helping the industry stay ahead of threats?

No company can win this fight alone. Fraudsters freely share tools and intelligence across networks; defenders need to do the same.

A few changes that could shift the balance are: move towards industry-wide information sharing. Too often, companies treat fraud incidents as reputational risks to be concealed. Even if that is the case, I believe sharing patterns and attack vectors in near real time would benefit everyone.

There are many privacy-preserving technologies that can be leveraged to share this information. One example of that is Federated learning (FL) models. FL models can be leveraged to train AI systems on data pooled (in privacy-preserving ways) from across institutions, which could spot fraud trends earlier than siloed models ever could.

Finally, I think we need a cultural reset. Security must be seen not as a cost center, but as a strategic enabler of trust. Firms that build security into their DNA will outpace those that see it as an afterthought. The bottom line is that resilience comes from collaboration and mindset change and not just technology.

How is Boost Payment Solutions staying proactive against these threats?

At Boost Payment Solutions, security isn't an add-on; it's woven into our business model. Our every transaction goes through multi-layered validation and review processes which are designed to meet not only compliance standards but to anticipate attacker behaviour and identify fraud.

This combination of process rigour and proactive controls has enabled Boost to maintain a rare distinction in the industry with a track record of zero fraud. We don't see security as a "checklist function." Instead, it is treated as a competitive differentiator and way for us to give our clients confidence that their payments are protected from both today's threats and tomorrow's unknowns. As we continuously refine our defences and learning, Boost demonstrates that proactive security is not just possible, but sustainable.

Dr. Nepal, thank you for taking the time to share your thoughtful perspectives with us.

 

*About Boost Payment Solutions

Boost Payment Solutions is the global leader in B2B payments with a technology platform that seamlessly serves the needs of today’s commercial trading partners. Our proprietary solutions eliminate friction and deliver process efficiency, data insights and revenue optimization. Boost was founded in 2009 and operates in 180+ countries.