Go global with safety and compliance to accelerate business growth | 2025 Global Expansion Conference

On July 25th, guided by the Department of Commerce of Zhejiang Province, the Secretariat of the China Cooperation Center for Special Economic Zones of BRICS countries, the Hangzhou Bureau of Commerce, and the Qiantang District Bureau of Commerce, and jointly hosted by 36Kr and Qiantang Construction Group, the 2025 "From 'Ingenuity' to the 'World'" Overseas Expansion Conference will grandly kick off at the Grand Mercure Hangzhou Qiantang. As a brand - new IP event of 36Kr focusing on the fields of globalization and overseas expansion, the conference will set up a main venue and a sub - venue, the "Invest in BRICS" - Country - Specific Cooperation Matchmaking Meeting. The main venue of the conference will be divided into two chapters: "Finding Certainty in Uncertainty" and "Doing Business Globally", focusing on popular overseas expansion fields such as consumption, technology, e - commerce, finance, and new energy. It will cover more than 10 keynote speeches, 5 round - table discussions, and the release of the East Forward 2025 Overseas Globalization Innovation List, decoding the certain logic of the coordinated growth of "product - technology - ecosystem" and providing a referable global development path for enterprises to break through the fog of globalization and build sustainable overseas expansion capabilities.

On that day, Celia, the cross - border business leader of TrustDecision, will bring a theme sharing titled "Expand Overseas Securely and Compliantly to Accelerate Business Growth".

The following is the content of the speech, edited by 36Kr:

Celia: Thank you, host. Thank you for the invitation from 36Kr. I'm Celia, the cross - border business leader from TrustDecision. The theme I'm going to share with you today is "Expand Overseas Securely and Compliantly to Promote Business Growth". I noticed that the teacher from PwC talked about compliance and risks before. My topic today focuses more on e - commerce, especially how overseas expansion customers of e - commerce who operate independent websites or build independent websites on some website - building platforms should face and deal with risks.

Let me briefly introduce TrustDecision. TrustDecision is a professional global intelligent service provider for risk decision - making. With its excellent transaction anti - fraud, credit compliance, software, and SaaS products, it has now served more than 1,000 customers. TrustDecision is headquartered in Singapore and has set up local offices in other countries and regions such as Indonesia, the Philippines, Malaysia, and the UAE, with local operating staff.

When it comes to online business, since we are engaged in overseas expansion business, payment risks are inevitable in e - commerce. From some payment data, we can see this report released by MRC this year. The report shows that in terms of payment methods, the payment habits of overseas users are different from those of domestic users. I believe those who are engaged in overseas expansion business must be aware of this. In China, we mainly use QR code scanning, whether it's WeChat Pay or Alipay. Overseas, users more often use credit cards, bank transfers, or local wallets for payment. So the risks are completely different from those of WeChat Pay and Alipay in China, and the risks are much higher. According to the data, from one - party payment to card testing and proxy ordering, the trend has declined according to the latest report. However, this decline is based on the rapid growth of one - party payment in the previous two years, and it has decreased this year. But this is data analysis based on the survey of the report. According to the data from the interviewees, 98% of enterprises have suffered from fraud risks.

Where do these risks come from in terms of countries, regions, and types? Let's look at the data on the right. The risks vary in different countries and regions. For example, in North America, the biggest risk comes from online real - time payment fraud; in Europe, it's phishing; in the Asia - Pacific or Latin America, policy abuse or refund risks are higher. From other data, small and medium - sized enterprises, especially in real - time payment, are more likely to be attacked by black - hat hackers because when they first start overseas business or online credit card receiving business, they may not be good at risk control. So they are more likely to encounter payment fraud risks. However, large enterprises also become targets for black - hat hackers because of their brand influence. So there are such data manifestations in the fraud trend.

In addition to fraud data, let's look at regulations. Our overseas business, especially cross - border online payment business, not only suffers from payment fraud losses. In fact, various payment regulatory institutions, including acquirers, issuing banks, and even card associations, will monitor the performance of our online business. Especially since this year, VISA has introduced a VAMP policy, tightening policies on our entire online fraud risk and even the entire chargeback risk. Previously, the risks were mainly controlled at the merchant end. This year's policy change requires stricter control of merchants from the acquirer or bank end. So in terms of indicators, we can see that the data has been tightened. In terms of types, previously, fraud and total disputes were viewed separately. From now on, they will be viewed together, which means that the probability of merchants touching the red line may be greater.

As mentioned earlier, we suffer from fraud losses and are subject to penalties or regulations from regulatory institutions. Why do online fraud problems occur? If we look at the pictures on the right, these are actually tools used by black - hat hackers for cheating. In China, we may feel it most deeply. Why can't we grab red envelopes or popular products during the 618 shopping festival or big promotions, while black - hat hackers can? Why can scalpers grab concert tickets while we can't? It's because they have automated tools, which are much more efficient than us clicking one by one. Moreover, they have formed their own studios. The black - hat hackers will rent these studios to the business with the highest profit. For example, if there are several very popular concerts this year, the black - hat hackers will flock to them. Or if an e - commerce product, whether it's domestic or overseas, sells very well, it becomes a hot target for scalpers. The same goes for payment fraud. In the entire payment chain, it starts from the leakage of card information, then to trading, then to card testing, and finally to application and monetization. These cheating behaviors of black - hat hackers bring risks to our merchants, and these losses have to be borne by overseas expansion merchants or e - commerce platforms.

Especially for enterprises that are just starting overseas online business, we need to carry out basic risk management. However, some bosses with weaker awareness may have a natural resistance to risk control, thinking that risk control is a cost center. Whether it's using technical means, purchasing data, or using manual review, it's all about cost. Some people also think that risk control hinders their business. They spend a lot of effort on advertising to attract users, but then the risk control blocks the users or the transaction is refunded, and all their previous efforts are in vain. But is this really the case? In fact, good risk control can promote business growth. First of all, what does risk control do? Risk control helps enterprises reduce fraud risks and losses, so it definitely helps enterprises make profits. Secondly, good risk control can bring good customers, good customer experiences, and upstream and downstream suppliers or partners will think that we have good risk management measures, which will also bring more business to us.

These concepts are a bit broad. Let me give you two examples to show how risk control can help enterprises reduce costs and increase efficiency.

This is an e - commerce platform. During their global overseas expansion, to expand overseas business, they need to attract more buyers through marketing. They need buyers to register, purchase, and make payments on the platform. They carried out many marketing activities and spent a lot of marketing expenses. The marketing methods are diverse. Whether it's the 618 or Double 11 shopping festivals in China, the marketing methods of domestic e - commerce are also diverse. Overseas, it seems not so fancy. Maybe foreigners are not as flexible in calculation as we are. For example, new users can get red envelopes when registering on the e - commerce platform. This customer carried out a series of marketing activities for new user registration, user referral, and old user retention. However, they found a problem: after spending a lot of marketing expenses, the black - hat hackers took advantage of it. They spent money on marketing every day, but couldn't achieve real customer conversion.

What should we do at this time? We need to position users through user portraits. For example, if a marketing activity is only launched in North America, users from other regions can't take advantage of it. Secondly, we make risk judgments based on terminal devices. What are terminal devices? When we looked at the cheating tools used by black - hat hackers, we found that they install many cheating software on mobile phones. At this time, one mobile phone can be disguised as many users or different identities, bypassing our risk monitoring. So we need to make judgments based on terminal risks. Thirdly, the operation behaviors of robots are different from those of normal users, and the activity behavior patterns of associated accounts are also fundamentally different. So we identify abnormal transactions and false registrations based on various dimensions, combining user behaviors and device environments.

We can see that in a short period, an average fraud team can generate 30 times more fraud accounts. Looking at the map around, the larger the circle, the larger the fraud gang. So good risk control can help enterprises attract more customers and achieve better conversion during marketing activities. This is a marketing case.

A payment case. I guess in the process of doing online business, especially overseas business, many use email policies. This is different from China, where we use mobile phone numbers to register and receive verification codes. Email registration is very common overseas. This customer is a cross - border e - commerce enterprise expanding to the Middle East. When they first started, they found a large number of fake emails that looked similar. After the black - hat hackers registered users with these fake emails, they used stolen credit cards to make purchases and operate on the platform, which led to a large number of real cardholders initiating chargebacks. Why do I say that overseas buyers are different from domestic users? Overseas buyers can withdraw their money within about 180 days after payment. So after they pay with fake cards, they withdraw the money, causing a lot of losses to the platform. At this time, our risk control comes into play. Through user behavior analysis, optimization of the payment chain, and combination with the 3DS verification of the card association, our final risk control effect has reduced the fraud rate from the initial 0.8% to 0.2%. At the same time, the payment success rate has increased from 87% to 95%. We can also calculate, for example, using the GMV of our own platform, how much GMV revenue can be brought by a 1% increase in the payment success rate. This can be calculated through ROI.

Through these two examples, we can see what to do if overseas expansion enterprises encounter a series of risks. The first is Gap scanning, which is risk assessment. Based on the best industry risks at present, we identify what risks and loopholes there are and how to make up for them as soon as possible. Secondly, through the construction of a standardized and programmatic internal system, document generation, and handling of operational policies, we continuously optimize the overall risk management measures of the platform. Finally, we establish a risk management corporate culture within the enterprise, making risk management the red line of the enterprise. If both the front - end and the back - end have this awareness, the overall risk management will be established.

When it comes to risk control, how should we do it? Based on different enterprises at different development stages, we call this risk control "Lego - style" management. We should not wait until the risk occurs and then deal with it afterwards because at that time, the risk has already happened. So we should try our best to do real - time risk management. Real - time decision - making and near - real - time risk retrieval are the best assistants to help enterprises stop losses in time. Finally, we need to combine it with the enterprise's operation. The operation department should add these risks to the blacklist in time to prevent them from happening again and issue some warnings. In this way, the overall risk management will be established.

That's all for today's sharing. If you encounter risks in account marketing during overseas expansion, welcome to contact us. We can provide one - on - one diagnosis to see what functions or products your enterprise needs to solve the overseas payment and marketing risk problems you encounter.

Thank you all!