API-first, SaaS platforms are the right foundation for payments modernization, fraud prevention, and cross-border scaling in Southeast Asia, according to David Becker, Managing Director for Asia Pacific at global software as a service (SaaS) cloud banking platform Mambu.

Moving from one-off projects to API-driven architecture

During the COVID-19 period, many institutions had to develop and deliver digital channels almost overnight, just to maintain continuity. The underlying drivers of transformation — customer expectations for intuitive, always-on digital experiences, the evolving regulatory landscape, and the threat from newer, more nimble competitors — have continued since.

The approach has changed, Becker told TNGlobal in an interview. “Instead of reactive, one-off projects, institutions are moving towards a more pragmatic, progressive approach to modernization.” That includes using “speedboat” initiatives — launching a new digital brand, product line, or business unit to prove value quickly without a risky big-bang core replacement — and running a modern, composable core or payments hub alongside existing infrastructure, then scaling as results are proven.

Speed and agility are being treated as ongoing capabilities, focused on time-to-market, the ability to iterate products quickly, and the flexibility to integrate new partners as the landscape evolves.

API-first platforms and the build or partner decision

When banks evaluate whether to build or partner for real-time payments modernization, the key factor is to allocate scarce engineering and investment capacity, Becker said.

Real-time payments infrastructure, connectivity to multiple schemes, and keeping up with evolving regulations are now baseline capabilities. Many institutions are finding that trying to build and maintain all of this themselves slows them down and drains resources. By collaborating with specialist, API-first SaaS platforms, banks are able to develop modern payments capabilities faster, reduce the complexity of scheme connectivity and compliance, and avoid repeated upgrade cycles.

“The idea is not to outsource innovation, but to separate ‘plumbing’ — core infrastructure — from differentiation,” Becker said. If a bank can rely on a composable, always up-to-date core and payments layer, their teams can spend more time on new products and journeys and better use of data, rather than continually rebuilding the underlying infrastructure. This approach also helps banks build security, resilience, and regulatory readiness into the architecture from day one, instead of bolting them on later as an afterthought.

APIs embedding fraud controls directly into payment flows

Banks and technology providers play a critical role in how money moves and how quickly suspicious patterns are identified and acted on, Becker said. In Southeast Asia, scam operations have combined organized crime, human trafficking, and social engineering amplified by AI — a problem that requires coordinated action from governments, law enforcement, regulators, and enterprises.

“The scam compounds we have seen reported in parts of Southeast Asia are a brutal mix of organized crime, human trafficking and increasingly sophisticated social engineering, amplified by AI,” he said.

Modern, API-first and real-time platforms make it easier to integrate with specialist fraud analytics, KYC/AML tools, and verification services, and to embed those controls directly into payment flows instead of treating them as an afterthought. That helps institutions detect unusual behavior sooner, apply stepped-up checks when risk signals are high, and collaborate more effectively with authorities when they need to trace and freeze funds.

Building on API infrastructure across Southeast Asia

Banks operating across Southeast Asia can deal with different regulatory regimes, levels of market maturity, currencies, local schemes, and customer expectations in each country. For banks and fintech businesses, that complexity typically shows up as a tangle of one-off integrations to local rails and partners, each with its own rules, cut-off times, and compliance obligations.

This makes it difficult for business to get a single view of liquidity, manage risk consistently, or roll out the same experience across markets when the underlying infrastructure is fragmented, the executive stressed.

Becker said more institutions are looking for a common, API-first core and payments layer that can abstract some of that complexity. Instead of rebuilding for every new country, they can connect to a unified, scheme-compliant platform that supports multiple rails and currencies, while still allowing for local configuration on top — whether that is product features, workflows, or regulatory reporting.

“In a region as heterogeneous as Southeast Asia,” he said, “the challenge is less about pure connectivity and more about finding an architecture that lets you scale with consistency, without losing the flexibility to respect local realities.”

Southeast Asia remains a central focus of Mambu, Becker noted. Markets like Indonesia, the Philippines, and Thailand are moving into a new phase where the emphasis is shifting from launching digital capabilities to making them work at scale. That shift is being shaped by regulatory change, real-time payments infrastructure, and the need to serve more diverse and underserved segments.

Mambu’s role, he said, is to support that transition, helping institutions build and operate with the level of flexibility and reliability that this environment demands.

Mambu expands payments hub into Indonesia, the Philippines, Malaysia and Singapore