About Melody: Melody is Product Manager Business Intelligence at Adyen. She and her team facilitate a large team of data analysts and data end users throughout the organisation. Melody will be speaking at the DDMA Digital Analytics Summit 2022 on October 13. Tickets available at: digitalanalyticssummit.nl/tickets
Different layers of security
Currently, a large part of the world has made a payment though Adyen. Accordingly, some would say Adyen has a lot of sensitive data about pretty much everyone. It’s good to know though, that all that data is not Adyen’s, but of the merchants they service, Melody claims: ‘We’re just there to process the data and keep it safe. We use it internally to improve our processes and report to regulatory institutions, but that’s it. But naturally, because we process massive amounts of sensitive data, we do everything in our power to prevent any breaches. And if there’s a breach, that data is always tokenized or hashed.
Other than that, we always work with hashed payment references. Also, a lot of data is aggregated, not only because of privacy considerations but also because of the sheer amount of data we’re processing. When data gets into Looker we add another layer of security, all to make sure that nobody within Adyen can get access to data they should not be able to. Finally, everybody within Adyen is considered a security officer. Everybody should always ask themselves if the data they have is really necessary for what they do and what they’re aiming to do.’
This mindset has been there from Adyen’s beginning, Melody says: ‘As you can imagine, for us, data about online marketing, Google Analytics, or the tracking on our website is not as important for us as it is for e-commerce companies. From the beginning, we started with much more sensitive data. The data we added after we treated with the same regime. We consider all data as valuable, but it is not equally as sensitive. But because we already possessed that mindset we decided to treat all data in the same way.’
Fraud and regulations
There are differences in what is allowed in the treatment of data across the world, for instance between the US and the EU. And because Adyen is active all around the world, they take local regulations very seriously; they have offices all around the world, with local expertise. Naturally, this impacts Adyen’s local services. Melody: ‘We have products which you could use for commercial purposes in some parts of the world, but not in others because of regulations. Consent regulations, for instance, can be very different. But in some cases, consent is not always needed. Obviously this is the case when it comes to chargeback data coming from fraudulent transactions. There’s a lot more possible dealing with these cases than for commercial reasons. We’re actually obliged to report suspicious transactions to the Financial Intelligence Unit (FIU).’
At Adyen, there are a lot of measures in place to discover suspicious activity. Melody: ‘If there is a suspicious transaction, we flag it and, if required, we pass it on to the authorities. But we do this not only on a transactional basis. Sometimes transactions only become suspicious in context. For instance, at Chanel, a 50K transaction seems normal. If you do it 20 times in a row though, it might not be normal.’
On-premise software as a USP
Looker is Adyen’s data modelling and data visualization tool. Adyen currently has around 200 developers at least partially working on creating models and data visualization in Looker, Melody explains: ‘Part of the reason we chose Looker is that we try to run as much as possible on-premise and open source. Also, when it comes to functionalities Looker has a very good way of managing permission and consent. Essentially every data visualisation is possible, but whether you can see it depends on the data you’re allowed to see.’
The main reason for the choice of on-premise software is not arbitrary. Of course, it drives performance, but it was also chosen because of privacy and security reasons. The choice is in line with all of Adyen’s other on-premise activities, Melody Barlage explains: ‘Before merchants started working with cloud services, our on-premise way of working was actually one of our unique selling points. We could tell merchants we keep all their data to ourselves. Nowadays merchants use cloud services fervently, so we’ll have to see how this approach will develop in the future.’
Tools, processes and guidelines are context-driven
At Adyen, they work with immense amounts of data. Naturally, they’ve built an appropriate tech stack to handle this data, Melody explains: ‘To some extent, we are bound to certain tools, like the Hadoop Spark framework. It does an awesome job of storing massive amounts of data. We also work with Trino.io, a query-on-everything type of engine, which will be our new connector between Spark and Looker. We also increasingly make use of Druid, a database of sorts, which allows inflexible, but super rapid querying. Still, you have to keep in mind that our stack build-up is all context-driven. Your tech set-up really depends on your company. Eventually, everything comes down to making sure that everybody can find the right data they need to do their job and that data is of good quality. With currently 2500 employees, we’re still in the process of professionalising this by imposing more and more rules.’
Adyen’s 20X mindset
Adyen’s developers know that the work they’re doing is very delicate. After all, they don’t want transactions to fail, Melody notes. ‘This is the reason why our developers consider it normal to strictly follow our guidelines, to make sure products are sustainable.
Some might point out that it would be hard to strive for future goals when one is this careful in their company practice like Adyen. Still, according to Melody, they aim high: ‘In our team, I want to achieve a 20X mindset, in which we ask ourselves continuously how we want to work if we have 20 times more developers, or 20 times more the merchants, et cetera. How do we make sure we have a user-friendly environment for everybody in the organisation with everything 20 times more than we currently have?
The presence of this mindset varies from team to team. We manage it by having teams like mine, which have a central overview. But more importantly, it is the futuristic thinking that is embedded in our company that pushes this. If someone finds something important, they can take ownership and do it, no matter where they’re coming from. If they have a good story, they can go ahead and do it. There’s a lot of freedom.’
Making tech work is easy, making people work together is the challenge
Some people say that making technology work is easy. Yes, it requires a lot of work, but in the end, organisations always manage it. It’s the people and how they work together that often forms the challenge. A lot of organisations struggle with this, Melody claims: ‘Especially in large enterprises, where discussions about the centralisation or decentralisation of teams come up regularly, this is the case, also at Adyen at a certain point, we had so many data people that we decided to decentralize them.
But as I said before, it also comes down to what works for your organisation. It certainly has to do with the number of people, but also with what kind of data you work with. What is also important: you have to adjust and learn. The upside for us is because we’re quite flexible, that we’re not that scared to completely move things around.’
On October 13 Melody will speak at the DDMA Digital Analytics Summit in Amsterdam. She will give you a taste of how Adyen uses data. She will provide some practical examples and elaborate on how they have organised these and how they’ve made them work. She’ll touch on it a tiny bit from a technical perspective, mainly because their big data platform is very impressive. Tickets available at: digitalanalyticssummit.nl/tickets