Payments used to be simple. You swiped, you paid, you walked away. Today, behind every transaction sits a silent army of algorithms making choices most of us never see.

Kevin Lee, Country Head and CEO of Razorpay Curlec Malaysia, spends a lot of time thinking about those choices.

Sitting at the crossroads of India’s highly advanced AI payments ecosystem and Malaysia’s more nascent but fast-evolving market, he has a front-row seat to how the region is being reshaped.

From Kevin’s perspective, it isn’t whether AI will transform finance, but how to make sure trust doesn’t get lost in the process.

For all the hype around AI, Kevin believes the most transformative shift in payments won’t be visible at checkout. It’ll be in the back office, where reconciliation has kept finance teams up at night for decades.

“That’s where trust and efficiency intersect,” he says.

And where AI could quietly change everything.

Laying Down the Rules Before the Race Begins

Bank Negara Malaysia has recently put forward a discussion paper on responsible AI in finance. For Kevin, it’s not just another regulatory box to tick. He sees it as a chance to get the fundamentals right before the technology scales too far, too fast.

He talks about the five pillars that matter most.

First is model governance, with accountability flowing from the boardroom down to the engineers who own each model. Then there’s data governance and consent, which is critical in Malaysia, where data protection rules are still catching up with industry practice.

Explainability is another, not in the sense that every algorithm needs to be cracked open, but in making sure customers and regulators can understand why an outcome was reached. Continuous validation and monitoring come next, with stress tests and drift detection built in from the start.

And finally, oversight of third-party systems, because many of the models banks rely on actually come from vendors and APIs.

Kevin’s point is simple:

“If Malaysia implements these five areas with proportionality and clarity,” he says.

Kevin continued by saying that the framework will simultaneously protect consumers, provide regulatory certainty. It should also have the ability to leave enough room for the industry to innovate at speed.

Malaysia Isn’t India, and That’s the Point

It would be tempting to think that Razorpay Curlec could simply transplant its sophisticated Indian AI stack into Malaysia. But Kevin says Malaysia doesn’t work like that.

“Malaysia is not a market that can be approached with a copy-and-paste mentality,” he said.

The payment rails here in Malaysia (like FPX, DuitNow, and the local wallets) behave differently from India’s UPI or card-heavy flows.

Fraud patterns are shaped by local behaviour too, and according to Kevin, they kept spiking around festive sales and public holidays in ways that don’t map neatly to other markets.

The regulatory environment adds another puzzling and head-scratching layer.

Consent, disclosure, and explainability are held to higher standards under Bank Negara’s proposed framework. So Razorpay Curlec has had to adapt its technology with local datasets, linguistic patterns, and compliance expectations.

That balance of adaptation also runs through Kevin’s view on the “build versus buy” debate.

In his words, they build what defines them and buy what accelerates them. Proprietary tools like risk models, adaptive routing, and reconciliation engines are always built in-house because they sit at the heart of customer trust.

Commodity functions, on the other hand, can be sourced externally, provided the right due diligence and audit rights are in place. For Kevin, this hybrid approach is what keeps the company fast without losing control.

“Our approach is simple,” Lee says. “We bring the robust tools from India and adapt them using local data and regulatory context.”

Fighting Fraud is a Team Sport

Regulation is not happening in a vacuum. Singapore’s FEAT principles and Indonesia’s new OJK AI guidelines are already shaping expectations in ASEAN. Kevin sees this as a competitive opportunity.

Harmonised standards make cross-border expansion smoother, reduce friction for fintechs, and allow Malaysian-developed AI tools to be exported without costly rewrites.

“If Malaysia combines robust rails like FPX and DuitNow with harmonised AI regulations,” he argues, “we could position ourselves as a regional hub for fintech innovation.”

Plus, AI in payments isn’t something any one player can solve alone.

That’s why Kevin welcomes initiatives like PayNet’s Financial GPT, which is designed to help predict and prevent fraud at scale. He doesn’t see it as a competitor but as a foundation for the whole ecosystem.

In his view, collaboration here means pooling anonymised intelligence to spot fraud signatures faster, running joint tests to simulate AI-generated phishing and synthetic identities, and developing common APIs so private operators and national rails can share signals in real time.

“The future of financial security is a shared effort where both public and private sectors play to their strengths,” said Kevin.

The public sector brings reach and systemic safeguards. Private operators bring agility and data-driven insights. Together, the mix is far more powerful than either side acting alone.

AI as an Equaliser for SMEs

When we asked him about how SMEs can adapt, he opened his thoughts by saying:

“The digital divide is one of Malaysia’s defining challenges.”

And I agree with this as from what I see, one of Malaysia’s biggest challenges is making sure digital growth doesn’t widen the divide between large corporates and small businesses.

To Kevin, this is where AI in payments can make a real difference. SMEs often struggle with thin credit histories and time-consuming back-office tasks. AI can change that.

With consent, transactional data can be used as a substitute for collateral, creating new credit signals that are easier to explain and contest. Automation can take care of invoice matching, payout scheduling, and reconciliation, freeing business owners to focus on growth instead of paperwork.

And by embedding these tools into the platforms SMEs already use, digitalisation becomes something more of a natural process rather than a disruptive one.

Kevin is, however, also careful to point out that this is about trust as much as technology.

For AI to lift small businesses, it must be explainable, consent-driven, and easy to opt out of. Done right, it could help bring thousands of SMEs into the formal economy and make Malaysia’s digital growth more inclusive.

In his words:

“The less ‘new’ an SME has to adopt, the more likely digitalisation sticks.”

The Next Wave of Fraud Won’t Look Familiar

Of course, not every AI use case is about growth. Some are about survival.

Kevin is blunt about the next wave of security threats, which won’t look anything like the old ones. Adversaries now have AI too, using it to generate deepfakes, create synthetic identities, or probe systems with adversarial prompts.

Preparing for this means building layered defences. At the identity layer, authentication must become phishing-resistant. At the behavioural layer, systems need to score devices, networks, and sessions in real time.

Lastly, at the media layer, biometric approvals need liveness checks to catch spoofing. On top of this, models themselves must be subjected to stress tests, red teaming, and adversarial training to make sure they don’t get tricked.

Perhaps most importantly, Kevin says the response cannot be improvised.

“Institutions that prepare with layered defences, continuous testing, and transparent reporting will be the ones that sustain trust when new forms of AI-driven fraud emerge,” he suggested.

Kill switches, anomaly triggers, safe modes, and pre-agreed incident reporting protocols all have to be wired in before an attack happens.

With reports of breaches and fraud attempts already rising in 2025, Malaysia doesn’t really have the luxury of waiting.

The Not-So-Quiet Revolution in Payments

Fraud prevention may grab the headlines, but Kevin argues the more transformative applications of AI will be quieter ones.

Agentic operations could take over repetitive workflows like creating payment links, reconciling ledgers, or drafting regulatory reports. Adaptive checkout could personalise payment flows for every customer, balancing convenience with security.

Real-time treasury optimisation could predict settlement timings and reduce idle balances, giving businesses better visibility over cash flow.

And then there’s explainable reconciliation, which Kevin calls the “quiet revolution”.

Today, finance teams often struggle with manual reconciliation across multiple banks and rails. AI could trace every transaction, explain anomalies in plain language, and compress close cycles from weeks to days.

For merchants, that means fewer disputes and faster cash flow. For regulators, it means transparency and auditability.

It may not be glamorous, but in payments, it’s the kind of shift that changes everything.

For all the talk of models, frameworks, and future threats, Kevin keeps returning to a single idea, which is trust. In payments, the systems that matter most are the ones customers don’t have to think about.

If Malaysia gets this right, the next time you make payments, you won’t be thinking about AI at all. And maybe that’s the real measure of success.

Featured image: Edited by Fintech News Malaysia based on images via Razorpay Curlec.