Exclusive Interview with Brian Tobey, Head of Risk at Stripe
Stripe at a Glance: Global Payments Infrastructure Built for Scale
Stripe is a global financial technology company headquartered in San Francisco and Dublin, with major offices across North America, Europe, Asia-Pacific, and Latin America. The company operates a unified payments and financial services infrastructure designed for internet-first businesses, from startups to the world’s largest enterprises. Stripe supports card acquiring, local payment methods, recurring billing, embedded finance, and sophisticated risk and compliance tooling across more than 135 currencies.
Over the years, Stripe has positioned itself not just as a payment processor but as a full-stack financial platform. Its roadmap spans acquiring, issuing, treasury services, Open Banking, fraud prevention, and programmable financial infrastructure. Risk and compliance are core to this model, ensuring that Stripe can scale securely while supporting complex use cases across regulated markets.
Interview with Brian Tobey, Head of Risk at Stripe
As Head of Risk, what does your role at Stripe involve?
At Stripe, my role as Head of Risk focuses on building systems and teams that allow the platform to scale safely. This includes fraud prevention, credit risk, dispute management, AML, sanctions screening, and risk governance. The challenge is enabling growth while maintaining trust with regulators, partners, and users.
Can you share your professional background prior to joining Stripe?
Before joining Stripe, I worked across fintech and technology roles where data-driven risk decisioning was central. My background blends engineering, analytics, and operational risk, which aligns well with Stripe’s product-led approach to compliance and fraud management.
How does Stripe approach risk differently from traditional payment processors?
Stripe embeds risk controls directly into the product layer. Rather than relying on static rules, we use machine learning models trained on network-wide data. This allows us to adapt quickly to new fraud patterns while minimizing friction for legitimate transactions.
What role do licenses and regulatory structures play in Stripe’s risk framework?
Stripe operates under a mix of acquiring licenses, EMI and PI frameworks in Europe, and regulated partnerships globally. Our risk systems are designed to meet the highest regulatory standards across jurisdictions, including AML, KYC, and consumer protection requirements.
How does Stripe balance onboarding speed with compliance?
Fast onboarding is critical for our users, but it must be balanced with compliance. Stripe automates most KYB and KYC checks using real-time data sources, document verification, and risk scoring. Higher-risk cases are escalated for enhanced due diligence.
What products are most relevant from a risk perspective?
Products like Stripe Payments, Connect, Issuing, and Treasury all have distinct risk profiles. For example, marketplaces using Connect require sophisticated payout controls, while Issuing demands strong transaction monitoring. Stripe designs risk tooling specifically for each product.
How does Stripe handle fraud prevention at scale?
Radar is our core fraud prevention product. It leverages machine learning trained on billions of transactions across Stripe’s network. Merchants can also create custom rules and review workflows, combining automation with human oversight.
What is Stripe’s risk appetite?
Stripe supports a broad range of business models, but we are selective. Our risk appetite is clearly defined by sector, geography, and compliance requirements. High-risk activities require additional controls or may be restricted entirely.
How does Open Banking influence risk management?
Open Banking data enables better identity verification, account ownership checks, and payment authentication. Stripe uses these signals to reduce fraud and improve approval rates, particularly for bank-based payment methods.
What about SEPA Instant and real-time payments?
Real-time payments increase speed but reduce recovery options. Stripe applies stricter pre-transaction risk checks and monitoring for SEPA Instant and similar rails to mitigate these risks.
How does Stripe support global merchants with local compliance?
We abstract complexity for users. Stripe manages local regulatory requirements, payment method rules, and reporting obligations, allowing merchants to expand internationally without rebuilding their compliance stack.
How do APIs and webhooks support risk operations?
APIs and webhooks allow real-time risk signals, alerts, and decisioning. This is core to how Stripe integrates risk into merchant workflows and internal operations.
What is the typical onboarding timeline for new businesses?
Most businesses can be onboarded within minutes. More complex entities may require additional documentation, but Stripe aims to keep timelines predictable and transparent.
How does pricing relate to risk?
Pricing reflects payment methods, regions, and risk profiles. While Stripe doesn’t disclose granular risk pricing, higher-risk use cases may involve additional fees or reserves.
How does Stripe compare to competitors like Adyen or Checkout.com?
Stripe differentiates itself through developer-first design, deep APIs, and integrated risk tooling. While others focus heavily on enterprise acquiring, Stripe serves both startups and large platforms with the same infrastructure.
What are the next priorities for risk at Stripe?
We’re investing in more explainable AI, better controls for new payment methods, and expanded compliance tooling for embedded finance. Risk must evolve alongside product innovation.
How do you see the future of payments risk?
Risk will become more proactive and predictive. Stripe is building systems that prevent issues before they impact users, rather than reacting after the fact.
Any advice for platforms building their own risk strategy?
Design risk into the product from day one. Stripe’s experience shows that scalable growth depends on risk being a core capability, not an afterthought.
Competitors
FAQ
Is Stripe a bank?
No. Stripe operates as a payment institution, EMI, and acquiring platform, working with licensed banking partners where required.
Does Stripe support high-risk businesses?
Some high-risk sectors are supported with enhanced controls, while others may be restricted depending on regulatory and risk considerations.
Does Stripe offer SEPA Instant?
Yes, Stripe supports SEPA Instant in eligible regions with appropriate risk controls.
Related Searches
Stripe risk management, Stripe fraud prevention, Brian Tobey Stripe, Stripe AML compliance, Stripe payments infrastructure
