- The optimal amount of fraud a business/industry should accept is non-zero
The simple observation that the cost to prevent each marginal fraud attempt increases; the last 0.1% of fraud costs way too much to prevent compared to the first 99%. Obviously society would be better off if fraud didn't exist, but since it does the effort expended is only worth it up until when the marginal cost of prevention exceeds an acceptable threshold (when it starts to lose you money).
The optimal amount of fraud is still 0, but the optimal amount of fraud prevention lies somewhere on the margin.
This is why important transactions like banking have KYC checks, and buying a pair of sneakers don't.
I think you’re conflating the terms optimal and ideal. The ideal amount of fraud in society is zero. The optimal amount of fraud in society is not defined, because optimization problems are always subject to a set of constraints.
So then we may ask: “what is the optimal amount of fraud in society such that the costs of legislation, education, and enforcement do not exceed X% of GDP?” and that is a different question. You might also throw technology and R&D in there because new tools make it easier to investigate fraud. Of course new technologies also open up new possibilities for fraud, so this is a very complicated exercise. But I think it’s fair to say that given any reasonable constraints, the optimal amount of fraud is nonzero.
The way this is phrased, I expected to learn there was some benefit to a low amount of fraud, as such. There is not. There is a benefit to a high amount of trust, which necessitates accepting some amount of fraud.
The optimal amount of crime in a society is non-zero because a society with zero crime would be a dystopian police state where innocent people sometimes get caught up in the justice system's net to make sure it catches all of the criminals.
The classic principle of Anglosphere common law is that its better to let 10 criminals get away with it than to convict 1 innocent person. The same idea applies to fraud because overzealous fraud prevention causes problems for legitimate users whose actions incorrectly get detected as possible fraud. The benefit to tolerating a low amount of fraud is that your product won't be hostile to your legitimate users. The benefit to tolerating a low amount of crime is that you will live in a free society rather than a dystopian tyranny. Freedom is good and it is worth giving up quite a bit of safety for the sake of being free.
I said this somewhere else, but there’s 2 things at play here:
- A utopia where people don’t defect in prisoners dilemmas (most types of crimes like shoplifting: the store won’t have to hire loss prevention and cashiers, and you pay less for their reduced costs) is ideal, but:
- Such a utopia doesn’t and can’t exist because defection individually increases utility at the cost of everybody else. Hence cashiers, loss prevention, KYC, etc.
Thus the real world is a careful optimisation problem where we have to search for an equilibrium at which society as a whole benefits the most. People can argue all day about where this is, because the trade offs involved are non-obvious:
- More surveillance means, all else being equal, less crime, but police officers can defect too and only arrest minorities and use said surveillance for something else, etc.
The problem is walking through a very high-dimensional search space, and we humans are had at it. There’s no real solution though, because individual incentives don’t line up to solve it.
I’d argue that the optimal amount of crime is zero but the optimal amount of possibility of crime should be non-zero. That’s a necessary escape hatch out of a police state or authoritarian government. After all, the resistance against the Nazis was technically criminal at that time, even though now we’d all agree it was a good thing it occurred anyway.
It is especially important nowadays because unlike back then where technology was limited and surveilling 100% of the population was impossible, it is very much possible today and is already being done in certain places such as China.
Does he mention this somewhere? Last time I spoke to him, he was working on Stripe Press, his interest in fraud and spam prevention long predates his work at Stripe.
If you define crime as violating the anarchist non-aggression principle, then it makes more sense. The only problem is that the state would be the largest offender.
Nazi laws weren't moral, as it's not moral today to demand half of my profits or I go to jail.
You just picked your own idea of morality and decided to elevate it above others: you chose the "anarchist non-aggression principle" as somehow morally superior to other ideas about how crimes should be defined, and decided that with that definition, targeting zero crimes makes more sense.
But the whole point is that we will never universally agree on a morality because society's overall preferences shift over time. So targeting zero crimes never makes sense.
> ts better to let 10 criminals get away with it than to convict 1 innocent person.
is arguably false. it forgets that 10 criminals had 10 or more victims. If you optimize for the least number of victims then it's easily possible that convicting a few innocent people has a net positive in lowering the total number of victims including the victims of being wrongly convicted
to put it another way, perfect is the enemy of good. In this case if in pursuit of perfection of having zero wrongly convicted you end up causing more victims of criminals then you've arguably failed
I also believe that it’s better to let 10 criminals get away with it than it is to wrongly convict 1 innocent person. And I’m fairly sure that all the innocent people who were unfortunate enough to go through the court system would agree with me.
Also, not every crime must have a victim. There are a million victimless crimes.
Yes, it’s also debatable whether those should even be crimes (in my opinion - no), but the argument that 1 crime = at least 1 victim is flat out false.
also you too made the exact same error. you discounted the victims of the criminals. yes the 1 innocent wrongly convicted is bad but what about all the innocents that are victims of the criminals. You absolutely have to add those innocents to your total of how many innocents you helped
if you catch 10 serial killers and 1 happens to be innocent you still saved 9-18-27 lives in exchange for one innocent. If because of over zealousness of zero innocents being caught you only catch 5 serial killers you saved 1 extra life and forfeited 5 to 15 others
You arguably believe what I'm saying. no law enforcement can be perfect so it's guaranteed that innocent people will be mistakenly convicted. The only logical conclusion is if you truly believe there must be zero innocents convicted then you believe law enforcement should not exist since there will never be perfect law enforcement
it doesn't forget that. it implies that you shouldn't optimize for the least number of victims. it's cool to disagree with that and think about why or why not, but please actually engage with the idea rather than just assuming they didn't think it through at all.
> The optimal amount of crime in a society is non-zero because a society with zero crime would be a dystopian police state where innocent people sometimes get caught up in the justice system's net to make sure it catches all of the criminals.
At this point you're just playing with the definition of crime. I would argue that it is criminal to deprive an innocent person of their freedom, and challenge that your proposed scenario is actually "zero crime".
Secondly, you talk of catching "all of the criminals". In a "zero crime" environment there are no criminals - by definition if there is a criminal, then a crime has been committed at some point.
All that said I agree with your larger point - the cost of freedom is that people are not constrained before the fact from committing crime, and that's a good thing on the whole.
We don’t need there to be a benefit to a low amount of fraud to optimize for it. Optimization is a purely mathematical exercise [1]. Once we construct the problem with a chosen set of constraints then we apply mathematical techniques to solve it. Of course, many types of optimization problems (especially non-linear or non-convex) can be extremely difficult to solve optimally without relaxing some constraints or settling for approximations to the optimal solution.
But, besides that, the task of interpreting the results and of potentially selecting new constraints or even a new objective function is a separate matter. Perhaps we should be seeking to maximize trust rather than minimize fraud in society. But then we have to ask ourselves: “what would that look like?”
There does not need to be a set of constraints for optimisation to be defined. You can talk about optimisation on an unconstrained domain, for example all of ℝ⨯ℝ. But there DOES need to be a measure function that measures what you are optimising for. The benefit of fraud would be one such function you could optimise for, and that seems to be what GP is after. The pure amount of fraud is a different one, which seems to be what you are interested in.
Even without trust, you will reach an optimal amount because preventing fraud tends to become more expensive than the fraud itself, once you cover the simple and easy cases
The benefit to a low level of fraud is that people are still looking out for fraud, so the society is more robust. If there was no fraud, and someone just invent fraud (it will happen), the damage could be devastating.
they would have to be Moriarty level like in their inventiveness, most people start low and then expand their inventiveness with experience, the low early frauds would establish the new invention in the society.
I meant optimal fraud at 0 as in a utopia would have no fraud whatsoever; a utopia where everybody cooperates in prisoner’s dilemmas, where I can lend a stranger my phone and not worry they’ll run off with it, and where cashiers don’t exist because you can count on people leaving money as they walk out the store.
Obviously this utopia doesn’t and can’t exist: people defect because it works against cooperators. Fraudsters are people who defect in the societal game of iterated prisoners dilemma, and thus we have to build defences against them until some sort of Nash equilibria is reached.
So I guess I did mean optimal in two different ways. One is a utopian cooperative paradise, the other an optimisation problem for an optima where businesses make the most money and society overall is richer than if business activity got crippled.
> So then we may ask: “what is the optimal amount of fraud in society such that the costs of legislation, education, and enforcement do not exceed X% of GDP?” and that is a different question.
It's also not a question of any particular interest; you're interested in what maximizes (good - bad), not what maximizes (good / bad).
>reducing friction helps drive more legitimate business.
A very real example in retail. I can minimize the possibility that I'll be hit with fraudulent returns. Require a receipt, short window, store credit only, must be in like new condition with all packaging, etc. (Or just sell everything on an all sales are final basis.) Different stores do many of these things to a greater or lesser degree on at least some merchandise. But you'd probably better be offering really good prices if you do.
> I guess this can all fit within a “marginal cost” explanation though.
Yes, but it undermines the first point, a bit. There's costs-- direct and social costs-- to making transactions hard; so perhaps optimal for a society is still not 0.
Also, there's nothing to say that the amount of fraud is stable and that we can't find a world where we have better mechanisms to reduce it for the same cost. (Improved technology, legal structures, norms, etc).
Some of those aren’t analogous. Your Covid example: there’s also the cost _to others _ of you catching and spreading it, even if the risk to you is lower.
Speeding is another example: the cost (or risk) might be acceptable to you but not to the person you have an increased likelihood of hitting and doing serious injury to.
At a societal level, it holds, which is why we invest in measures to increase the cost of doing the wrong thing (speeding tickets, removing licenses).
An analogy that may resonate with readers here is that targeting zero fraud is like targeting 100% uptime in a computer system. You evaluate the business trade-offs and decide how many 9s of non-fraud are appropriate, knowing that (1) each additional 9 is more expensive than the last but only gives you 1/10 of the benefit, and therefore (2) infinity 9s (equivalent to zero fraud/100% uptime) is a useless aspiration for all practical purposes.
That's incomplete, though. The business running the computer system would bear all the costs in attempting to target 100% uptime.
Targeting zero payments fraud does mean the business has to bear the costs of the fraud prevention measures, but their customers also have to bear intangible costs, like the annoyance of a detailed, invasive know-your-customer process before being able to buy anything.
But if I'm a user of this computer system that targets 100% uptime, I don't have to see any of the downsides/costs that the business incurs to try to get that uptime. I just see great uptime, and it's all rosy for me.
I think it's important to acknowledge that, in pursuing lower (or zero) fraud, both the business and its customers have to bear costs related to that goal.
> The optimal amount of fraud a business/industry should accept is non-zero
Let's make that: "The optimal amount of fraud a business should accept under the current credit card online payment system is non-zero".
There is absolutely nothing intrinsic about online commerce that requires fraud. Online business routinely operate with a money first, zero consumer trust paradigm. They ask for my payment credentials first, and only then deliver the products.
If we were to design the online payment system from scratch, we would use cryptography to completely remove the notion of credit card theft, and escrow to settle consumer complaints, with an option for paid arbitration when things go bad. I guess you can call some of those cases "fraud" and some customers are so unreasonable that they border on criminal, yes, you can't make that segment zero, but I don't think that's the kind of fraud they are referring to.
The reason we can't have those nice things is because of immense momentum of the current system designed in the 60s by companies that have very little reason to change anything. In fact, an online payment reform would most likely strip them of their oligopoly. So yes, the optimal fraud level is non-zero because Mastercard, Visa etc. can push that fraud onto consumers (via retailers), and they are making much more money anyway from the current situation.
If you had zero fraud in society then nobody would build in any defenses against fraud at all.
You'd have a society of completely naive and trusting souls, which sounds blissful until someone wakes up one day and realizes that they can commit as much fraud as they like since society has no defenses against it.
It is like saying that the optimal amount of disease is zero, but if you have never had your immune system challenged by any kind of disease, then the first virus you come across will probably kill you.
Your suffering from childhood colds and getting burned by something like the car-out-of-gas scam help build defenses.
I like to think of it prisoner's dilemma style: the optimal amount of fraud is zero, the same way the optimal outcome for both prisoners is to both cooperate. But the equilibrium at 2-cooperate is not stable, somebody will gain more utility for themselves by defecting, the same way with 0 KYC on any and all transactions fraud is laughably easy.
Thus, the global optima is one where there is no fraud and everybody cooperates, but it's not a stable optima and we slide to the real world where there are tradeoffs for preventing fraud, and there reaches a point where rational actors deem the tradeoff unacceptable and thus accept some level of fraud.
Not a perfect analogy with disease. And maybe it should suggest to you that maybe in fact, the optimal amount of fraud is zero.
With disease, the optimal amount is likely still zero. The immune system we have is not great, its only selection criteria is to keep people alive long enough to have children and keep them alive long enough so they can. We're beginning to understand, like with HPV, that anything from a life threatening case to an asymptomatic one can cause lifelong changes in the immune system and either cause or increase lifelong risk of non-infectious diseases.
And that's setting aside that we can, for example, just eradicate certain diseases if we set ourselves to it. Polio, smallpox, and hopefully malaria.
If we could eliminate certain kinds of fraud - through education, through making it impractical - that seems good, yeah?
But I think you just showed that its really pretty similar.
And my gut reaction to the title of the article is that we really need less fraud and that we're very, very far from optimal right now. Although I'm not very concerned at all about fraud against government programs to help the disenfranchised. I'm more concerned about the endless e-mail, phone scams, door to door scams and all the stuff that prey on the elderly and vulnerable.
Similarly with the immune system it would be interesting to consider wiping out Epstein Barr and maybe eliminate Multiple Sclerosis, along with exterminating the mosquitoes that bite humans and cause disease.
But zero is likely not achievable or a stable optimum, and we're probably not going to cure the common cold or wipe out influenza and we may not want to (at least not without quite a bit of science fiction, global access to medicine and nearly 100% acceptance of vaccination in the population).
I think we're in agreement - the analogy to disease was flawed because eradicating some (perhaps many, all?) kind of disease would have widespread, uniformly positive effects.
The person I replied to seemed to think that exposure to disease helps in youth? Certainly seems like a widespread idea, but I don't know how true it is.
this explains things significantly better than the article, which seems to be little more than dragging out a surprising-sounding headline with a pretty obvious concept
The reason I went to the trouble of writing it was that many, many people in both business and the finance industry do not agree it is obvious and a good portion do not agree it is true, and they take actions consistent with those beliefs, which harm themselves and others.
To be more specific, the article mimics the topic of a counter-intuitive "surprising" truth (like, for example the goat problem; or flaws in human cognition), while letting the reader down by making an obvious, easy to understand truth unnecessarily complicated.
This optimal (#) can and probably will change soon. We all carry around phones capable of trivial non-reputable verification, and centralised digital cash (not bitcoin but BankOfEnglandCoin) is technically feasible. So it's quite technically feasible for every day to day transaction to be completed with
with the sort of KYC verification currently reserved for say house purchases.
It's just the political / societal implications. These are beyond "hey it's expensive for banks to cut down on fraud"
I disagree with the "banks should allow certain levels of bank fraud because X" for the simple reason we don't have "banks should provide interest free funding to murderers, sex traffickers, pornographers and drug ring" even though that is often the same thing. (And in a two page HN thread I am sure I am not the first to say that)
(#) someone else mentioned the difference between ideal and optimal which is a very good distinction.
I doubt it. The current system is a local optimum. Better local optimums already exist elsewhere.
In The Netherlands, direct online payments using debit cards are very common. These are secure payments, verified through a bank’s mobile banking app or internet banking with 2FA.
This means there is no risk for the seller that a payment gets reversed. There is fraud, but it centers mostly on social engineering people to authorise payments for others, or to mail their debit card to “the bank” for “recycling”.
Cost per payment: about 30 cents.
Meanwhile, in other countries, credit cards are the common online payment option. Security? A number on the front of the card and a “secret” second number on the back of the card.
Cost: 1.5-3.5% of payment.
Better security is possible, but it’s hard to move from a local optimum when you’re locked into a certain ecosystem.
The credit card no-security scheme works because everyone gets reimbursed for fraud. It comes at the cost of retailers handing a few percent of every transaction to intermediaries, instead of just a few pennies.
At some point (maybe already) we will perform 50% of GDP online. That makes the Visa network essentially a seperate private tax collecting entity. I get the "local optimum" - it's hard to break. But if anything motivates governments it's competition
I would not call anything in the fragmented, legacy US financial system “trivial.”
It took us a decade and counting to get chipped cards, longer to get contactless pay, and even then we don’t really use the PIN part of chip+pin. Something like FedNow is only coming next year.
I mean every central bank could tomorrow just put up a non-permissive (#)
blockchain and just make a virtual coin for every cent out there. And this would cause utter chaos. It would essentially end fractional reserve banking. That makes loans ... difficult.
The impacts are enormous, but a digital native currency is so simple, so attractive we may well try it. And then have to rethink our financial regulations. It will look a lot like ICOs.
I still think it is inevitable.
(#) ok the terminology I find either dubious or I misunderstand but basically
every wallet holder gets their private / public key registered, then there is a known state of money globally, and the Bank is a verifying party to each transaction. Something like that anyway. Theee are many options but essentially if we all "trust" the money printer then the technical problems simplify.
Yeah but there is not a digital version, issued by the BoE. It's not a digital native so has all these layers on top.
I think a clean simple version is appealing - it's kind of the case for Bitcoin as a whole. Unfortunately they people attracted to that case did not realise that 75%+ of regulation and layers is trying to protect people from sharks.
Great explanation. But I'm not so sure about "The optimal amount of fraud in society is 0".
Especially if we broaden fraud to include other crimes. There are costs to prevent other badness in society as well. Firstly it's the cost in taxes/allocating resources to its prevention: Do we really want to allocate a really large chunk of our shared human capital to police marginal criminal activity? How much more polices, judges, attorneys, lock makers, etc would we need to stop the last bike theft?
Secondly and arguably more importantly is the cost of freedom. A lot of the digital surveillance initiatives that are discussed and dismissed here on HN are enforced in the name of zero tolerance against (really bad) badness in society.
I think its hard, or impossible, to create a somewhat large society with zero crime rate. At least if we still want even just a sliver of the freedoms we are accustomed to in liberal democracies.
I think the point is that in a theoretical society in whcih there are no bad actors, and there is no cost to prevent fraud, the optimal amount of fraud is zero. That is, there isn't a reason you would want to encourage fraud, because a little bit of fraud is good. But when you also consider the cost of reducing fraud the optimal state for the system as a whole will have a non-zero amount of fraud. And of course, bad actors do exist, so in a real system you want to accept some amount of fraud.
The difference is significant, because if you discover a way to significantly reduce fraud for a low cost (including cost of freedoms and similar), it will be worth implementating. And there isn't some point where you say "we are already down to x% fraud, we don't want to go any lower than that, even if it doesn't cost us anything".
Hmm. I think my mental model is more that it should be "randomly" enforced. The probability of getting caught is higher than some certain threshold, but that it's not necessarily bad if that threshold is lower than 100%.
I can't think of any resonable society that have taken actions to show that they want the probability to be 100%. I would even argue that the most harsh dictatorships probably have the highest enforcement, but that laws were/are very selectively enforced in the favor of e.g regime officials.
This, definitely. But also - at the social policy level, there are two additional issues:
- Outsiders: It's good to keep members of your society fraud-savvy enough that they can safely travel & do business outside your society...without being easy marks for fraudsters.
- Stability over time: If your society somehow gets fraud down to ~0, that'll lead to big cut-backs in anti-fraud efforts, "end of history" dreamers proclaiming that fraud has died, etc. Which is obviously a set-up for a sudden huge resurgence in fraud.
More generally--the cost to eliminate bad outcomes goes up exponentially as you deal with the easy bad outcomes. Credit card fraud is simply one example.
Or consider a simple non-financial example: I left half a dozen pears on the tree this year--getting those last few pears would have required hauling a 50 pound ladder around the house and then struggle with setting it up. (Due to it's size it's a lot harder to handle than it's weight indicates.)
There are also arguments that a certain amount of rule breaking is neccesary in society to support innovation. A society with no rule breaking becomes static.
> This is why important transactions like banking have KYC checks, and buying a pair of sneakers don't.
Banks do KYC checks because it is required by law, not because it does anything to reduce fraud. Fake IDs are a thing. Requiring identification does not make transactions safer without a lot of other stuff happening too.
"optimal amount of fraud in society is 0" - are you sure? why?
Bad Things(tm) are useful for testing and improving safety/security, and when I see people/institutions with no experience reacting to Bad Things(tm), I know they're in for a world of hurt when it does happen.
Perhaps you mean, the optimal amount of fraud that isn't prosecuted... or not detected... ? Even then, I'd argue that there's a tiny percentage that's useful for keeping the safety/security industry on its toes and at the ready.
As a proof point, if you believe that war (world peace) is not a solved problem, then it's only a matter of time before your city/region/civilization/race faces an existential threat, for which the only true preparation is to be ready to innovate and mobilize.
Sorry if this comes across as dark. I mean it in the same vein as having a small percentage of farmers is desirable.
By contrast, I visited a traditional silk factory in Stockholm (amazing btw) and the craft has been lost to the point where they're struggling to find craftspeople able to work their looms and other old equipment. See Jonathan Blow's excellent talk about lost technology: https://www.youtube.com/watch?v=ZSRHeXYDLko
- The optimal amount of fraud in society is 0
- The optimal amount of fraud a business/industry should accept is non-zero
The simple observation that the cost to prevent each marginal fraud attempt increases; the last 0.1% of fraud costs way too much to prevent compared to the first 99%. Obviously society would be better off if fraud didn't exist, but since it does the effort expended is only worth it up until when the marginal cost of prevention exceeds an acceptable threshold (when it starts to lose you money).
The optimal amount of fraud is still 0, but the optimal amount of fraud prevention lies somewhere on the margin.
This is why important transactions like banking have KYC checks, and buying a pair of sneakers don't.