The payments game has changed, and winging it is no longer an option. James Huber and Jeremy Stock sit down with Maurice Griefer of MyCPO (https://www.getmycpo.com/) to unpack what it takes to scale a high-risk ecommerce brand without getting crushed by chargebacks, caps, and the new Visa VAMP rules. From the wild energy of early ISO call centers to today’s distributed agent networks, the throughline is clear: honest setup, realistic limits, and proactive dispute prevention beat short-term hacks every time.

We trace the journey from old-school ISO bullpens to today’s agent-driven portfolios, then dig into VAMP, chargebacks, MATCH, and how merchants can scale without getting shut down. Maurice shares why he launched My CPO, the realities of going solo, and how to build a resilient payment stack without losing your shirt.

• evolution of the ISO model and sales ethics
• common setup mistakes that trigger MATCH
• planning limits, caps, and multiple MIDs
• VAMP thresholds, portfolio risk, and fees
• alerts, RDR, and dispute prevention tools
• building SOPs, hiring, and merchant support
• long-term trust versus short-term tactics
• hope is not a payments strategy

Maurice shares what he learned growing up around merchant services and later helping build Maverick, then explains why he launched My CPO to stay close to merchants on the front lines. We break down the mistakes that get good businesses on MATCH—like pushing a second website through an existing MID or accepting bad MCC advice—and show how early discovery, accurate underwriting, and multiple MIDs create resilience when Q4 spikes hit. If you’ve ever had a processor freeze funds after a viral campaign, this conversation gives you the playbook to avoid it.

We also dive into the VAMP era: tighter thresholds, pass-through fees, and hard choices for acquirers balancing revenue against portfolio risk. The solution isn’t magic—use alerts and RDR, improve customer service, fix product pages and disclosures, and plan realistic caps that won’t trip alarms. You will pay either way: in tools and process now, or in penalties and lost processing later. Ethics and transparency still compound: the companies that do it right keep the same team at the booth year after year because trust scales better than churn.

If you’re building in high-risk ecommerce or advising merchants who are, this is your roadmap for sustainable growth. Subscribe, share with a teammate, and leave a review telling us the one change you’ll make to your payment stack this week.

**Matters discussed are all opinions and do not constitute legal advice. All events or likeness to real people and events is a coincidence.**

Visit Global Legal Law Firm today: https://www.globallegallawfirm.com/podcasts/

A payments podcast of Global Legal Law Firm

Imagine being barred from accepting cards overnight—and no one will tell you why. That’s the reality for many merchants placed on MasterCard’s MATCH list, a risk registry that can sink a business while support teams stay silent. We brought managing partner James Huber and senior associate Bryce Vandemore into the studio to unpack what really moves the needle: skipping the endless email chains and going straight to a well-drafted complaint that forces banks and processors to respond.

We take apart the power dynamics behind the MasterCard MATCH list and explain why a litigation-first strategy now gets merchants faster answers than inquiry letters. We share case patterns, how banks and processors pass the buck, and what it takes to pressure real protocol change.

• why inquiry letters stall while complaints trigger action
• how banks, processors and ISOs split duties and avoid blame
• why MATCH listings cluster by category and tool-driven flags
• the costs, timelines and leverage of litigation versus waiting
• how fines and retroactive rule shifts punish compliant merchants
• the cardholder protection narrative versus merchant reality
• service gaps between cardholder support and merchant silence
• risks of cashless policies concentrating control in card rails
• practical steps to show compliance and push for removal

We walk through the turning points that led us to a sue-first strategy, why it accelerates dialogue, and how these cases are simpler than most people think. The aim isn’t courtroom theatrics; it’s a clear yes or no so a merchant can reopen accounts and stop the cash burn. Along the way, we map the responsibility maze—banks hold the authority, processors run the operations, and both often cite “internal policies” or “ongoing investigations” while providing no reason code. We also call out category-wide crackdowns and retroactive fines, from peptide vendors to weight-loss products, where compliant businesses are swept up in blanket MATCHing with little transparency.

You’ll hear how the “we protect cardholders” message can mask a deeper incentive to protect the networks themselves, creating a stark service gap: cardholders get fast remediation and live help, while merchants hire counsel just to learn what happened. We dive into the rise of cashless policies and what it means when the only way to transact funnels through private rails that can exclude you without a hearing. Our goal is practical and focused—push for protocol change, document compliance, pressure timely reviews, and establish a credible path off MATCH when errors occur.

If you’re a merchant, ISO, or in-house counsel navigating MATCH, this conversation gives you the current playbook: where to start, how to apply pressure, and what outcomes are realistic. Subscribe for more merchant-first insights, share this with a colleague who’s stuck on MATCH, and leave a review with your questions so we can tackle them next.

**Matters discussed are all opinions and do not constitute legal advice. All events or likeness to real people and events is a coincidence.**

Visit us today: https://www.globallegallawfirm.com/podcasts/

A payments podcast of Global Legal Law Firm

Social Engineering Beats Your Stack: Fix Identity or Get Breached

A single phone call to a help desk shouldn’t sink a global brand—yet it happens. We dig into how social engineering bypasses expensive tools, why identity verification matters at the exact human moments work gets done, and how to measure cyber risk before it becomes tomorrow’s headline. With Peter Segerstrom of Traceless (https://traceless.com/) —a CTO turned advisor who’s audited stacks for acquisitions and built teams from a spare bedroom to scale—we unpack the messy reality of software in payments and fintech: open‑source dependencies, brittle architectures, migrations that stall, and the quiet warts you inherit when you buy code along with revenue.

Christopher Dryden, Esq., traces with Peter how a simple phone call can topple complex systems and why identity verification sits at the heart of modern security. Peter shares a CTO’s view on auditing tech in payments M&A, grading risk, and building Traceless to protect real transactions in real time.

• social engineering as a primary breach vector
• why tech diligence now drives payments and fintech M&A
• lessons from scaling a startup to operational maturity
• auditing architecture, dependencies and maintainability
• open source as foundation and risk surface
• risk grading frameworks buyers can act on
• what cyber risk means for vendors and SaaS reliance
• real‑time identity verification for help desks and workflows
• AI as force multiplier for attackers and defenders

We walk through the practical M&A playbook: inventory the stack, map data flows, assess maintainability, and grade risks so executives can decide what to fix, mitigate, insure, or avoid. Peter explains how a “technical Carfax” reframes negotiations, saving buyers from hidden liabilities and helping sellers prepare cleanly. We also talk vendor risk and why relying on major SaaS platforms can be safer than running your own server—while still demanding least privilege, strong logging, and incident plans that assume someone will eventually pick the wrong link or trust the wrong voice.

Then we widen the lens to Traceless and the identity problem at the core of modern breaches. Real‑time verification for customers, partners, and employees closes the easiest door attackers use: impersonation. From teenager pranksters to nation‑state zero‑days, the threat spectrum is wide, and AI now powers both sides—faster phishing and reconnaissance for attackers, smarter analysis and stress testing for defenders. The takeaway is clear: build verification into business workflows, treat architecture as a living system, and make risk visible with honest grading.

If this conversation helps you think differently about due diligence and operational resilience, follow the show, share it with a colleague, and leave a quick review so more people can find it.

**Matters discussed are all opinions and do not constitute legal advice. All events or likeness to real people and events is a coincidence.**

Visit Global Legal Law Firm today: https://www.globallegallawfirm.com/podcasts/

A payments podcast of Global Legal Law Firm