The AI Exchange: Innovators in Payment Security Featuring Dreamplug Technologies Private Limited (CRED)
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
In this edition of The AI Exchange, Dreamplug Technologies Private Limited (CRED) CISO, Himanshu Kumar Das, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security.
How have you most recently incorporated artificial intelligence within your organization?
CRED has been incorporating artificial intelligence to enhance risk detection, improve operational efficiency, and strengthen user experience across its platform. More recently, we have focused on applying AI and machine learning models to support fraud detection, anomaly identification, and intelligent decisioning in payments. These capabilities are designed to complement existing security controls, enabling more adaptive and responsive approaches to protecting user accounts and payment data.
What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent?
The increased use of AI has enabled a shift toward more real-time and data-driven decision-making across the organization. In the context of payment security, this has improved our ability to identify patterns, detect anomalies, and respond to potential threats with greater speed and precision. Additionally, AI adoption has encouraged stronger cross-functional collaboration between engineering, risk, and security teams to ensure models are implemented responsibly and effectively.
How do you see AI evolving or impacting payment security in the future?
AI is expected to play an increasingly important role in strengthening payment security by enabling more proactive and adaptive defense mechanisms. As threat actors adopt more sophisticated techniques, AI can support continuous monitoring, behavioral analysis, and automated response capabilities. At the same time, its evolution will require a balanced approach that emphasizes transparency, governance, and alignment with established security standards to ensure trust and reliability within the payment ecosystem.
What potential risks should organizations consider as AI becomes more integrated into payment security?
Organizations should consider several risks as AI adoption increases, including model bias, lack of explainability, and over-reliance on automated decision-making. Adversarial use of AI by threat actors is also an emerging concern, particularly in areas such as social engineering and fraud. In addition, safeguarding sensitive data used to train and operate AI systems remains critical. Strong governance, validation processes, and alignment with established security frameworks are essential to mitigating these risks.
What advice would you provide for an organization just starting their journey into using AI?
Organizations should begin with clearly defined use cases that align with their security and business objectives. It is important to establish strong data governance practices, ensure transparency in model development, and implement robust testing and validation processes. AI should be integrated as a complement to existing controls rather than a replacement. Engaging with industry standards bodies such as the PCI Security Standards Council can also help organizations align their AI initiatives with broader security best practices.
What AI trend (not limited to payments) are you most excited about?
We are particularly interested in the advancement of explainable AI and its potential to improve transparency and trust in automated decision-making. Additionally, the development of privacy-enhancing technologies, such as federated learning and secure multiparty computation, offers promising opportunities to leverage data while minimizing exposure. These trends have the potential to support more secure, collaborative, and privacy-conscious innovation across industries.
