Hacker News new | past | comments | ask | show | jobs | submit login
Bolt: An End-To-End Payments Stack with Zero Fraud (bolt.com)
171 points by kpaddie10 on Jan 23, 2018 | hide | past | favorite | 152 comments

Fraud liability absorbed by a service provider isn't "zero fraud." It is: "you don't get charged directly for chargebacks and other financial penalties, but your brand is still at risk, plus you have no control over false positives."

True. But it's zero fraud from your perspective as a business.

You also have full control over false positives: - First, we put txn's through several layers to ensure the highest rates of order approvals. If our algorithm is about to reject, it goes through a human review process to ensure we're approving as much as possible. - If we reject, you have a force approve time window to approve transactions if you disagree with our decision. You have final decision-making. None of our merchants use this because they end up trusting us so much :-)

Our customers (some case studies here: https://bolt.com/case-studies) have switched from top-tier providers and seen substantial order approval lift.

Furthermore, we're also your payment processor. Typically fraud providers and payment processors are separate, so if fraud providers make a mistake, payment processors will slap the merchant on the wrist with what can ultimately be serious fines + more reserve requirements. We don't, because we're also your processor.

Sure, maybe you offer "zero fraud" from a chargebacks-line-item-on-the-balance-sheet perspective. The impacts of fraud on customers' perception of a company, and the effects those perceptions will have on the bottom line, however, can be significant. This is not say I assume your service is deficient in any way...the marketing is just a little snicker-inducing from someone like me who works in the field. The only sure way to have zero fraud is to turn off sales.

Final control over force-approving rejected transactions is a nice feature on its face. I understand why your merchants don't use it...they'd have to soak the expense of paying someone to monitor accepts and rejects in an attempt to optimize sales (which is what they are paying you to do).

If a merchant does not have full visibility into and control of their anti-fraud program (and the expertise to know what to do with it) approval/reject/false positive rates are always going to be in the hands of people who don't know their customers or business as well as the merchant does. That is why larger, mature businesses invest in anti-fraud people and technology. That's certainly a bridge too far for the typical small business, so services like Bolt can certainly deliver a ton of value. I just advise a merchant who thinks that just because they can't see fraud there isn't any impact to their business that they're missing a potentially crucial part of the picture.

It's not zero sum if you have overall greater precision. We believe we do and have proven it across dozens of case studies.

As we publish more, we hope to let data talk. If I were in your shoes, I'd be similarly skeptical. Most companies in the space overpromise and underdeliver.

I would argue it is zero sum ("you've got some fraud" vs "you have no fraud") if there is any great volume of transactions and what's being sold is valuable, and/or marketable at a black market price below retail, and/or offers fraudsters liquidity options. I am skeptical because an untrained system is going to make mistakes out of the gate, even if it's trained on oodles of transactions from other businesses. Anti-fraud isn't a one-size-fits-all game.

We've been processing orders for a year and a half in stealth with many clients. So we have a lot of data.

The key: everyone is focused on large data sets (breadth of data). We have some of that, but not nearly as much as large processors. We have, however, much more depth (sometimes 10X-20X as much). This allows us to achieve high accuracy in short amounts of time. Often times we'll lose money in the beginning to ensure high approval rates and, in essence, pay for learning data.

"No more games. Save real money with Bolt's simple pricing."

Followed up with "Get a Quote" rather than displaying simple pricing...

On the pricing page:

"Without proof of a lower rate, default processing is 2.9% + $0.30 for VISA/Mastercard/ Discover, 3.5% + $0.30 for AMEX, and $20 for any chargeback dispute not covered."

Holy shit, those are titanic interchange fees.

That's the starting processing rate for any major processor:

- https://www.braintreepayments.com/braintree-pricing

- https://stripe.com/us/pricing

All of our clients (typically larger businesses) provide proof of lower rates with their existing processors and get those rates 100% matched. We do not negotiate processing, we just match the industry.

No, it isn't? Those are the prices for two providers that aren't even close to lowest-cost providers in the space. They compete on service, not price.

I can get .9 to 2.0% (depending on the industry of my business) off the shelf from at least 6+ sources.

And that's before any interchange rebate programs, volume discounts, or specially negotiated interchange waivers past a certain fee per quarter.

And if you provide us a quote for that rate, we'll 100% match it. We can go as low as anyone else, and are trying to avoid the insanity of negotiating processing rates.

Good plan. This is exactly what we do. Keeps us out of the race to the bottom.

Cool, thanks for the reply. That makes more sense.

How much volume do you guys handle?

So your complaint is that a payment processor competing on service, not price, is priced similarly to other processors competing on service?

I didn't start with a complaint, just an observation.

The CEO made it clear those rates are essentially a tax paid by unsavvy engineers that haven't shopped for rates because they aren't actually interested in setting competitive rates.

The real market rate for interchange is FAR lower than those described here, and from the replies you'll see that even here on HN there are a lot of tech smart, finance dumb engineers that didn't know that they're throwing away a big chunk of their revenue by taking the shelf rate for payment processing.

Exactly :-) We're here to compete on revenue lift + value-add. If we do not generate significantly more revenue than we charge, our customers turn us off.

2.0% blended pricing wouldn't cover the interchange for Amex, VISA Signature Cards or Mastercard World Elite. 0.9% wouldn't cover anything except durbin debit cards.

If you're big enough you do interchange plus pricing where the interchange is passed through and small processing fee is added. Blended rates are for small companies.

Smallco can do interchange plus too. It's more daunting, but almost always a better option.

2.0% blended does actually cover premium segment cards on a per transaction basis even at the top-end shelf rate depending on how you've structured your payment processing pipeline. Fully international transfers on high-end cards often cost less than intra-jurisdictional premium card purchases. Shelf rate, you're looking at 2.7 in the worst case without negotiation or any work on the part of the merchant.

But even if didn't - premium card penetration isn't very high.

So why are you paying for the full premium card interchange on every transaction?

Your merchant agreement restricts how you can do it, but you can provide incentives to use different payment venues. You don't have an incentive to push people towards low-interchange channels if you're getting fleeced on every channel.

Given the difference for a 10% margin product purchase between a 1.0 and 3.0 blended rate processor is literally a 28% difference to your bottom line, getting on top of the minutiae of your agreement is tremendously important.

Very true, interchange plus is the way to go outside of Europe or Durbin-regulated customer bases.

Can you share a few companies that are that low? Stripe and Paypal would be my go-tos for adding any online purchasing to a site, so I thought the 2.9% was unavoidable (for small revenue sites).

.9% in the US? That would only cover some debit cards. I’m not aware of any credit card with an interchange rate that low.

Why are both stripe and braintree so much cheaper in Europe?

This is where the EU is working: they just capped interchange fees.

I was going to guess that there are lower fraud rates in the EU compared to the US; based on what my former partner said, their company reports all EU fraud, but only fraud in the US over 2k USD. In addition to that, people in the US treat (abuse) consumer protections like a "get a free purchase/built-in scam protection", and try buying iphones for $260 on p2p apps from a complete stranger.

There could be something else there, though.

Those aren't interchange fees. Those are payment processing fees...Bolt is paying the interchange.

To be most accurate, those aren't the payment processing fees either. They are the blended rate, which include interchange, the payment processor's cut, the assessment fee, etc.

Most people don't know what a blended rate even means, though, so why bother using that terminology when I'm trying to save some smallco engineers on HN a few points on their startup's margin?

Feel free to replace my use of interchange with 'blended rate' if that helps.

That's where I closed my browser tab.

This looks like a really well positioned and differentiated entrance into the payment provider market.

Eliminating fraudulent chargebacks addresses a serious pain point for a large market segment. It’s an angle that allows it to answer the “why not just use Stripe” from day one — which is a really hard question to answer with a just launched service.


Kind words are always appreciated :-)

Since there's no demo's I had a look at a couple case studies..

https://i.imgur.com/TBTF63h.png https://i.imgur.com/HP0DNNg.png

It looks / feels like stripe but without the brand recognition, I'd hope it's more cost effective than competitors but having to contact them for pricing doesn't inspire confidence. I also don't see how this is any more frictionless than competitors. On the flip side I'm a little blown away by how big the team is and how many jobs they have listed considering it's only launched a couple hours ago - whoever bank rolled this has a lot of faith. Congrats on the launch either way.

Thanks brod!

Main differences:

- Stripe = APIs to build your own payment stack.

- Bolt = fully out of the box payments stack. Checkout that doesn't only do payments but also shipping/tax/user-auth. Also w/ 100% fraud coverage.

Also to set the record a bit more clearly: we launched in stealth 1.5 years ago, have been moving $100Ms, and have dozens of case studies.

Appreciate the kind words too!

Last I checked Stripe does all of this - or at least offers a very parallel product.

Do you deal with international duties and tax as well?

What countries are you supporting currently? Is Mexico in that list?

Didn't see a FAQ on the homepage, nor found the answer on a quick search, so I'm asking here.

Good question. Definitely need to add to the site.

You can accept a credit card from anywhere in the world. We also support 50+ localized currencies.

However, we can only settle to a US/Canadian bank account. We can do an instant transfer to an intl bank account, but some companies don't want funds touching the US/Canada for tax reasons.

If you are ok with that on the settlement side, you're in good shape! Adding more settlement countries and local acquiring is a top priority for the next year.

I'm interested too (EMEA).

Does anyone know how this guarantees exactly zero fraud? The page just tells you to book a demo.

CEO of Bolt here. We'll be writing more about this in the future. In short, our fraud detection is really really good (although not perfect). However, the fraud that ends up making it through the pipeline is so minimal that we cover it fully. So, for a small fee as an online business you never have to pay for / deal with fraudulent chargebacks again.

There are other companies that do this, but none of them also do payments. They're kinda like rebate programs where you submit your fraud to them and they pay it off like insurance. It's a lot of manual work, back-and-forth, and they end up not doing a great job. So, this is a first for the industry.

Why is our fraud detection so much more accurate? We have access to the full stack of data across checkout, payments, and the user's shopping experience, collecting 200+ variables on every transaction. Most silo'd fraud providers may end up getting 10-20 variables and have to make uniformed decisions, resulting in $10's billions in false positives (good customers getting rejected by fraud tools) in the US every year.

Looking at the docs (https://docs.bolt.com/v1/docs/step-2-load-bolt-checkout) it instructs the reader: "The onSuccess method will be called when Bolt successfully processes a transaction. This can be used as a way to create the order (...)". This opens up a massive security hole if the merchant is making decisions based on this method being called client-side, right? What prevents a malicious actor from calling that method directly and thus simulating an order as far as the merchant is concerned?

Thanks for pointing this out. It was a shortcut for some very early beta testers. We've since removed it from the docs.

We have a server-based webhooks to create orders which is how we do secure order creation. Bolt provides a webhook (Bolt server -> merchant server) and REST APIs (merchant server -> Bolt server) to exchange data (including transaction details) through a secure channel.

Appreciate it again.

> This opens up a massive security hole

Have you considered that discussing API design decisions regarding security in a public forum is a bad decision of your own?

After literally 10 seconds on the site, I found this: https://bolt.com/security

Nah, his post is what Hacker News is for; if the company and their CEO is announcing coming out of stealth mode and answering responses, it's worth that guy vocalizing that potential vulnerability.

Your post tried to chastise him for calling out a vulnerability, and then tried to shame him for not quietly emailing their security team. Chances are if someone were a bad actor they would have: A) seen that themselves outside of his message, or B) Found out through sheer luck and brute force

If anything, the poster mentioning it invites the team to fix it before someone exploits it. It's worse to blunder on a hole someone told you was 1.5km down the road, so hopefully they either address it or fix it

"Security hole" may have been poor word choice on my part. "Potentially unsafe process recommendation" would probably be a more apt description.

My concern is not a security issue or vulnerability on their site or service. I am concerned that a processes they are recommending may not be safe, and if I am incorrect (I still feel that I may be missing something), I feel that a response may be insightful to others.

I imagine there is an HMAC or similar that can be verified?

What happens if you're flagged for fraud? e.g. on a recent talk by a different company, the presenter said that buying Pepsi implies a slightly higher percentage of fraud than buying Coca Cola. What happens if I, a legitimate customer with a real, non-expired, not-overcharged credit card cannot make a purchase because your system flags my transaction as fraud?

I believe part of your question was answered here[0].

In short: on this platform merchants have the ability to process a transaction that Bolt suggests is likely to be fraudulent (in effect ignoring the warning).

In a general sense, all merchants have to balance their false positive rates with their false negative rates in a way that makes sense for the products/services they sell.

[0]: https://news.ycombinator.com/item?id=16217020

So, you're providing fraud protection to merchants the same way Amex/Discover/Master Card/Visa does to consumers?

That's correct. Today, merchants are on the line for any fraud that they incur. When you call your bank to report fraudulent activity, the merchant is out the goods + has to pay fees/fines + has to return the money + deals with paperwork overhead. Bolt completely eliminates all of that. We're taking a stand to end fraud and take on all the liability for our clients.

If I buy a product from a website using Bolt, and for whatever legitimate reason I do a chargeback, let's say the product never arrived and the company refused to acknowledge this, will the anti fraud ban me from buying from any of your clients ever again?

I once had a tracked package marked as delivered, despite the entire neighborhood being cordoned off by police with nobody but residents being allowed in. Despite proof of this, the merchant refused to accept the package was not and could never have been delivered.

Nope, you'll only be black-marked if you actually committed fraud. Any time there is a customer dispute, we're able to act as a middle ground often times. If a merchant is a bad-actor, we'll give them some time to fix their customer service. Or, we'd have to part ways with them.

Thanks for the reply.

> However, the fraud that ends up making it through the pipeline is so minimal that we cover it fully.

You're contradicting yourself when you also say that you charge $20 for chargebacks.

Because chargebacks aren't fraud. They can be fraudulent but then I assume it would be part of the 'not covered' portion of the sentence you left out.

Say, I got myself a credit card number of someone from Toronto, Canada and I am checking out through your system using a botnet-based Toronto exit node.

Similar scenario, but this time I am an actual owner of that Canadian credit card, but I'm using Tor (or VPN) with an exit in Romania.

Can you elaborate how your 200+ variables will be able to block first and allow second purchase?

I don't think this is the type of thing they can really elaborate on for obvious reasons.

But the genuine holder is probably going to be blocked when they start throwing flags like that, and that's probably just standard everywhere with any type of automated fraud protection.

Well, it's a pretty basic question.

In both cases the vast majority of their 200 variables will look the same. The only differences will be in the IP and latency data and, possibly, the time zone/locale information if a fraudster is not being careful.

Point being is that differentiating these two cases comes down to analyzing just few bits of data, so I'm not sure why they are using "200 points" as a selling point.

I can't imagine many e-commerce checkouts work well through tor. I can barely use google over tor without getting constant captchas.

I also wouldn't expect them to detail all their fraud prevention techniques in a public forum.

IMO this is a really interesting idea! Since they are also the payment processor, they have access to more data for fraud prevention, so much so that fraud "insurance" is basically baked into the rate.

Increased efficiency through data analysis, and they are passing the savings on to yoooouuuu!

This could be a paradigm shift. Very cool. The docs look good, AND it works in Canada!?! Thank you! Canada is rarely a priority for US fintec companies. Even amazon DevPay doesn't work here last i checked. Sign me up!

Most fraud detection systems rely on blocking rules. So they'd detect a VPN/Tor and combined with an international order, it'd be an almost guaranteed block.

We'd factor this in, and it may be negative, but if the other 198 variables match up, you'll be in good shape with Bolt given your purchase behavior, on-page event patters, order details, and many other factors that are much better predictors of fraud than VPN/Country/etc.

> other 198 variables match up

With what exactly? 198 variables will be the same between two cases I described.

The follow up question is what your false-positive rates are. As I said in another reply - there is a set of simple and common cases when both fraud and legit purchases look the same, so by having a zero fraud rate you will be driving the false-positive rate up - and that is bad. People won't be able to pay even though they are already with a wallet in hand.

This in turn means that merchants will need to implement a fallback option to cover this risk... which is going to be PayPal, probably.

All of this is why Stripe Radar implements _provisional_ blocking. They let purchases through, but flag them for a human review. I am going to make a bold prediction and say that you will converge to the same approach sooner rather later. There's no magic recipe.

We never auto-reject, and we already do human review. Forgot to mention that.

At the bottom of https://bolt.com/fraud


"Everything we do at Bolt is tailored to maximize your order approval rates. Purely algorithmic systems falsely reject good customers. Every suspicious order goes through an extra layer of human review to ensure the best results."

> Can you elaborate how your 200+ variables will be able to block first and allow second purchase

A Bolt employee already replied[1] with a section about false positives vs. false negatives.

I can't imagine any legitimate financial industry company cares much about supporting Tor users. If your financial accounts are based in Canada but your IP traffic appears to be coming from Romania (whether through Tor or VPN or other similar reasons), you probably are much more likely to be involved in fraud from their perspective.

If you have Canadian accounts and are travelling in Romania, that's a different story.

[1] https://news.ycombinator.com/item?id=16217020

Tor is an extreme example, but VPNs are now commonplace. From the top of my head, we have a double-digit percentage of purchases coming from the UK done that way. Zero fraud.

You mean if you aren’t automatically blocked because you are coming from a TOR exit node and that user has never done that before?

I can't parse your question, sorry.

Have a public list of clients anywhere?

Is it always the case that more variables are necessary better? After some sweet spot, with more variables false correlations increase exponentially.

I believe that scaling would be quadratic; but yes, more features (variables) isn't always better.

However, you can't know which features carry information until you collect and analyze them. For a problem like fraud -- where "expert" input probably would not allow you to figure out which features you need ahead of time -- it was almost certainly more reasonable to gather all the data and then, after the fact, perform feature selection[1].

[1] https://en.wikipedia.org/wiki/Feature_selection

++ exactly right

- Collect as much as possible

- Figure out what features are worthwhile

- Focus on those features

Our competitors have an extremely narrow lens into all the data around a transaction. We've found things that they'll never find or even have access to in the first place. Blog posts to come here as well.

They're just underwriting the risk so they guarantee "zero fraud" to the merchant. And they just have traditional risk-assessment algorithms applied aggressively.

Here are a few articles with more : https://techcrunch.com/2018/01/23/bolt-launches-an-amazon-li...

There's really nothing of a sea change here, just optimization of existing techniques.

From your much more informative link:

It does things like track where the mouse is moving on the page, whether someone is copying and pasting information into the fields, whether they’re making typos, how fast they’re typing, and many other factors. By analyzing customer behavioral patterns, Bolt says it has a better shot at stopping fraud than just asking for the billing address.

I wonder how this handles autocomplete? In a sense it would be a good sign if the browser already knows given and family names etc., but could that be differentiated from a quick (perhaps extension-assisted) cut'n'paste?

rbres, first off, thank you for sticking around and answering our occasionally snarky questions.

Second, what is meant by "Amazon-like checkout?" If that "YOUR BRAND" thing on the front page is a screenshot/representation of the service, it appears to be an AJAXy overlay over the normal site similar to what one of PayPal's three dozen or so integration methods does. I wouldn't qualify that as "Amazon-like" since it doesn't well integrate with the rest of the site in terms of look and feel.

Absolutely, more than happy to :-)

Amazon is currently able to invest $100M's and 100s of engineers into perfecting the checkout experience. There are actually hundreds of things you can do to optimize checkout. Here's one study: https://baymard.com/checkout-usability

We do all those things. We invest the engineering resources to perfect checkout. So that you don't have to. Even our checkout today is not perfect, but it's way better than the one's we replace. And will continue to improve with every deploy.

Now that you say it, Amazon-like can be a bit confusing. Really it appeals to our vision to help every online business compete with checkout by optimizing their payments flows.

Is it correct, though, that the checkout experience for users is a modal/overlay? And apart from the ability to display a custom logo, how customizeable is the design? (custom fonts, CSS, etc.)

We'll be rolling out more customization features. Big priority. They are sparse for now.

So........ did you get a little design inspiration from Stripe's site? Maybe changed that background to a dark color and toned down the nuance a bit?

Our old, hidden URL site, had the slanted style for the last 2+ years before their redesign: https://drive.google.com/file/d/1qM3lAjCdSuTPAU-R9S2THrD83Zd...

Is pretty consistent with our style today.

Judging from Crunchbase[0], it looks like this company did a pretty interesting pivot:

"Bolt is an online payments platform which allows users to make payments through digital currencies such as bitcoin.

Bolt wants to give e-commerce retailers a better shot at competing with Amazon."

Can anybody at Bolt talk about that transition? Why is there less focus on digital currencies? Any interesting success/failure stories of eccommerce companies using digital currencies?

Always happy to hear about successful pivots.

[0] https://www.crunchbase.com/organization/bolt-5

Big fans of crypto. I co-started the Stanford Bitcoin Group back in the day. Dropped out of school to re-engineer online payments originally inspired by crypto.

We realized crypto's shortcomings in mainstream payments (after a valiant year long quest) when we also had an aha-moment about how to re-engineer traditional online payments. Thus, the Bolt you see today.

News on crypto for online payments to come :-)

Consumer identity fraud isn't the only type of fraud problem that needs to be solved from the payment processor POV - there's also friendly fraud (when the customer is actually the owner of the credit card but claims fraud anyway), merchant fraud (merchants setting up bad sites and trying to steal funds), and collusion between merchant and customer.

It seems like Bolt is focused on solving the consumer identity fraud problem for merchants, but this biz models will 100% make them a huge target for fraudulent merchants to collude with customers to steal funds.

I guess I don't see how even an additional low single digit % fee will make up for false negatives. Assuming the company keeps .5% of the standard payment processing fee + takes an additional ~3% in fees on top of that, a $1000 false negative would require $1000/(.035) = ~$28.5k in additional processing volume to breakeven. This doesn't even take into the account the fact Bolt will eat the chargeback fee passed on from the network, so merchants with high volume/low average order value (think digital goods) will be hugely expensive for Bolt to service given they're making pennies per transaction but potentially paying 10x+ that per chargeback.

Hey dawhizkid - totally right.

Some comments on that in this thread:



We vet our merchants before onboarding and make sure to work with high-integrity companies. We monitor orders not just for identity fraud, but for merchant / collusion fraud.

That being said, we can certainly make mistakes. We also end up in the red some months with some clients. The good thing is that when we make a mistake, we pay the cost, not the merchant (which is contrary to the current state of the industry).

We have made reasonable profit per client even with our costs, but the real winners are our clients driving millions in newfound revenue.

What's the source of truth for deciding whether it was friendly fraud or not? Is it the chargeback reason code?

As far I know there isn't a specific reason code for "friendly fraud" (i.e. banks are passing along chargebacks telling you as a merchant that they think it's not actual fraud) and more often than not, especially having worked on this problem at scale in the past, friendly fraud chargebacks just come back with a "this is fraud" reason code.

In my "prior life", I can say that processors provide generic reason codes in order to mask how the determination was reached. The idea being that it helps mitigate forms of phishing attacks.

Other insidious forms of fraud include, but are not limited to, "settlement attacks" and "refund attacks."

Note that both do not require merchant knowledge or collusion.

So it's not really zero fraud, Bolt just covers the cost of fraud.

See the fine print too. They have tiered service. I don't know why they are advertising their super plan on the front page as if its their whole offering...

"If you have Bolt's fraud indemnification, Bolt will fully cover the costs of and manage fraud-related chargebacks. But, you will still be responsible for Merchant-related chargebacks (damaged goods, goods not received, unhappy customers, etc.)"

"If you do not have Bolt's fraud indemnification, we will contact you via Email to inform you of the chargeback. Your merchant account will be charged that full order amount plus a $20 processing fee. Then, we will request the appropriate information to help you fight the chargeback with the card network. If you win the dispute, you will receive the full order amount credited back."


We recently rolled all clients to the full offering. A couple legacy clients don't have the 100% fraud coverage, thus keeping it in the terms. But if you sign up with Bolt from this point forward, it bakes in the 100% fraud indemnification. Will probably even take that out of the terms soon.

So what percent of the transaction number is flagged as fraud, and how many is actual fraud? Losing a customer that is not fraudulent due to aggressive filtering is almost as bad as having a fraudulent one.

Good question. Addressed that here: https://news.ycombinator.com/item?id=16216455

Our top focus is order approval lift. Zero fraud is cool and all (and makes for a good posting title) but is really just an assurance that you should be comfortable as we start to approve way more orders.

How do you determine if a chargeback is “fraud related”?

Chargebacks have detailed reason codes which we programmatically sort. We also have a fraud analyst team that sorts through the non-fraud chargebacks to verify that they're not fraud related (some are mis-categorized by banks) before passing it off to the merchant.

So someone falsely claiming order not received is not covered. You don't cover friendly fraud.

Right now, we don't cover friendly fraud. The reason is that it's largely out of our control. We can't control how well merchants communicate with clients, how fast/reliably they ship, etc. So if we covered it, it lowers the cost of treating customers poorly. There will always be a bad actor here or there, but that's typically less than 1% of chargebacks (at least from our data).

Wow, you're saying 99%+ of chargebacks are claiming not authorized? Would not have expected that.

Not exactly. Friendly fraud is when a customer is a clear bad actor and, even though they receive the goods/services, they claim they didn't.

Merchant-fault is typically behind many of the non-friendly-fraud and non-stolen-card-fraud chargebacks. This includes late shipments, not adhering to return policies, damaged goods, etc.

That's effectively the same thing as zero fraud for anything that matters, if you never have to pay for it, no?

I mean, I guess if someone fraudulently signed up for a subscription, you'd lose the future expected monthly subscription fees or whatever.

But it's pretty much good enough. When I saw "zero fraud" advertised, my immediate assumption was that they paid for any fraud, and they were confident they had fraud low enough to do that and still be profitable. No other way to get truly "zero".

Spot on.

I have intermittent issues scrolling the fullstack job post (https://bolt.com/jobs/fullstack-engineer) in Chrome for iOS. Requesting the desktop site seemed to fix it. I was also able to get it working by randomly clicking the other postings and coming back. If I wasn't eating lunch I'd try to debug it better but it's easily possible this is only affecting my phone.

Looking into this thanks.

Am I reading the "acceptable user policy"[0] correctly in noting that any of the adult entertainment industries and those currently operating in the unknown at Patreon (Stripe), would likely not be welcome at Bolt either?

[0] https://bolt.com/acceptable-use

Nothing in adult for now. I'm not sure what "those currently operating in the unknown" means.

Hoping to expand to more business categories as we grow.

Our team did a pretty significant integration with Bolt last year.

Their platform is solid and was straight forward to integrate with. Their development team was also extremely helpful and helped us through the process at every step we needed them. They really did go above and beyond for us.

Are there any industries this product wont be working with (for example, adult video sites)?

Here's a list: https://bolt.com/acceptable-use

We hope to shorten the list as time goes on.

Was your domain recovered from a phishing site? It's blocked at my university.

Bolt.com has a huge history, including video-sharing that may have gotten it on those types of lists several years back.

We've had it for close to 3 years though.

Thanks. I'm willing to bet my school's IT dept hasn't updated any of their network software in like 5 years, so that's not surprising. It's specifically tagged as phishing.

Side-note: The link on HN goes to plain HTTP, hopefully you have HTTPS all set up!

Makes sense.

And yea thanks, the site auto-redirects to HTTPS.

If your domain has a mixed past, I'd strongly recommend registering a new clean domain (boltapi.net or similar) and loading all your checkout critical components from that.

Ah interesting suggestion, will consider it, thanks dsl.

I'm so excited to see Bolt redefine the payment space! If they can successfully defeat fraud, make it easier for customers to pay, AND integrate other payment methods, etc. - then this will be a BIG win!

I confused this for CardConnect’s Bolt P2PE product [0], which is also in the payments space.


Looks nice, but "get a quote" == "close tab".

On the pricing page? What exactly happens when you click it?

I don't mean technically. I mean that's my behavior. If there were at least a "starts at" I would know whether it's a complete waste of time. When there's not, I assume it is.

Here's why we exist: https://bolt.com/case-studies

So my question would be how many legitimate customers do they reject as fraud (false positives) in order to eliminate false negatives? :)

It's pretty insane.

Empirically, you'd rather let several fraudsters through in order to not trap a good customer (because of their customer lifetime value, brand value, etc).

However, the industry does the opposite. They'll reject 3 good customers to catch 1 fraudster. It's really bad.

Every switch to Bolt has seen a 1%-20% lift in order approval rates (while guaranteeing zero fraud) because of our unique data engine and data visibility. Huge reason why companies are switching to Bolt.

So you're saying despite having better fraud detection, your false positive rates (orders that would have been non-fraudulent but rejected anyway) are _also_ lower than the competition?

This is definitely something you might want to put in your marketting, but also back up in some way.

As a general rule, I'm going to assume any reduction in false negatives has some increase in false positives. If the general rule is not true in your case, I'm going to need to be convinced. :)

Here are some case studies to prove it: https://bolt.com/case-studies

Many of our clients switched from top-tier fraud detection providers and saw significant lift in order approvals with Bolt.

More case studies on the way.

Wow, wish I could comment on my experience with them, but I think there was a NDA (and I dont have the contract at my fingertips).

Bolt using Vantiv for their Payment Processing. They are part of Vantiv Payfac Program. I found it from my Friend.

How could they provide no fraudulent charge back? It's up to the bank and Visa not to the payment processor

We pay the cost on behalf of the merchant.

Spelling error in video is a big red flag for me. "Expidited" should be "expedited".

I've been following bolt since the past few years, congratulations on the official launch!

Many thanks!!

Excited to see this launch. The Zero Fraud guarantee is particularly excellent!

A friend of mine uses them and he says they increased his revenue by 40%!

Why do companies choose not to be 100% transparent? Any time I have to contact a company to see more or a demo or, even worse, see pricing, I close the page and make a mental note to never work with them in any capacity. I feel this type of boycotting is the only way to change the practice.

I mean, you even hide your docs behind a password? How terrible. What are you keeping so secret? Does this translate to your other business practices? Mental note made.

Just launched a couple hours ago. Thanks for the find, and I agree fully with the sentiment.

Docs are now fully public: https://docs.bolt.com/

Pricing varies depending on volume, risk, and a number of different factors given the complexity of payments (and that we're taking on full liability). But after a short call we provide a very simple flat rate with no BS. As much as we'd like to do one price, given the nature of our product, it's just not viable at this time.

Marginally related question: I just read https://bolt.com/team and how do you build such a large company before even launching? I mean, you have a fulltime recruiter on payroll. If you started in 2014 and stayed stealth for 4 years, how on earth did you manage to raise the funds needed to a) survive and b) have such a large team?

Note: I mean this entirely unskeptically. I wonder how you pulled this off and I think it's a positive signal about your company that you did.

Good question. It was actually pretty insane.

In payments, the MVP bar is high and we built like 4 companies in one (payment processor, fraud detection co, checkout platform, + more). So we had to raise a bunch, hire world-class people, and write code for a couple years before launch, all the while convincing investors that we weren't going to be another stealth-disaster-company. We then landed close to 100 customers while totally in stealth.

I'll be writing blog posts about how we did it -- from fundraising to recruiting to sales. It was 100 times harder than I ever imagined. But, it's made us stronger than ever.

This is way more interesting than the actual product, I can't wait to read the post!

Likewise. I hope the reason for remaining in "stealth" is detailed.

Are you hiring interns for the summer 2018 season?

Yes! Shoot us an email: jobs [at] bolt.com

If you can't provide specific pricing maybe give a few sample pricings with different scenarios so people can at least ballpark it before requesting a quote?


Our fee ranges anywhere from a fraction of a percent to a couple percentage points. Companies selling $100k diamond jewelry (of which we have several) vs companies selling $100 bikes have different levels of risk.

Most importantly, we typically charge 1/10 the revenue we generate for our clients: https://bolt.com/case-studies. Everyone who's signed up is 10X ROI positive. For a small single digit percent they're making double digit percent more money.

On top of the Bolt Fee, we match processing, and that's about it.

Does that mean you charge 0.10 * (new_revenue - revenue_before_bolt) in addition to the fees? For a company that keeps growing, that would asymptotically approach 10%.

We cap it at low absolute single digit percentages. Business capture way more upside than we do.

I'd wager they are planning to A/B test pricing models and hence can't make a public commitment.

Thanks. Pardon the harshness, I just abhor the practice and see it too often.

Definitely. Valuable feedback, and much appreciated.

Thanks for that. The docs are considerably more reassuring than the rest of the site.

Appreciate it. More to be published on the site, and welcome any and all feedback.

I always wonder why so many people don't respond to critical comments in the way that rbres has here.

It's such a great opportunity to show what your company is all about and win over skeptics.

Nice work rbres!

Now, let's do an interview with you on http://techzinglive.com because it sounds like you have a great story!

Send email to podcast[at]techzinglive.com if you're up for it ;)

p.s Thanks skrebbel for digging into that.

Thanks jv22222! Much appreciated. Transparency, positivity, and truth is our north star.

Will shoot ya a ping.

Currently stuck in this hell with a client, who needs a particular integration, but the company who wrote the program they need integration with refuses to give up any documentation.

Soooo we're just winging it at the moment, because it's their job to provide it to us (as agreed upon). I'm pretty sure they aren't going to get that integration.

Available outside US? Where?

You can accept credit cards anywhere in the world, in 50+ different currencies.

However, for now, settlement only to a US or Canadian bank account. We can do an instant transfer from a US/Canadian bank to an intlt account, but if you want to avoid US taxes and settle directly to an international bank, we do not support that. Our team is hard at work to support it in the next year.

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact