Welcome to the third episode of Fwdays Tech Talks!

In today’s podcast, our regular speakers — Inna Ivashchuk and Kyrylo Melnychuk — are joined by special guest Maryna Rybalko to talk about payment security in practice, from collecting and storing card data to PCI DSS compliance, tokenization, and real-world fraud threats. They also explore why human error and social engineering remain some of the biggest risks — and how AI-driven scams are changing the security landscape

What you should subscribe to:

– More interesting content for developers: https://fwdays.com/en/events

– Fwdays Twitter: https://twitter.com/fwdays

– Inna’s LinkedIn: https://www.linkedin.com/in/inna-ivashchuk/

– Kyrylo’s LinkedIn: https://www.linkedin.com/in/kyrylo-melnychuk/

– Maryna’s LinkedIn: https://www.linkedin.com/in/maryna-rybalko-0a7721158/?originalSubdomain=uk

Timestamps:

00:00 - Intro

01:41 - What should tech people really know about collecting and storing card details?

03:43 - Any interesting real-life insights from designing secure payment solutions?

07:43 - Why is PCI DSS such a big deal, and what does the compliance process actually look like?

10:59 - Once card data is collected, how is it protected in real payment architectures?

17:19 - How does tokenization help reduce exposure of sensitive card information?

20:56 - Which country’s regulation or standard was the toughest to implement?

26:28 - Tokenization vs storing card data: what’s allowed and why (PCI context)

34:04 - What types of attacks are most common in payment systems?

39:02 - What happens when a scam or fraudulent payment occurs, and who is responsible?

44:24 - How can companies protect themselves from payment fraud and abuse?

48:47- Why do so many security breaches still come down to human error?

52:13 - How are social engineering attacks planned, and how can employees be trained to stop them?

01:02:30 - Final advice on building secure products from day one

01:04:42 - Don’t forget to subscribe and like!