Hacker News new | past | comments | ask | show | jobs | submit login

The fact that coinbase is sharing this information with some third party is absolutely infuriating. I almost don't believe that.



At this point assume that anyone getting your data anywhere is sharing it. Not a question of if.


Looks like Coinbase is buying the data (Sift Score) to help them make better decisions on account takeover vs. not account takeover, credit card fraud vs. not credit card fraud, ACH fraud vs. not ACH fraud.

In this context it makes perfect sense. Unless they force 2FA for every login, how else are the going to protect good users from account takeover. Same goes for buying crypto, they need a tool to help determine if someone is using a stolen payment method or not.


The article author claims that part of the information they got from sift was information about one of their own logins. So it would appear that coinbase is sharing information.

The reason I'm so flabbergasted by this is that this seems to really, really damage account security. Now there is one company that has a massive profile on me, that also knows very specific details about when I log into my account, from where, from what devices, etc.

Completely unjustifiable imo.


This should help everyone better understand if interested: https://sift.com/developers/docs/curl/apis-overview/overview

Sift makes risk predictions in real-time using your own data and data from the 100s of millions of users in Sift’s global network. Our machine learning systems identify patterns of behavior across thousands of devices, user, network, and transactional signals. These are often patterns that only a machine learning system can spot. Using Sift, businesses have stopped 100s billions of dollars of fraud worldwide.

There are many abuse use cases that Sift can stop:

Payment Protection - Reduce friction at checkout to increase revenue and stop chargebacks before they hurt your business.

Account Abuse - Stop fake accounts from polluting your service and block bad users before they harm your business.

Account Takeover - Stop bad actors from hijacking users accounts. Keep your users safe and ensure that they always trust your service.

Content Integrity - Stop spammy and scammy posts from polluting your service. Keep your users safe from malicious actors.

Promotion Abuse - Make sure you’re only rewarding real users by stopping referral rings and repeated use of promotions.

Sending Data to Sift

To use Sift, we need to know about your users, what they do with your service, and what actions you take in response to your users. This includes:

How your users are interacting on your website and/or mobile apps (eg what pages they are visiting, which devices they are using, how long they spend on each page, etc). We automatically collect this data when you add our JavaScript snippet to your website and our Mobile SDKs to your app.

What actions your users are taking, usually key user lifecycle events (eg creating an account, placing an order, posting content to other users, etc.). You will send this data from your application to Sift via our REST API.

What actions your business is taking in response to users (eg approve an order, ban user due to fraud, cancel order due to chargeback, etc). You will also send this data from your application to Sift via our Decisions API.


Coinbase is a massive fraud target.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: