Paddle, a merchant of record (MoR) for digital product companies, has raised $25 million. The funding round, led by CIBC Innovation Banking, will help finance Paddle’s ongoing global expansion and product growth. As an MoR, Paddle handles payments, sales tax, refunds, fraud, and compliance for more than 6,000 Software-as-a-Service (SaaS), AI and App companies, “replacing the need for a complex and fragmented payment technology stack.” The company says it helps those businesses scale faster by lowering operational hurdles and helping them enter new markets faster. “In an ever-connected world, it’s important that digital product companies can receive payment from customers in any location without the hassle of navigating multiple payment processes in different geographies,” Sean Duffy, managing director of CIBC Innovation Banking, U.K. and Europe, said. The funding comes at a pivotal moment for the company, with Paddle experiencing rapid growth in 2025 thanks to both the growth in new AI products, and the opening up of Apple’s app ecosystem to web payments.
PCI DSS new rules for ecommerce sector requires employing targeted risk analysis to address the growing threat of client-side attacks and implement API and payment script security, rapid detection and response to compromised credentials, and regular vulnerability scans
The Payment Card Industry Data Security Standard (PCI DSS) has expanded its guidance to include numerous security controls for retailers and e-commerce providers. These controls include payment script security, API protection, rapid detection and response to compromised credentials, and regular vulnerability scans. Client-side attacks, such as infostealers and malware, can harvest user credentials and be used for account takeovers and fraud. Web application firewalls (WAFs) are still a strategic security control, but the speed of modern application development requires additional capabilities to dynamically detect and automatically protect endpoints. Attackers constantly retool to bypass defenses, pivoting from web apps to mobile apps or escalating their tactics. The updated PCI DSS includes recommendations for employing targeted risk analysis versus traditional enterprise-wide risk assessments. It addresses the growing threat of client-side attacks with two client-side requirements effective March 31, 2025. Content security policies (CSPs) and subresource integrity (SRI) web methods are difficult to implement and maintain, especially in the e-commerce sector where competition for customer mindshare is driving continuous enhancements to digital experiences. Customers expect seamless and secure transactions, and widely used security controls may not adequately extend protections to client browsers or backend APIs. Bot management solutions that inject user challenges via Captcha are ineffective at deterring sophisticated bots but are effective at frustrating users. To meet PCI DSS compliance mandates, e-commerce providers should consider unified security platforms designed to protect web apps, APIs, and customers throughout the digital life cycle from actual threats targeting their industry.
PayPal-Venmo adds scam detection to friends and family payments scams that originate on social media with alerts can learn and adapt to scam tactics as they evolve
PayPal has introduced a scam prevention tool for PayPal and Venmo Friends and Family payments. Designed to proactively alert customers to potential scams and prevent losses in real-time, the alerts intervene when it matters most — before any funds are sent. “As scammers attempt to coerce people into sending payments that may not be eligible for refunds, including scams that originate on social media, we believe putting more information directly into customers’ hands will empower them to help stop scams in their tracks.” The system was designed to provide fraud mitigation and an improved user experience. The alerts appear when the system detects a possible scam, sharing information about the likelihood of fraud at the point of payments. The alerts can learn and adapt to scam tactics as they evolve, employing AI models that analyze billions of data points and update when patterns change. “This means our system can help more quickly detect a potential new scam, even if we have never seen that specific scam before,” PayPal said.
Coinbase lets mobile wallet users buy crypto with Samsung Pay
Coinbase says its North American app customers can now purchase cryptocurrency with Samsung Pay. “With just a few taps, eligible users can move from interest to action – without needing to switch apps or re-enter payment information,” the company wrote on its blog. “This new integration brings together the convenience of Samsung’s trusted mobile wallet with Coinbase’s secure and intuitive platform, unlocking a smoother path to crypto for millions of mobile users across North America. Whether you’re diving in or doubling down, Samsung Pay makes buying crypto feel as easy as tapping to pay.” Samsung Pay will begin rolling out as a payment and deposit option inside the Coinbase app for users in the United States and Canada, with plans to expand to additional geographies in the near future.
ACH Same Day payments volume rises 15% during the second quarter compared to last year to 336.4 million; payments value increases 22% on year-on-year basis to $980.3 billion
The ACH Network says it has seen “significant” gains in same-day payments since last year. Those transactions were up 15% during the second quarter compared to last year, helping drive overall growth of 5%. “The continued robust growth of Same Day ACH shows how it is serving payments use cases for consumers, businesses, government agencies and other organizations,” Jane Larimer, president and CEO of Nacha, which operates the ACH network, said. In all, ACH Network growth continued during the quarter, with 8.7 billion payments valued at $23.3 trillion, respective increases of 5% and 7.9% year over year. The network saw 336.4 million same-day payments, moving $980.3 billion in value, up 15% and 22% respectively. During the first half of this year, Same Day ACH handled 662.4 million payments valued at almost $1.9 trillion. “Business-to-business ACH volume grew apace, with more than 2 billion payments, up 10.6% from the same period in 2024.” “Claim payments to healthcare providers grew by 9.9% to 138.2 million payments.”
Mastercard’s new A2A Protect will deliver an industry-wide standardised Authorised Push Payment fraud and loss reporting mechanism alongside a simple framework and set of multilateral standards addressing transactional and fraud protection issues
Mastercard is rolling out A2A Protect in the UK, a new service designed to help banks protect consumers from account-to-account payment fraud and resolve disputes. Mastercard A2A Protect will initially focus on the most acute needs, such as Authorised Push Payment fraud, providing a combination of preventative measures, consumer protections and a process to recover funds. Subsequent phases will establish a process for recovering funds across a broader range of scenarios, including where goods and services have been paid for. In the UK last year £592 million was lost to Account-to-Account fraud. The Payment Systems Regulator has also taken steps to address the concern, introducing a 50:50 liability model for APP fraud. Mastercard says A2A Protect will deliver an industry-wide standardised fraud and loss reporting mechanism alongside a simple framework and set of multilateral standards addressing transactional and fraud protection issues, as well as goods and services protection issues, where relevant for consumers. The product also features a uniform procedure for banks to resolve disputes and recover funds, across multiple use cases via Mastercard’s existing centralised platform. Jorn Lambert, chief product officer at Mastercard said “It lowers operational costs for financial institutions through standardised real-time fraud insights and streamlined dispute resolution, and all participants benefit from quicker and more predictable outcomes.”
Clover’s solution for SMB healthcare providers streamlines the payment journey from end to end by offering financing options, recurring billing, text-to-pay, QR codes, and online payment portals through a unified platform
Clover has announced Clover PracticePay™, an all-in-one payments platform designed specifically to support small and medium-sized healthcare providers. Developed in partnership with Rectangle Health, Clover PracticePay™ simplifies the way healthcare practices manage payments and enhance practice efficiencies, offering the digital tools that providers and patients expect. Powered by Rectangle Health’s trusted Practice Management Bridge® technology and Clover’s hardware and value-added services, the Clover PracticePay™ solution is designed to comply with HIPAA and PCI requirements and enables providers to streamline the payment journey from end to end. Key features include financing options, recurring billing, text-to-pay, QR codes, and online payment portals, all available through a branded Clover dashboard that works alongside a provider’s practice management software. Clover PracticePay™ will provide a powerful tool for a wide range of providers, including primary care, dental services, behavioral health, and more. The solution is slated to launch in early 2026.
Startup Due’s embeddable API enables FinTechs to access, send, receive, and settle global fiat and stablecoin transactions in real-time in 80+ markets with a single integration
Due, a borderless payment startup, has raised €6.3 million to launch its new API platform, enabling businesses to access stablecoin payments as blockchain technology reshapes global finance. The round was led by Speedinvest, Semantic, Fabric Ventures, Strobe Ventures, Polymorphic Capital, and other investors. Due empowers businesses with a seamless borderless account, allowing them to send and receive funds directly between local and foreign fiat currencies and stablecoins. The company offers an embeddable API designed for FinTech companies, allowing them to access, send, receive, and settle global fiat and stablecoin transactions with a single integration. Due offers real-time FX and settlement in 80+ markets with a single integration, stitching together local payment rails, liquidity markets, and blockchain networks into one unified infrastructure. Over 500 companies use Due to move money globally, including Rainforest Builder, regional neobanks, Extended, Mexico-based importers, Neverless, and Ledn. The fresh capital will be used to extend and scale Due’s Global Stablecoin APIs, enabling faster, broader access to real-time settlement infrastructure. Due aims to increase its coverage to over 100 countries in terms of payments rails and currencies by the end of the year.
WEX’s AI tool helps people get faster reimbursements from their flexible spending accounts (FSAs) by automating steps like checking receipts, pre-filling claim forms, approving eligible claims for reimbursement and verifying documents in real-time
WEX has debuted a tool designed to help people get faster reimbursements from their flexible spending accounts (FSAs). The AI-powered tool is designed to reduce busywork by automating steps like checking receipts, pre-filling claim forms and approving eligible claims for reimbursement. By building smarter tools that automate the most frustrating parts of the process, we’re helping our partners offer a faster, more modern experience without adding extra burden to their teams. The tool includes document verification that informs consumers in real time when information is missing, as well as smart form completion that pre-fills key fields to cut down on manual errors. This new claims tool tackles the most common reasons for denials, like missing documentation or ineligible expenses and gives users a more predictable, seamless experience from start to finish
Mastercard’s new service to offer enhanced protection against APP fraud through AI-powered real-time transaction scoring to identify more high-risk transactions and by harnessing AI and network data insights to identify and close ‘mule’ account
To support banks and deliver the payment protection consumers expect, Mastercard unveils Mastercard A2A Protect, a new global service launching first in the UK. By combining cutting-edge fraud prevention technology and a new clear dispute resolution framework, Mastercard A2A Protect will enable banks to provide consumers with the appropriate levels of protection against fraudsters. Mastercard A2A Protect will initially focus on the most acute needs, such as Authorised Push Payment fraud, providing a combination of preventative measures, consumer protections and a process to recover funds. Subsequent phases will establish a process for recovering funds across a broader range of scenarios, including where goods and services have been paid for. Ultimately, the service intends to support participating bank customers before, during, and after each transaction, by: Preventing fraud: 1. Enhancing CFR’s transaction scoring capabilities and helping to identify more high-risk transactions, complementing banks’ own efforts 2. Leveraging Trace, a Mastercard solution which harnesses AI and network data insights to prevent money laundering and financial crime, and supports banks to identify and close ‘mule’ accounts 3. Delivering an industry-wide standardised fraud and loss reporting mechanism, which will provide banks with richer fraud insights Protecting consumers: 4. Providing banks with a simple framework and comprehensive set of multilateral standards to drive best practice and safeguard consumers. Efficiently addressing transactional and fraud protection issues, as well as goods and services protection issues, where relevant for consumers. Recovery of funds: 5. Introducing a uniform procedure for banks to resolve disputes and recover funds, across multiple use cases via Mastercard’s existing centralised platform, reducing costs and speeding up resolution