What happened
Socure appointed Mark Carter as its Chief Information Security Officer.
The company said Carter will lead its enterprise-wide security, cyber risk, governance, compliance, resilience, and information technology strategy as Socure continues expanding its identity verification, fraud prevention, and regulatory compliance platform.
Carter will work across product, engineering, legal, compliance, operations, customer-facing teams, and executive leadership to strengthen security and responsible data practices while supporting AI innovation.
Socure said the appointment will influence how the company builds, operates, and scales its AI-native platform for identity verification, fraud prevention, and regulatory compliance.
Carter joins Socure with more than 25 years of leadership experience across cybersecurity, information technology, engineering, risk, compliance, AI, cloud, and product organizations.
Before joining Socure, Carter served as CISO at Navan and Tesla. He also served as both CISO and CIO at Vimeo. His previous leadership experience includes roles at Salesforce, Amazon, Google, Microsoft, PayPal, VMware, and Gemalto.
Socure CEO Johnny Ayers said security, privacy, and resilience are foundational to how the company grows as it scales globally with large organizations.
Carter said Socure sits at the center of a major global challenge: establishing trust in identity while stopping increasingly sophisticated fraud. He said the company’s ability to strengthen resilience, advance enterprise risk and compliance, scale AI-powered IT systems, and embed responsible security and data governance into daily operations will define its next chapter.
Who is affected
Socure customers, partners, employees, and security stakeholders are affected by the leadership appointment.
The appointment is especially relevant to organizations using or evaluating Socure for identity verification, fraud prevention, risk intelligence, and regulatory compliance.
Enterprises and government agencies are also affected because Socure framed the appointment around the need for secure, resilient, and transparent infrastructure as fraud, identity, and compliance risks become more complex.
Why CISOs should care
This appointment is notable because identity verification and fraud prevention platforms increasingly operate as trust infrastructure for enterprises and government agencies. These systems process sensitive identity signals and support decisions about user onboarding, authentication, compliance, fraud risk, and account trust.
For CISOs, vendor security leadership matters when a provider sits close to identity, fraud, and compliance workflows. A platform used to verify identities or stop fraud must also demonstrate strong internal security, privacy, governance, resilience, and risk management.
The AI context is also important. Socure described Carter’s role as supporting responsible data practices while accelerating AI innovation. As AI-driven fraud becomes faster and more sophisticated, customers will likely scrutinize how identity vendors secure data, govern models, manage risk, and maintain trust at scale.
The appointment also reflects a broader trend: security leadership is becoming central to how identity and fraud prevention vendors scale into enterprise and public sector markets.
3 practical actions
- Review identity vendor security governance: Socure said Carter will lead security, cyber risk, governance, compliance, resilience, and IT strategy. CISOs should evaluate whether identity and fraud vendors have mature security leadership, documented controls, compliance programs, and clear incident response processes.
- Assess AI and data governance in fraud platforms: Carter’s role includes strengthening responsible data practices while supporting AI innovation. Security teams should ask vendors how they govern AI models, protect training and inference data, monitor abuse, and manage privacy risk.
- Classify identity verification platforms as critical trust infrastructure: Socure supports identity verification, fraud prevention, and regulatory compliance. Organizations should treat platforms in this category as high-impact systems within third-party risk, access governance, resilience planning, and audit programs.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.