Category Archives: Digital Goods

Why using Bitcoin is like abstinence, and other thoughts about cryptocurrency and financial systems

Elad Gil has this brilliant post titled “6 Startup Ideas Every Nerd Has” with a poignant explanation of how these are thought out. As someone who works on macine learning I can tell you that idea #2 repeats itself too often. I, too, have dabbled with ranting about ideas I hear too often. There is yet another type of ideas, though – ideas that are essentially interesting and good but that are too deep in geekdom to be relevant. Cryptocurrency is one of them.

If you work in payments you can’t get away from cryptocurrency, and its poster child Bitcoin. Every talk of fraud in payments draws scoffs from random commenters; Bitcoin will solve your fraud problems, they say. Irreversible, anonymous, plain and clear. Objecting responders talk of Bitcoin’s (lack of) merits as legal tender and the probability that governments will accept a legal tender they don’t control, if only for money laundering control. Both miss the point: Bitcoin isn’t a contender in the race to replace money. Claiming that Bitcoin solves fraud is like claiming that abstinence solves STDs; at zero participation from the general public, proliferation of fraud in Bitcoin is as futile and unadvantageous as being a sexually transmitted disease is in a world full of monks.

If everyone used Bitcoin, there would be ways to defraud people out of it; from Man In The Middle to 419/Nigerian Prince scam to simple MLM, scams and fraud in eCash are as old as eGold. The human factor is the weakest link, and no cryptocash will replace that. Furthermore, the barriers to entry into cryptocash usage, even if it could solve the problem of fraud, are too high, and prevent wide acceptance. The crypto-community likes this difficulty so much, cherishes it so, that wide adoption is impossible. If you disagree, have your mom mine me some bitcoins. I’ll pay more than the $42 they’re asking for in Mt Gox. You know what? Just have her read through the documentation and explain them back to someone who isn’t you.

Is the system broken? No doubt. The problem isn’t in the way legal tenders are minted, though, but in two other places: identity brokers and financial infrastructure.

The brokers – the card issuers – own the financial relationship and data to underwrite consumers for credit. That’s one major part of the financial equation that let financial institutions dictate the rules of the game both online and offline. If you undermine that relationship you get access to one of the most significant relationships consumers in the developed world have. That’s why I love short term credit schemes like Klarna and prepaid card services like Card.com; the first creates a financial relationship from thin air by extending credit in real time, and the second encourages consumers to deposit some of their paycheck directly to their prepaid-supporting account. Both have the ability to disintermediate issuers.

The financial infrastructure is where I actually think cryptocurrency can be helpful. No matter what you do you can’t run away from the card networks or clearing houses; they are the backbone of money movement. Every dollar moving around ends up paying tribute to the eternal gods of monetary movement. What if Bitcoin didn’t try to become a replacement for money consumers are using, but rather create the first true cloud based clearing house, where newly created financial institutions trade reserves and foreign currency using the Internet, but securely, rather than using the current broken systems? That for me is a big promise, and one huge problem no one’s tackling. What it would require is large Bitcoin liquidity reserves, backed by real currency, and with a stable enough exchange rate to plan a 12 to 18 months window. If new lenders could borrow in Bitcoin from a central Bitcoin exchange, its way to becoming a de-facto backbone of a new breed of financial transactions will be much more probable. So far, it doesn’t seem remotely as available and stable as required.

The payments and personal finance world is broken, but it enjoys a distorted local maximum that a lot of energy is required to move away from. Simply waving an interesting idea at the public doesn’t work. Like flash players weren’t as popular before the iPod and Napster, while changing the music industry, crashed as a business, cryptocash is a precursor to something, but is still not it. It can go somewhere, but is still not there. We need to recognize that to be able to move ahead.

 

Fraud in Digital Goods Sales 201 (Signifyd post)

The Signifyd blog has a blog post worth reading today:

Selling digital and virtual goods is a lucrative business, but one that also attracts a lot of fraud attempts. The logic is obvious: no shipping requires no physical presence or appearance of one, fast delivery allows fraudsters to quickly buy multiple items and exploit much more of every stolen card, recourse by the seller is almost impossible due to the speed and finally, reselling stolen products is much easier than tangible goods. After our blog was featured in Balanced’s post about fraud, we saw multiple questions about fraud in digital goods. One of them was this comment on HN. One reason for Signifyd getting a lot of retailer attention is our ability to provide quality fraud prevention decisions that help reduce fraud in cases where there’s little recourse. We wanted to share some insights.

Common wisdom about preventing fraud in digital goods is abound. We’re not looking to repeat the regular tips – using IP address to billing address distance, purchase velocity, email domain type and device fingerprinting as indicators. What we’d like to do is add some more details as to why these things often fail, and suggest a few best practices. Here are some:

  1. Digital goods purchases provide a quick feedback loop, allowing fraudsters to test and learn fast and adapt. Deploying rules with a single threshold or indicator (e.g. number of past purchases over 4, or IP country must match BIN country) and rejecting 100% of purchases immediately simply provides faster feedback. Either compose rules that have multiple indicators, randomly reject less than 100% of purchases, or implement a random delay in your response.
  2. IP to billing address location is a complex indicator. Simply measuring distance won’t work when the network is mobile, and setting a single threshold won’t work in most countries. Use sources like GeoIPOrg to understand what connection this IP comes from, and implement bins to your distance function.
  3. Email domain type is relevant but simplistic. After you weed out the free but rare ones (bad) and corporate emails (usually good) you remin with a ton of Gmails. What then? Using online searches to determine that this email is actually tied to a person is an important next step.
  4. Customer browsing patterns are highly indicative. New customers, returning customers and fraudsters all navigate differently on your website. Count the number of clicks to initiating a purchase, as well as which types of pages new customers pass through. You’ll see obvious patterns emerging.
  5. Don’t wait for chargebacks to come. Have one person on staff reviewing purchases randomly to detect emerging trends and respond to them.
  6. Machine fingerprinting is helpful, but is often a glorified javascript. Build basic matching in house based on information you collect from consumer sessions, and watch for users who look similar to previous ones but always have new cookies. Fraudsters know how to flush cookies – it’s not the linking that gives them away, but rather the attempt to not be detected.
  7. Don’t use 3DS. You will pay much more in lost business than prevent fraud.

Fraud in digital goods is a real problem, but a solvable one. Don’t let the threat of lost money shut down your business and drive you to blocking whole countries from your system. And, give us a buzz. We’d love to see how we can help you.