You also have full control over false positives:
- First, we put txn's through several layers to ensure the highest rates of order approvals. If our algorithm is about to reject, it goes through a human review process to ensure we're approving as much as possible.
- If we reject, you have a force approve time window to approve transactions if you disagree with our decision. You have final decision-making. None of our merchants use this because they end up trusting us so much :-)
Our customers (some case studies here: https://bolt.com/case-studies) have switched from top-tier providers and seen substantial order approval lift.
Furthermore, we're also your payment processor. Typically fraud providers and payment processors are separate, so if fraud providers make a mistake, payment processors will slap the merchant on the wrist with what can ultimately be serious fines + more reserve requirements. We don't, because we're also your processor.
Final control over force-approving rejected transactions is a nice feature on its face. I understand why your merchants don't use it...they'd have to soak the expense of paying someone to monitor accepts and rejects in an attempt to optimize sales (which is what they are paying you to do).
If a merchant does not have full visibility into and control of their anti-fraud program (and the expertise to know what to do with it) approval/reject/false positive rates are always going to be in the hands of people who don't know their customers or business as well as the merchant does. That is why larger, mature businesses invest in anti-fraud people and technology. That's certainly a bridge too far for the typical small business, so services like Bolt can certainly deliver a ton of value. I just advise a merchant who thinks that just because they can't see fraud there isn't any impact to their business that they're missing a potentially crucial part of the picture.
As we publish more, we hope to let data talk. If I were in your shoes, I'd be similarly skeptical. Most companies in the space overpromise and underdeliver.
The key: everyone is focused on large data sets (breadth of data). We have some of that, but not nearly as much as large processors. We have, however, much more depth (sometimes 10X-20X as much). This allows us to achieve high accuracy in short amounts of time. Often times we'll lose money in the beginning to ensure high approval rates and, in essence, pay for learning data.
Followed up with "Get a Quote" rather than displaying simple pricing...
"Without proof of a lower rate, default processing is 2.9% + $0.30 for VISA/Mastercard/ Discover, 3.5% + $0.30 for AMEX, and $20 for any chargeback dispute not covered."
All of our clients (typically larger businesses) provide proof of lower rates with their existing processors and get those rates 100% matched. We do not negotiate processing, we just match the industry.
I can get .9 to 2.0% (depending on the industry of my business) off the shelf from at least 6+ sources.
And that's before any interchange rebate programs, volume discounts, or specially negotiated interchange waivers past a certain fee per quarter.
How much volume do you guys handle?
The CEO made it clear those rates are essentially a tax paid by unsavvy engineers that haven't shopped for rates because they aren't actually interested in setting competitive rates.
The real market rate for interchange is FAR lower than those described here, and from the replies you'll see that even here on HN there are a lot of tech smart, finance dumb engineers that didn't know that they're throwing away a big chunk of their revenue by taking the shelf rate for payment processing.
If you're big enough you do interchange plus pricing where the interchange is passed through and small processing fee is added. Blended rates are for small companies.
2.0% blended does actually cover premium segment cards on a per transaction basis even at the top-end shelf rate depending on how you've structured your payment processing pipeline. Fully international transfers on high-end cards often cost less than intra-jurisdictional premium card purchases. Shelf rate, you're looking at 2.7 in the worst case without negotiation or any work on the part of the merchant.
But even if didn't - premium card penetration isn't very high.
So why are you paying for the full premium card interchange on every transaction?
Your merchant agreement restricts how you can do it, but you can provide incentives to use different payment venues. You don't have an incentive to push people towards low-interchange channels if you're getting fleeced on every channel.
Given the difference for a 10% margin product purchase between a 1.0 and 3.0 blended rate processor is literally a 28% difference to your bottom line, getting on top of the minutiae of your agreement is tremendously important.
edit: 1.4% + €0.25
There could be something else there, though.
Most people don't know what a blended rate even means, though, so why bother using that terminology when I'm trying to save some smallco engineers on HN a few points on their startup's margin?
Feel free to replace my use of interchange with 'blended rate' if that helps.
Eliminating fraudulent chargebacks addresses a serious pain point for a large market segment. It’s an angle that allows it to answer the “why not just use Stripe” from day one — which is a really hard question to answer with a just launched service.
It looks / feels like stripe but without the brand recognition, I'd hope it's more cost effective than competitors but having to contact them for pricing doesn't inspire confidence. I also don't see how this is any more frictionless than competitors. On the flip side I'm a little blown away by how big the team is and how many jobs they have listed considering it's only launched a couple hours ago - whoever bank rolled this has a lot of faith. Congrats on the launch either way.
- Stripe = APIs to build your own payment stack.
- Bolt = fully out of the box payments stack. Checkout that doesn't only do payments but also shipping/tax/user-auth. Also w/ 100% fraud coverage.
Also to set the record a bit more clearly: we launched in stealth 1.5 years ago, have been moving $100Ms, and have dozens of case studies.
Appreciate the kind words too!
Didn't see a FAQ on the homepage, nor found the answer on a quick search, so I'm asking here.
You can accept a credit card from anywhere in the world. We also support 50+ localized currencies.
However, we can only settle to a US/Canadian bank account. We can do an instant transfer to an intl bank account, but some companies don't want funds touching the US/Canada for tax reasons.
If you are ok with that on the settlement side, you're in good shape! Adding more settlement countries and local acquiring is a top priority for the next year.
There are other companies that do this, but none of them also do payments. They're kinda like rebate programs where you submit your fraud to them and they pay it off like insurance. It's a lot of manual work, back-and-forth, and they end up not doing a great job. So, this is a first for the industry.
Why is our fraud detection so much more accurate? We have access to the full stack of data across checkout, payments, and the user's shopping experience, collecting 200+ variables on every transaction. Most silo'd fraud providers may end up getting 10-20 variables and have to make uniformed decisions, resulting in $10's billions in false positives (good customers getting rejected by fraud tools) in the US every year.
We have a server-based webhooks to create orders which is how we do secure order creation. Bolt provides a webhook (Bolt server -> merchant server) and REST APIs (merchant server -> Bolt server) to exchange data (including transaction details) through a secure channel.
Appreciate it again.
Have you considered that discussing API design decisions regarding security in a public forum is a bad decision of your own?
After literally 10 seconds on the site, I found this: https://bolt.com/security
Your post tried to chastise him for calling out a vulnerability, and then tried to shame him for not quietly emailing their security team. Chances are if someone were a bad actor they would have:
A) seen that themselves outside of his message, or
B) Found out through sheer luck and brute force
If anything, the poster mentioning it invites the team to fix it before someone exploits it. It's worse to blunder on a hole someone told you was 1.5km down the road, so hopefully they either address it or fix it
My concern is not a security issue or vulnerability on their site or service. I am concerned that a processes they are recommending may not be safe, and if I am incorrect (I still feel that I may be missing something), I feel that a response may be insightful to others.
In short: on this platform merchants have the ability to process a transaction that Bolt suggests is likely to be fraudulent (in effect ignoring the warning).
In a general sense, all merchants have to balance their false positive rates with their false negative rates in a way that makes sense for the products/services they sell.
I once had a tracked package marked as delivered, despite the entire neighborhood being cordoned off by police with nobody but residents being allowed in. Despite proof of this, the merchant refused to accept the package was not and could never have been delivered.
You're contradicting yourself when you also say that you charge $20 for chargebacks.
Similar scenario, but this time I am an actual owner of that Canadian credit card, but I'm using Tor (or VPN) with an exit in Romania.
Can you elaborate how your 200+ variables will be able to block first and allow second purchase?
But the genuine holder is probably going to be blocked when they start throwing flags like that, and that's probably just standard everywhere with any type of automated fraud protection.
In both cases the vast majority of their 200 variables will look the same. The only differences will be in the IP and latency data and, possibly, the time zone/locale information if a fraudster is not being careful.
Point being is that differentiating these two cases comes down to analyzing just few bits of data, so I'm not sure why they are using "200 points" as a selling point.
I also wouldn't expect them to detail all their fraud prevention techniques in a public forum.
IMO this is a really interesting idea! Since they are also the payment processor, they have access to more data for fraud prevention, so much so that fraud "insurance" is basically baked into the rate.
Increased efficiency through data analysis, and they are passing the savings on to yoooouuuu!
This could be a paradigm shift. Very cool. The docs look good, AND it works in Canada!?! Thank you! Canada is rarely a priority for US fintec companies. Even amazon DevPay doesn't work here last i checked. Sign me up!
A Bolt employee already replied with a section about false positives vs. false negatives.
I can't imagine any legitimate financial industry company cares much about supporting Tor users. If your financial accounts are based in Canada but your IP traffic appears to be coming from Romania (whether through Tor or VPN or other similar reasons), you probably are much more likely to be involved in fraud from their perspective.
If you have Canadian accounts and are travelling in Romania, that's a different story.
We'd factor this in, and it may be negative, but if the other 198 variables match up, you'll be in good shape with Bolt given your purchase behavior, on-page event patters, order details, and many other factors that are much better predictors of fraud than VPN/Country/etc.
With what exactly? 198 variables will be the same between two cases I described.
The follow up question is what your false-positive rates are. As I said in another reply - there is a set of simple and common cases when both fraud and legit purchases look the same, so by having a zero fraud rate you will be driving the false-positive rate up - and that is bad. People won't be able to pay even though they are already with a wallet in hand.
This in turn means that merchants will need to implement a fallback option to cover this risk... which is going to be PayPal, probably.
All of this is why Stripe Radar implements _provisional_ blocking. They let purchases through, but flag them for a human review. I am going to make a bold prediction and say that you will converge to the same approach sooner rather later. There's no magic recipe.
At the bottom of https://bolt.com/fraud
"MACHINE POWERED, HUMAN REVIEWED"
"Everything we do at Bolt is tailored to maximize your order approval rates. Purely algorithmic systems falsely reject good customers. Every suspicious order goes through an extra layer of human review to ensure the best results."
However, you can't know which features carry information until you collect and analyze them. For a problem like fraud -- where "expert" input probably would not allow you to figure out which features you need ahead of time -- it was almost certainly more reasonable to gather all the data and then, after the fact, perform feature selection.
- Collect as much as possible
- Figure out what features are worthwhile
- Focus on those features
Our competitors have an extremely narrow lens into all the data around a transaction. We've found things that they'll never find or even have access to in the first place. Blog posts to come here as well.
Here are a few articles with more : https://techcrunch.com/2018/01/23/bolt-launches-an-amazon-li...
There's really nothing of a sea change here, just optimization of existing techniques.
It does things like track where the mouse is moving on the page, whether someone is copying and pasting information into the fields, whether they’re making typos, how fast they’re typing, and many other factors. By analyzing customer behavioral patterns, Bolt says it has a better shot at stopping fraud than just asking for the billing address.
I wonder how this handles autocomplete? In a sense it would be a good sign if the browser already knows given and family names etc., but could that be differentiated from a quick (perhaps extension-assisted) cut'n'paste?
Second, what is meant by "Amazon-like checkout?" If that "YOUR BRAND" thing on the front page is a screenshot/representation of the service, it appears to be an AJAXy overlay over the normal site similar to what one of PayPal's three dozen or so integration methods does. I wouldn't qualify that as "Amazon-like" since it doesn't well integrate with the rest of the site in terms of look and feel.
Amazon is currently able to invest $100M's and 100s of engineers into perfecting the checkout experience. There are actually hundreds of things you can do to optimize checkout. Here's one study: https://baymard.com/checkout-usability
We do all those things. We invest the engineering resources to perfect checkout. So that you don't have to. Even our checkout today is not perfect, but it's way better than the one's we replace. And will continue to improve with every deploy.
Now that you say it, Amazon-like can be a bit confusing. Really it appeals to our vision to help every online business compete with checkout by optimizing their payments flows.
Is pretty consistent with our style today.
"Bolt is an online payments platform which allows users to make payments through digital currencies such as bitcoin.
Bolt wants to give e-commerce retailers a better shot at competing with Amazon."
Can anybody at Bolt talk about that transition? Why is there less focus on digital currencies? Any interesting success/failure stories of eccommerce companies using digital currencies?
Always happy to hear about successful pivots.
We realized crypto's shortcomings in mainstream payments (after a valiant year long quest) when we also had an aha-moment about how to re-engineer traditional online payments. Thus, the Bolt you see today.
News on crypto for online payments to come :-)
It seems like Bolt is focused on solving the consumer identity fraud problem for merchants, but this biz models will 100% make them a huge target for fraudulent merchants to collude with customers to steal funds.
I guess I don't see how even an additional low single digit % fee will make up for false negatives. Assuming the company keeps .5% of the standard payment processing fee + takes an additional ~3% in fees on top of that, a $1000 false negative would require $1000/(.035) = ~$28.5k in additional processing volume to breakeven. This doesn't even take into the account the fact Bolt will eat the chargeback fee passed on from the network, so merchants with high volume/low average order value (think digital goods) will be hugely expensive for Bolt to service given they're making pennies per transaction but potentially paying 10x+ that per chargeback.
Some comments on that in this thread:
We vet our merchants before onboarding and make sure to work with high-integrity companies. We monitor orders not just for identity fraud, but for merchant / collusion fraud.
That being said, we can certainly make mistakes. We also end up in the red some months with some clients. The good thing is that when we make a mistake, we pay the cost, not the merchant (which is contrary to the current state of the industry).
We have made reasonable profit per client even with our costs, but the real winners are our clients driving millions in newfound revenue.
As far I know there isn't a specific reason code for "friendly fraud" (i.e. banks are passing along chargebacks telling you as a merchant that they think it's not actual fraud) and more often than not, especially having worked on this problem at scale in the past, friendly fraud chargebacks just come back with a "this is fraud" reason code.
Note that both do not require merchant knowledge or collusion.
"If you have Bolt's fraud indemnification, Bolt will fully cover the costs of and manage fraud-related chargebacks. But, you will still be responsible for Merchant-related chargebacks (damaged goods, goods not received, unhappy customers, etc.)"
"If you do not have Bolt's fraud indemnification, we will contact you via Email to inform you of the chargeback. Your merchant account will be charged that full order amount plus a $20 processing fee. Then, we will request the appropriate information to help you fight the chargeback with the card network. If you win the dispute, you will receive the full order amount credited back."
Our top focus is order approval lift. Zero fraud is cool and all (and makes for a good posting title) but is really just an assurance that you should be comfortable as we start to approve way more orders.
Merchant-fault is typically behind many of the non-friendly-fraud and non-stolen-card-fraud chargebacks. This includes late shipments, not adhering to return policies, damaged goods, etc.
I mean, I guess if someone fraudulently signed up for a subscription, you'd lose the future expected monthly subscription fees or whatever.
But it's pretty much good enough. When I saw "zero fraud" advertised, my immediate assumption was that they paid for any fraud, and they were confident they had fraud low enough to do that and still be profitable. No other way to get truly "zero".
Hoping to expand to more business categories as we grow.
Their platform is solid and was straight forward to integrate with. Their development team was also extremely helpful and helped us through the process at every step we needed them. They really did go above and beyond for us.
We hope to shorten the list as time goes on.
We've had it for close to 3 years though.
Side-note: The link on HN goes to plain HTTP, hopefully you have HTTPS all set up!
And yea thanks, the site auto-redirects to HTTPS.
Empirically, you'd rather let several fraudsters through in order to not trap a good customer (because of their customer lifetime value, brand value, etc).
However, the industry does the opposite. They'll reject 3 good customers to catch 1 fraudster. It's really bad.
Every switch to Bolt has seen a 1%-20% lift in order approval rates (while guaranteeing zero fraud) because of our unique data engine and data visibility. Huge reason why companies are switching to Bolt.
This is definitely something you might want to put in your marketting, but also back up in some way.
As a general rule, I'm going to assume any reduction in false negatives has some increase in false positives. If the general rule is not true in your case, I'm going to need to be convinced. :)
Many of our clients switched from top-tier fraud detection providers and saw significant lift in order approvals with Bolt.
More case studies on the way.
I mean, you even hide your docs behind a password? How terrible. What are you keeping so secret? Does this translate to your other business practices? Mental note made.
Docs are now fully public: https://docs.bolt.com/
Pricing varies depending on volume, risk, and a number of different factors given the complexity of payments (and that we're taking on full liability). But after a short call we provide a very simple flat rate with no BS. As much as we'd like to do one price, given the nature of our product, it's just not viable at this time.
Note: I mean this entirely unskeptically. I wonder how you pulled this off and I think it's a positive signal about your company that you did.
In payments, the MVP bar is high and we built like 4 companies in one (payment processor, fraud detection co, checkout platform, + more). So we had to raise a bunch, hire world-class people, and write code for a couple years before launch, all the while convincing investors that we weren't going to be another stealth-disaster-company. We then landed close to 100 customers while totally in stealth.
I'll be writing blog posts about how we did it -- from fundraising to recruiting to sales. It was 100 times harder than I ever imagined. But, it's made us stronger than ever.
Our fee ranges anywhere from a fraction of a percent to a couple percentage points. Companies selling $100k diamond jewelry (of which we have several) vs companies selling $100 bikes have different levels of risk.
Most importantly, we typically charge 1/10 the revenue we generate for our clients: https://bolt.com/case-studies. Everyone who's signed up is 10X ROI positive. For a small single digit percent they're making double digit percent more money.
On top of the Bolt Fee, we match processing, and that's about it.
It's such a great opportunity to show what your company is all about and win over skeptics.
Nice work rbres!
Now, let's do an interview with you on http://techzinglive.com because it sounds like you have a great story!
Send email to podcast[at]techzinglive.com if you're up for it ;)
p.s Thanks skrebbel for digging into that.
Will shoot ya a ping.
Soooo we're just winging it at the moment, because it's their job to provide it to us (as agreed upon). I'm pretty sure they aren't going to get that integration.
However, for now, settlement only to a US or Canadian bank account. We can do an instant transfer from a US/Canadian bank to an intlt account, but if you want to avoid US taxes and settle directly to an international bank, we do not support that. Our team is hard at work to support it in the next year.