Anti-fraud departments have apparently not gotten the memo, and the whole situation has gotten obscene in the last few years.
I regularly travel for work and it's impossible for me to make any purchases on major sites like Walmart, Best Buy, Target, Costco, etc. They all will accept an order, charge my card, and then randomly cancel the order some hours to days later, and refund me.
Similarly when traveling internationally, Schwab bank decided they didn't like one of my debit charges and blocked the card. I called Schwab and they gave me some "publicly sourced" 3 question quiz about myself that I apparently failed and they locked my entire account until I can fly back to the states and come into a branch.
Luckily I have a 2nd bank account and was able to change my payroll. But it's just insane to me that some random debit charge has resulted in my inability to access most of my money or my brokerage positions.
I hear similar issues and horror stories from all my coworkers and friends that travel.
Ditto to this. My experience has been very similar to yours.
The amount of incompetence involved with payment processing and banking is just mind boggling. KYC/AML is very quickly turning into bizarro big brother. But not an all-knowing AI big brother. A stupid 2005-era IP address detecting one. You do a little too much traveling? Poof. There goes a month of your life to banking jail.
A simple two-factor mechanism like passkeys or authy (that isn’t based on SMS to unreliable US phone carriers) would solve about 99.999% of this.
Banking regulations and poorly understood rules by lawyers transform into monstrous implementations of security for banks.
For example, my banking app requires Face ID to unlock it and to approve payments. But for certain types of payments, such as more than 3k USD, instead of using Face ID to process the payment it requires and SMS OTP entered into the app. Which tends to suck when I'm using another SIM or if the SMS does not arrive in time if I'm traveling internationally. How on earth do they think SMS is more secure than biometrics beats me.
Yeah, sure. I mean "we don't do fraud detection, it's literally one of our design decisions that you can't do anything after fraud has happened, and also, fraud is kinda in our DNA" systems are totally well suited to solve that.
Famously, the optimal amount of fraud is non-zero. We may yet discover that the amount of fraud in crypto is superior to the fiat systems.
In COVID times governments noticed that freezing bank accounts was an option. Having systems that cannot be subjected to that is wise; even if it involves high costs.
What if you get Dementia (or even die) and forget the password?
It's possible to have set up a second password with a trusted third party, but then you have to trust that entity the same way you trust the bank - not just against them stealing your money, but against other parties hacking their systems and recovering your keys.
It’s also possible to split your seed phrase into n pieces, requiring m of them to recover it, and give those pieces to third parties. You don’t need to trust any individual or entity, but together they can get your keys if you lose them or die.
I know nothing in IT is certain. But I am pretty sure anyone can come up with a simple (or complex) backup solution that suits them and is 99.99% safe.
And expecting people to come up with their own solutions for problems that banks struggle to solve, is going to be a recipe for disaster for 99.99% of the people.
HN loves and cares deeply about crypto as in cryptography. Cryptocurrencies, however, have already been rife with fraud. Claiming it's designed to solve this isn't particularly convincing if it failed to solve it.
by your logic a local racist militia will improve the police.
just because something is not perfect adding something obviously worse won't force the previous thing to be perfect. regulation will tho, but you cryptocoins liberals won't hear about it
> by your logic a local racist militia will improve the police.
It very well could, why not? All kinds of unsavoury groups do policing around the world. Often wearing a government badge. Some people think that is acceptable, to keep murderers and looters off the street, while some people think that racism is so unacceptable that murder and looting is preferable.
out of curiosity, are you "privacy conscious", as in minimize sharing your location, personal information, etc?
I have a pet hypothesis that a lot of the security heuristics they use are based on being able to spy on you everywhere you go, and the trail of digital litter you leave behind "confirms" it's you where you are.
It's difficult to draw conclusions from my own experience because the security landscape changes and I don't know what other people encounter. I do know people who spend their lives online on the phone and they don't complain about having problems blowing their whole paycheck every week; like for instance my assistant who doesn't either have trouble purchasing things for me.
I happen to share a name with somebody in my family, and these risk-reduction facets literally cannot tell us apart. I've been told "wrong answer" when giving the right answer to questions about myself, but they're asking me questions about a different person, because again, having the same name is sufficient to get mixed up, apparently.
> I regularly travel for work and it's impossible for me to make any purchases on major sites like Walmart, Best Buy, Target, Costco, etc. They all will accept an order, charge my card, and then randomly cancel the order some hours to days later, and refund me.
These sites are not cancelling your orders. The card-issuing bank is.
Disagreed, the banks aren't cancelling it - they wouldn't authorize the transaction in the first place. Chances are, the banks are correctly returning an address verification mismatch if you didn't use your true billing address.
Most likely the stores are cancelling the orders because of billing/delivery address mismatch or (if you didn't set a different billing address) that it doesn't verify against your card.
Or, in the case of one particularly annoying site I tried to order from--a name mismatch.
The site was clear upfront that everything had to match EXACTLY or they would cancel the order. I logged in to my online banking and copy and pasted my debit card details to make sure there were no issues.
The one thing I didn't think to copy and paste was my own name because, I mean, I know my own name, right?
Apparently not as I'd entered "John Public" and to my surprise my debit card was issued to "John Q Public".
Same here. While in a Nike Store in London, I could not use my Barclaycard for a 50 EUR purchase. So unheard of to use a Mastercard for purchasing something while on vacation. Used a different card which worked fine.
No SMS or notification on my phone to verify myself either.
Wrote them a mail to ask what this was about and why I cannot use my card, but they only wrote back that the card was not blocked and everything was fine, but sometimes they are afraid of fraud etc.
I’m a little confused, a 50EUR purchase in London, UK? Also which country was the Barclaycard issued in?
You’ll probably also find that banks are much twitcher around merchants like Nike and Apple because their products hold value really well, and are easy to sell on the second hand market. Makes those products a really great way to exfiltrate stolen funds because the products are almost as liquid as actual cash.
It's probably on transactions that are requested solely based on the card number, and no PIN.
I got hit by these blocks with a EU card a long time ago, as the shop was trying to pass the charge with the magnetic strip. Had to phone to the VISA center to let the charge pass through on next retry.
Nowadays I'd assume any "card in the machine" transaction done with a PIN would go through no questions asked, even if you're located in Antarctica on their database.
This is the thing that surprises me most about credit cards: you can pay with just the information that's easily visible on the card. And you share that information directly with the merchant. Surely that's a gaping security hole? I'm not surprised they need to be paranoid about fraud, if it's that easy.
When I buy something with my bank card, I always have to provide my PIN. If I buy something online, the site redirects me to my bank, where I authenticate myself with my bank's system, and then authorize the payment with my bank's system (involving 2FA), and then the bank tells the site that the payment has been authorized. The site can blindly trust my bank and can immediately ship stuff to me, because the payment will go through.
I've never had any blocks nor fraud issues with this system.
I think so, not an American citizen but travel often to many places and remember Dell cancelling my notebook purchases ~5 times in a day (in two different years) until I call to a sales representative. I share the same experience in Dell with American citizens.
No. My (UK) bank will decline purchases if they look suspicious and send me an SMS with the information and ask me to yay/nay them. (For 4 years running, they did this for my early September purchase to Apple. Most annoying.)
Apple iPhone release day is a right royal pain in the arse for banks. The surge of one-off high value payments causes a huge spike in false positive fraud detections, which then swamps staff responsible for performing manual checks. And that’s after we’ve already tweaked rules to prepare for iPhone day
On top of all the, the fraud systems at the major card networks also go haywire. They start seeing huge spikes in high value transactions, and start randomly declining transactions. On the banks side, we can see these transactions being declined by the network, but it’s damn near impossible to stop them. The card networks themselves set the rules, and getting hold of someone technical enough to turn them off is surprisingly hard to do.
Suffice to say, iPhone day each year is a bit of an all-hands-on-deck situation for bank fraud teams. You’ve got your technical teams trying to tweak rules to better detect and ignore iPhone purchases, which it much harder than it should be because Apples payment processing system is a Byzantium nightmare that creates so many different types of transactions, and uses so many merchant identities you can just do a simple “if Apple, ignore” rule. Then you’ve got your reviewer teams working hard to rapidly the all the flags so customers are impacted for too long.
It doesn’t help that buying MacBooks and iPhones is a classic way for people to commit credit card fraud and money laundering. The products hold their value so well, and are so easy to shift on the second hand market, that’s it’s a prime method for organised crime groups to liquidate and launder stolen funds.
Allowing me to buy things via my bank account is pretty much the use case for a bank account. I have very little sympathy for the self inflicted "byzantine" consequences that result from a single valid purchase.
You don’t seem to understand, the Byzantine problems are caused by Apple. They don’t bother properly following the network rules and guidelines, as a consequence the data banks get about their transactions in order decide an approval or detect fraud is a complete and total mess. Makes detecting fraud vs legitimate transactions harder than it should be.
Eh, I assume you also want your bank to block fraudulent transactions on your card. Somehow I doubt you would react kindly to someone buying half a dozen MacBooks on your card without your knowledge.
That, to me at least, is the difference between credit cards and bank cards: the only way to spend a significant amount of money with my bank card is with my authorization. Admittedly cracking a 4-digit PIN number is not that hard, but fraud with this is hard to commit and easy to detect (because I'm missing my card). With credit cards, the information needed to authorize payment is written on the card, easily photographed, and you need to share it with the merchant you're buying from.
Of course I want fraudulent transactions to be reversed, but more than that, I want to use a system that makes fraud hard, rather than an everyday occurrence.
Netherland. It's not entirely clear to me what Americans mean by a debit card, but over here, we tend to pay with our bank card, and simply transfer money directly that way. Although with smartphone apps, the card is now mostly optional; I just pay with the app. Over NFC in a shop, or by scanning a QR code online.
Although one of my banks has recently sent me a new bank card with a credit card number on the outside, and that worries me a bit, because I don't have or want a credit card from that bank, and I certainly don't want to expose myself to that kind of security hole.
That's a debit card then. In the Netherlands, that historically means Maestro or V PAY, which are indeed not usable for online payments.
But as you've noticed, Maestro is being phased out by Mastercard, to be replaced by Mastercard Debit, and that one will be usable online using its 16-digit card number just like a credit card.
If you don't want to use the online payment feature of it, some banks let you disable it. Otherwise, the worst that can happen is that you're short the money until your bank refunds you in case of fraud – still very frustrating if it does happen, but it's very revocable.
> Maestro is being phased out by Mastercard, to be replaced by Mastercard Debit, and that one will be usable online using its 16-digit card number just like a credit card.
But that's a massive step back. We should be getting rid of payment information on the outside of cards to share with merchants. We should be introducing protocols for secure online payment through your own bank. Which Netherland has (iDeal), but it's not universally internationally supported. (Steam supports it, Lego does not.)
What we need is an international version of iDeal, not turning everything into the insecure system that credit cards use.
> the worst that can happen is that you're short the money until your bank refunds you in case of fraud – still very frustrating if it does happen, but it's very revocable.
Yes, but that introduces fraud into a system that doesn't need it, which will drive up the cost for everybody. It's a step backwards.
Seen purely from a security point of view, I agree.
But so many people have only exactly one debit card and currently can't use it for online payments abroad at all. Adding that feature to a bank's standard card seems like a good idea from that point of view, especially given that it doesn't add any additional liability. I also think it should be possible to be deactivated, but "on" seems like a reasonable default to me.
> We should be introducing protocols for secure online payment through your own bank.
This exists for credit and debit cards: 3DS! It's even mandatory for many intra-EU payments. If it's not used, chargebacks are mostly trivial to win for banks.
> What we need is an international version of iDeal, not turning everything into the insecure system that credit cards use.
Realistically, that's not going to happen anytime soon. Visa and Mastercard have had many decades to grow their international footprint.
Domestic alternatives have started showing up (e.g. UPI in India, WeChat and Alipay in China) with significant success, though, and I could see some of these eventually expanding to a competing global system. I don't see that happening for an individual EU country's scheme, though; it would have to be something pan-European like the proposed "digital Euro".
Not if users aren't aware of the fact that their bank account suddenly has a massive new vulnerability they have to be looking out for.
> 3DS!
Another system by Visa and Mastercard. I'd really like our payment systems to be independent from that duopoly.
But also: it still has the fundamental problem that credit cards have: you still enter your card number into the merchant's website. From what I understand, only if merchant and customer agree to the extra security, does it actually offer that extra security.
The big advantage of iDeal is that the only thing the merchant has to know, is which bank I use. Merchant redirects me to my bank, sends the payment details to the bank, I authorise the payment on my bank's site with the best security my bank offers, and the bank sends me and the approval back to the merchant.
Many webshops kinda do something like that by handing payment off to their payment provider, but their payment provider isn't my payment provider yet still needs a credit card number. And what if a merchant uses a shady payment provider? But if those payment providers were to support a safer system, and international version of iDeal, that's really all we need. (In fact, I think some of them do support iDeal, which is great.)
But I want to get rid of typing large supposedly-secret-but-not-really numbers from my card into a stranger's webform.
3DS is mostly independent standard from Visa and Mastercard. Yes they’re responsible for authoring, but the technical systems underneath are pretty much independent of standard card processing systems. 3DS is basically implemented as a standard set of REST API and html pages, with a standard around how the 3D flow is initiated, and crypto tokens exchanged via standard card payment ISO messages.
Nothing would prevent you from strapping 3D onto any other payment system of your choice.
Merchants have to choose to perform 3DS, but EU Strong Customer Authentication rules make it mostly mandatory for EU merchants to use 3DS. They can only really opt-out if they can consistently demonstrate they’re capable of detecting and preventing fraud, keeping it at levels that are basically equivalent to fraud seen on 3DS transactions.
The card number alone is not enough to perform a card transaction. There are some merchants out there that are capable of performing card transactions with only the 16-digit number, such as Amazon, but you need to be a very large merchant, and demonstrate you’ve got effective fraud controls in place to prevent abuse. Any smaller merchant attempting something similar will find their merchant accounts quickly closed, and all transactions automatically refunded.
> Many webshops kinda do something like that by handing payment off to their payment provider, but their payment provider isn't my payment provider yet still needs a credit card number. And what if a merchant uses a shady payment provider?
They mostly don’t exist. Becoming a payment provider on the Visa and Mastercard networks is expensive, difficult and very time consuming. Additionally Visa and Mastercard monitor all network participants, if they’re seen to be misbehaving then they get disconnected from the network, and their collateral payment is seized. So running a shady payment processor isn’t profitable.
The system isn’t perfect, but most of things you’re concerned about don’t happen in the EU. They happen a lot in the U.S., but the U.S. has a very different culture around money to the EU, and their payment systems are a bit more bonkers. Which is why EU banks tend to get a bit trigger happy with their fraud rules when customers travel to the U.S.
But they're mostly not self-inflicted: the cause of all these things is asinine banking regulations (under the guise of combating terrorism) that are enacted by governments all across the world.
Nope, there are very few banking regulations that exist to prevent terrorism, mostly because transactions associated with domestic terrorism look exactly like normal transactions, and are so few and far between that statically there’s basically zero chance you’re gonna correctly detect them.
Any rules that are around detecting terrorism are mostly to do with sending money to sanctioned countries and individuals. Those rules are stupidly annoying to work with, because you’re basically force to write a rule that boils down to “does transaction description include the word ‘Iran’ then flag/block transaction”. As you can probably imagine they’re not very effective, but you look like a fucking idiot if your customer gets caught up in a terrorism investigation, and you didn’t flag/block those transactions.
Most regulation deals with something far more mundane, money laundering. It’s mostly to prevent organised crime groups being able to launder their cash, that either cash generated from the “traditional” crimes, but more often it’s cash generated from socially engineering normal people into handing over bank details, or simply convincing them to send their life savings to a fraudster. Something that’s far more common than people expect, and far more effective than people expect.
>On top of all the, the fraud systems at the major card networks also go haywire. They start seeing huge spikes in high value transactions, and start randomly declining transactions. On the banks side, we can see these transactions being declined by the network, but it’s damn near impossible to stop them.
Because Apple don’t use 3DS, also it impact things like in-store payments, and also Apple Pay setup. Cards are added to Apple Pay using a special set of payment network transaction messages, which to the networks systems just look like normal card transactions. Unfortunately the network fraud rules aren’t smart enough to differentiate between thousands of cards being added to Apple Pay, vs thousands of unexpected transactions that all appear to be coming from the same “merchant”.
At the end of the day, you end up paying for fraud. The article might say that business “absorb” the cost, but that’s bullshit. Business “absorb” the cost by increasing prices, and increasing fees.
Given the fraud generally effect all businesses in the same market equally, there’s little incentive for businesses to reduce fraud, because it cost all of their competitors are having to absorb, so everyone just bakes the cost of fraud into their prices.
No, I had fun times with UK Citibank blocking my card when I tried to pay for a hotel in US as well. Nothing better than not being able to pay for a reserved room after 13 hours of travelling.
I have been traveling internationally continuously for 6 years and haven’t had any of these issues. I use Schwab, Capital One, and Chase for banks and credit cards. I don’t stay any one place longer than 6 months; usually just 3months in a country.
When my bank card expired Schwab even overnighted a new card to Peru for me. I order from Amazon a fair amount and don’t have any issues.
Maybe you are in this weird algorithmic grey zone where you don’t travel enough so everything gets flagged. Where for me I have been traveling for so long that nothing gets flagged.
I've been traveling issue free for a long long time before these things started happening. It's really only in the last couple of years it's become a problem.
Also I don't have issues with classic eCommerce stores like Amazon, Newegg, B&H, ebay. It's only the new wave of eCommerce stores trying to enter the market this decade, like all the big box stores. It's like they all got sold the same crap anti-fraud software/service.
Just like everything. The optimal amount of crime, unemployment, accidents, deaths, etc... is not zero.
For example, when building a road, there is a certain chance that an accident will happen, that some people will die, and that could have been prevented. For example, by installing a guard rail, enforcing speed limits, or by taking a different path.
But installing that guard rail for a one in a million chance that something bad happens is money better spent elsewhere, like improving safety where it matters more, and people tend to dislike the resulting taxes. Enforcing speed limits have a cost too, that can be recovered from the fines that result from it. But the goal is not to bankrupt your citizens with fines, and constant surveillance is not very popular. And the different path you are planning may go though people homes, relocating people is also expensive, and usually not very popular for the people in question.
So, we tolerate a few accidents and deaths over a dystopian society.
> But installing that guard rail for a one in a million chance that something bad happens is money better spent elsewhere
Just for clarity -- guard rails, where we choose to place them, probably cost $500k to $2M per life saved over their lifetime, while the value of a statistical life in the US is >$10M. This comparison ignores costs of non-fatal outcomes (injuries, disability).
It seems like we should be deploying more guardrails, even though their marginal return would be less than our current average.
The problem the article poses is actually not one of diverting costs, despite how GP's metaphor would indicate... It's that with fraud, only the most draconian systems can be effective at stopping all fraud.
In the above metaphor, it's more like guard rails are already in place, the speed limit is 1/10th a reasonably safe velocity, and the only way you can stop the remaining death-every-decade is to make everyone walk the road instead of driving it, and guarded so that you don't encounter any strangers along the way either. Very safe. But now nobody even wants to take this road. But it's so safe! Zero deaths, no injuries, ever.
Sure, the expenses/value argument can be made, too, but that's not ultimately what makes it nonzero. Even if you had limitless resources to apply to the anti-fraud, the only way you're getting nonzero fraud is if a large amount of legitimate customers are inconvenienced or outright denied as well. This is due to how easily fraudsters can still find processes and marks to make it worth their time, and regulations + policies are ever evolving to keep up, but a lot of it comes down to a cost/benefit analysis by the business. The internet just scales this up by several orders of magnitude too.
what? no. Government money is a direct pipe to transnational corporations and the billionaires that run it. Welfare payments are peanuts compared to it.
like trillion dollar bank bailouts, subsidies awarded through ruinous competition among jurisdictions, trillions and trillions of dollars of defense spending for which the government will invent endless wars.. like that?
What's the value provided to citizens by spending 67B on health in the USA in terms of value provided? 10B in a country where prices are not the result of insurance companies colluding with the government?
> Government money is a direct pipe to transnational corporations and the billionaires that run it. Welfare payments are peanuts compared to it.
I don't see the point in hypotheticals. You're restating the politics you've absorbed over years of consuming a certain slant of media. There's no point in that, and no point in me doing the same.
I would like to emphasise that the parent has said "where we choose to place them", so they're not contradicting the grandparents metaphor, just giving an interesting FYI.
> The optimal amount of [...] deaths [...] is not zero.
That's not true. It assumes that there is an objective, known price for a life. Since you can't have e.g. 0.1 deaths, there's no guarantee that the optimal amount is at least 1. It's more that it's the outcome of haggling, politics, and the willingness to turn a blind eye to the consequences of stupidity.
True, but you can have 0.1 deaths per year, by having 1 death per 10 years.
Of course, I agree there are some things that don't work well for that - nobody's going to be happy accepting "1 nuclear meltdown per 30 years" even if statistically it'd mean fewer deaths than coal.
There's a price for life in a given society though. Due to resources being finite and wellbeing mattering. In the UK I believe NICE uses £30k/QALY as the price.
Yep, although short term end of life years are deemed more valuable (e.g. if you have 3 months to live and we can get you another 3 months, we'll pay more for those 3 months)[0]. And the number is a bit flexible based on other factors, I think.
Imagine 10 km/h, the more hours you have drive the more kilometers you've driven. Similarly, with £/QALY the more QALYs you've paid for the more £ it will have cost.
Maybe that's a poor way of stating the problem. In a zero tradeoff world, 0 deaths would be optimal. We don't live in that world though. For example, flying is supposedly safer than driving. Airplane crashes happen. We could demand zero deaths from the planes which would drive the costs up, causing more people to choose to drive, causing more deaths.
So, in relation to airplanes, we can't choose zero deaths in the real world. We have to choose some imperfect trade off, otherwise we'll cause more deaths.
End-to-end principle in action. You could try to make every stage super-reliable and fraudproof... but that yields a terrible overall system compared to a much lighter touch and going after complete transactions which turn out bad.
> GPS based speed limiters are cheap, effective [...]
While this is technically true (the devices themselves are cheap and effective), the data required for them to work well doesn't exist. If the data exists at all, it is usually horribly out of date. So in practice there will be many cases where these devices limit you to the 30mph from last year's big construction project. Then you get rear-ended because nobody expects you to slow down 50mph for no reason at all.
I feel like this "bad data" problem would disappear immediately if there were real world consequences for it being incorrect.
Which is to say, if you were to build out a system that limits speed based on some authoritative database of speed limits, then suddenly there's an incentive to make sure that database is actually correct (where there was no such incentive before).
Okay, then let's just ignore construction projects and other temporary speed reductions.
Maybe let's start with residential streets only, using the residential speed limit. And let's say only those residential streets that are at least 100m away from a faster street.
I'm sure it will be possible to find a solution that eliminates false positives.
And in the worst case - it's just about acceleration. It's not like the car would abruptly break.
> Then you get rear-ended because nobody expects you to slow down 50mph for no reason at all.
Even in this rare fictional scenario, I don't agree that the costs outweigh the benefits. There are many vehicles that cannot go above 30 kmh and somehow they don't get rear-ended either.
Plus, mid-term, the other cars will also have the speed limiter installed.
You could totally avoid that accident by not building the road in the first place, which typically is the first level of paralysis we need to overcome.
To summarize: there is a trade-off between amount of fraud and ease of doing business. Zero fraud means doing legitimate business becomes too cumbersome.
Seems like the same point we have with security in computer systems and ease of use.
Important corollary: it may well be possible to reduce fraud much closer to zero (then the currently accepted rate) without negative effects on legitimate business.
For example, the USA's lack of a national ID (and the resulting adoption of realldy ba substitues like SSNs, driver's licenses and "two photo IDs") has made a plethora of fraud techniques ridiculously easy. In many other countries, "identity theft" so rare there is not even an established term for it.
Passkeys will hopefully turn into a similar case regarding computer security.
To be a bit more general about this, I have found that the returns to combatting fraud are highly nonlinear.
Having a better national ID than SSNs would have effectively no negative impact while being a huge benefit for security and fraud prevention. It would also, if implemented well, be hugely beneficial for privacy. For instance things like Signal could move from requiring phone numbers to a ZKP using a national ID.
The problem is that the people in the USA who think "national ID" is code for "they want to put us all into pods and use our bodies as batteries" really really don't want national unified identification, and the people who aren't crazy don't consider it anywhere near their top 10 issues that would sway their vote. So no politician with any actual power is going to push for it.
There's tons of issues like this, where there's a clear technical right answer, but the only people who are foaming at the mouth over it are on the crazy side, so it doesn't happen.
It seems pretty clear. That article is just an example of the craziness I was describing. Notably: having a unified ID structure has a ton of upsides, and "preventing terrorism" seems fully orthogonal. Additionally, we already have IDs that register humans into databases and are tracked when people travel, it's just that the databases are disjoint and thus even more error prone because they're run individually by states.
The way you can tell this article is crazy is by noticing lines like this:
> When a police officer or security guard scans your ID card with his pocket bar-code reader, for example, will a permanent record be created of that check, including the time and your location?
This is already what happens. The police officer logs your interaction alongside your drivers license (or non-driver ID) number. Transposing a nationally-unified ID scheme for the current state-based scheme doesn't increase the amount of logging, it substitutes one log for another.
Part of the problem here is America's shitty privacy laws.
You can get ID scanners for nightclubs which check dates, parse dozens of different designs of ID correctly, detect some types of fake IDs, and record banned patrons. That's a thing you can get in Europe as well as America.
But only in America are they allowed to save the patron's address and use it for marketing purposes.
Forget trusting the state, do you trust the endless parade of crappy companies that will demand your national ID verification to but everything from house insurance to fortnight skins to prevent fraud, and then promptly lose it in a data breech without ever receiving meaningful punishment? Because that is the state of things.
Isn’t this just already the case? It’s not clear to me why it would get worse for the drivers license I give everybody as proof of identity to be issued by the federal rather than state government.
This is especially true given that for many applications, I can already use my passport as an ID.
Actually, the more I think about this the weirder it is as a threat model. Photo ID pictures are basically only worth the value of the info printed on them to an attacker. They’re likewise not really valuable to retain as a business, because you might as well retain the information as tabular data, and then have a checkbox for “we saw this on a physical ID”. The only upside of storing the photo of the ID is if a business doesn’t trust its own employees, so having the photo provides them a way to make sure their employee really checked it.
An attacker who pops my bank’s network doesn’t need to look for ID photocopies: my identifying info is in the database in an already parsed format.
Yep this is a fair concern. Proponents would say that a good implementation would mitigate a lot of the data loss issues we currently see (I work in the digital id space so not entirely disinterested here).
Right now the way we verify identity is "dumb" in the sense that we prove identity using document ids or photos. This is "too strong" - to prove I am over 18 or just "the account holder" I must present valuable document IDs or scans which disclose other things about me such as my exact date of birth or my legal name. It is also "too weak" in that any verifier who receives these things can present them to someone else and impersonate me.
Today, every entity we deal with who verifies our identity can also impersonate us. There are billions of ID scans absolutely everywhere, in realtor's offices and lawyer's cabinets, at car rental agencies, etc ad nauseum.
A good "digital id" scheme allows for cryptographic proofs of identity which are non-transferable between verifiers. It allows things like proving that I am John Smith who is over 18 and holds a driver's license in a way that does not allow the verifier to then present those to someone else and impersonate me. It can allow for proofs of uniqueness, e.g. I can prove that I'm a person you've seen before with id xxxyyy in your database without disclosing my name (if the verifier chooses not to collect that). It can allow "blinding", e.g. I can hand over a token to someone who doesn't need to "see" my actual identity details unless they initiate legal process (say car rental scenario) and then I can be notified if that happens.
It is likely that a lot of verifiers might choose to "over collect" (say, request up-front proof of my legal name when strictly speaking they don't need that to rent me a car) but this can at least be discouraged by measures like tuning service charges so that more invasive verifications cost them more and ensuring that verifiers are subject to different regulation tiers based on the scope of data they collect. Even if the entity loses my PII e.g. my name, DOB, phone number, the systems are designed to not allow anyone accessing that information to impersonate me.
Strictly speaking digital id schemes / properties are orthogonal to "national ids". There are centralised, de-centralised and more or less anarchic (p2p) "versions" of digital identity. However, a government operated scheme at the national level could reduce a lot of commercial capture and the kind of "waste" that happens when you need to stitch together many disparate data sources.
> it's just that the databases are disjoint and thus even more error prone because they're run individually by states.
That is a huge advantadge if the federal governments ever gets taken over by totalitarians. Surely at least some states will refuse to authenticate their ID cards when requested by the feds, some may even issue fake IDs to resistance members. If the feds have a centralized database with updated information on residences etc, they can quietly disappear people.
Driving policy decisions based on this fanfic seems like a poor move. The federal government already has several centralized databases of residences (to pick a boring one: income tax forms).
I lived in Spain and never understood how the DNI/NIE's weren't an easy vector for identity theft. You need to give the number to do the simplest things, and many people wanted to see the card (and possibly make a copy). As far as I know the smart chip on my card wasn't used once in 2.5 years. I suspect the digital certificates you could get from the government likely aren't as well protected by the general (non-technical) populace as they should be. What makes it harder for someone to steal identity via a DNI/NIE in Spain than someone could use a drivers license + SSN in the US?
(For what it's worth, I actually liked the national identity card, and didn't hear too much about identity theft - I'm just curious).
Things may have changed since you were here. Currently, there's additional digital systems built around the e-DNI and much of the administration -national and local- uses that for most of the things where you previously just used your DNI number and a smile.
The certificates themselves in the DNI are used only occasionally, but it's mostly your decision: you can stick to using the certificates and not activate other means and then you can't access a bunch of things unless you use the certificates.
But still, this is mostly for the public administrations. Private entities, such as banks or whatever, don't really make use of it and build their own systems (most of the time quite stupid ones [0]).
--
[0] Fortunately they changed it, but for about a year or so my bank decided that instead of sending a 4-digit code through SMS -which you then typed to verify whatever transaction you were doing- it was "more secure" to just show 5, 10, or 20 4-digit codes on the transaction site and then send you a single number through SMS, say "7", to select the code from the list.
And somehow this was applauded and got them some newspaper headlines as the bank investing the most in advanced security in the country or some shit like that.
Spanish ID card has multiple layered security in them. The obvious and difficult to commit fraud with is the chip which is just a cryptographic one, but you also have RFID in them (with I assume appropriate FNMT signatures), but also physically the patterns in the print, the different textures in different areas of it, holograms, transparencies and the like.
For most ID-requiring processes people undergo training to identify these security features, to the level of fraud that it's worth detecting for said process.
When the post office asks for your ID to retrieve a package, they won't check much, but I don't think it's unusual for banks to pass your card through the RFID reader and have a high res picture of your face on screen even if only to recognize you properly (btw you have apps to read such data).
In Australia, drivers licenses and passports are defacto national IDs. And we felt the sting of that when Optus (2nd largest telecom provider) leaked half of the population's IDs.
Not to mention before this there was almost no way to get a new drivers license number, so if it got stolen good luck, a new license is issued under the same number.
Are AU drivers licenses issued by the national government, or by states? The thing that makes DLs wonky in the US is that while you can basically use a DL as a national ID, it is issued, managed, and operated by the state. So no two state's DLs look the same or have the same info. This makes them amazingly easy vectors for fraud.
As two amusing anecdotes:
A while back, I went to buy some beer in a state other than where I lived. I was asked for my ID, and provided my drivers license. The employee pulled out this comically thick three ring binder, flipped to the page for my state, and had to read through a list of compiled identifying factors for a legitimate ID from my state.
Even further back, I worked at a company where a small slice of my job was verifying ID for new signups flagged as high-risk. Except... we were an online business. Our users were global. So if somebody happened to upload a passport or US DL, I could at least eyeball it. But if somebody uploaded an ID issued by basically any other country on Earth... I guess that's what IDs from The Confederacy of Independent Systems look like? The only surefire way to get rejected was either not uploading anything, or the many, many bots that uploaded random pictures of flowers or trains or random nonsense.
AU drivers licenses are issued by each state, but same as the US they can be used as a national ID. And yep, they all have unique designs as well. However there is a baseline for the information they have to have on them, which is: Address, date of birth, first/middle/last name, card number, and license number.
The issue here is the license number is the one used for most verification, and that one is static. The card number changes every time the card is re-issued.
A friend of mine recently moved from WA to NSW. If you move state, you have to apply for a new license within three to six months depending on the state. So he got a NSW license, it's a trivial process to convert your license thankfully.
He came back to WA to visit for a while, and tried to go clubbing. One bouncer read the post code from the address (like a ZIP code, only 4 digits instead) as his birth year because he had no clue what he was looking at... NSW post codes start at 2000, so you can see how this mistake could come up. WA post codes start with 6000 so there's no possible confusion there, until we reach the year 6000 at least!
Of course, the Date of Birth is still clearly labeled on every states driver licenses so this bouncer may also have been a bit daft.
Ah, the shared information is actually a low, though it was not set until the Real ID Act of 2005, which has required: full name, date of birth, gender, photograph, address, signature, and the license number.
>The employee pulled out this comically thick three ring binder, flipped to the page for my state, and had to read through a list of compiled identifying factors for a legitimate ID from my state.
This is literally the core gameplay of Papers, Please, a game designed to make you feel bad. (A great game, I hasten to add, and surprisingly enjoyable -- though allowing yourself to enjoy it means turning off empathy more consciously than in anything I've played before.)
> For example, the USA's lack of a national ID (and the resulting adoption of realldy ba substitues like SSNs, driver's licenses and "two photo IDs") has made a plethora of fraud techniques ridiculously easy. I
US federal government provides passports with passport numbers. All the infrastructure is already in place, it’s just a question of political will to implement an API to use this for identity verification.
Working with partners who have integrity is a massive boost to everything you do. People with high integrity attract more people with high integrity, compounding that effect.
> This is counterintuitive and sounds like it is trying a bit too hard to be clever. You should believe it.
Yes, you're
> you should welcome greater than zero fraud. You can think of it as a necessary expense, just like rent or salary or advertising is.
You don't WELCOME costs just because they're necessary. Similarly, you wouldn't welcome fraud just because it's too costly to get rid of it.
And if you add a tiny bit of morality into the mix, your too clever "fraud welcome!" message becomes even more invisible
(also, it could very well be that some fraud types can be reduced to literal 0 without bringing the whole system down, but then the parts of the system that can make it happen aren't incentivized to do so because they've passed all the costs to other parts of the system)
The argument seems to be a little different than what you’ve taken from it.
My interpretation was something like and efficient frontier model between multiple variables where “zero fraud” isn’t actually a position on that frontier. So, if you find a place with zero fraud, you can possibly increase the total utility of the system by aiming for slightly less than perfect but being back on the efficient frontier.
Arguably zero of anything is a great ideal but not maximally efficient.
Morally, the situation is more in favour of getting to zero.
I don't think you can even make a moral argument in favour of zero fraud, because that implies choosing to harm genuine users. There's always a trade-off between fraud prevention and genuine use. This is extremely important in social benefit systems, where people can literally die if the system incorrectly thinks they are trying to defraud it and cuts them off.
Non-zero fraud is useful for political point-scoring, but zero fraud is a terrible goal on its own. You also need to be measuring false positive cost, and drive that to zero too. The moral argument has to be for the efficiency frontier itself, I can't see any other way this works.
Why is 0 terrible if it's also on the efficiency frontier?
And what's you moral argument for the level of fraud at the frontier? Is the same efficiency better with lower levels of fraud or higher or indeterminate?
> Why is 0 terrible if it's also on the efficiency frontier?
When would this be the case? I'm having trouble picturing it.
> And what's you moral argument for the level of fraud at the frontier?
The frontier is exactly the point at which you cannot reduce the amount of fraud without it costing genuine users (and you) more than you gain. So if you're at the frontier and you want to reduce the amount of fraud further, you are acknowledging that harms to users are less important to you than losses from fraud, and doing so would be immoral. The efficient frontier should be the point of least moral harm, almost by definition - at least, as long as all the relevant externalities are priced in.
> Is the same efficiency better with lower levels of fraud or higher or indeterminate?
That's a trolley problem question. Higher levels of fraud at the same level of efficiency would mean there's a corresponding rise in value delivered from genuine usage of the service, so cost/benefit is the same and preference boils down to personal choice. But it sidesteps the more difficult question, which is how taking action to reduce the level of fraud actually plays out: there'll be diminishing returns as you take more and more extreme steps. Each step will likely have an incrementally more harmful effect on the genuine users, so efficiency won't remain the same.
You can find a place with zero fraud by denying all transactions. This is of course, maximally inefficient and totally useless.
It's less about "allowing fraud" and more about managing false positives in the fraud detection subsystem: it should ideally detect fraud, and only fraud. The false positives need to be low enough for the system to work, without also having so much fraud that the system stops working. Ideally there are no false positives at all, but at some point the effort to reduce this further exceeds the returns. Like with fraud.
Efficiency frontiers are a game of fantasy (reality is never at the frontier), so it's not relevant whether there is a "zero fraud" point, but also for the same reason a tough argument to make that there are no situations where (even in theory!) such a frontier exists
But that's also not connected to the main critique - I get how you'd welcome more efficiency (at higher costs), but do you get to welcoming costs outside of trying to do counterintuitive rhetoric?
I understand this and it's similar to what happens with, for example, theft or shoplifting: if we cracked down really hard on it, the honest user's experience would be disproportionately impacted and our collective freedom could be restricted too (imagine policemen searching whoever exits a supermarket, or cameras spying and tracking virtually everyone everywhere). At the same time, it's profoundly unfair that we need to let a certain class of people (fraudsters, scammers, thieves) to live at society's expense and I would like something could be done about that. Who knows, maybe sample crackdowns with really heavy consequences.
Under the assumption that the only way to bring fraud to zero is to raise the bar high enough that legitimate customers will also be turned away, some fraud is acceptable and the author posits it is even a good thing: it means good customers are having an easy enough time being a customer, too.
I thought this article was going to be somehow less intuitive, but in reality, it simply says something most people inherently understand: that you have to grease the skids a bit to make things work. Dressing it up in academic sloganeering doesn't make the insight all that much more powerful.
I think most people understand that a risk-free society is a poor society. Take driving: the safest way to drive is to not get in the car at all. Similarly, the best way to save yourself from credit card fraud is not to have a credit card. But does this justify driving like a maniac, or being careless with your personal information? Of course not.
In other words, the article simply points out that categorical thinking (1 or 0) is useless in this context (as it is in most contexts, to be honest). The meaningful question is what degree of fraud we should be willing to accept, and in what contexts.
It's a common insight, yet you see slogans like "zero tolerance" or "our overriding priority is security" everywhere. You can choose to believe people championing them are just oversimplifying or actually encouraging a bad system for their own gains, but it's important to be able to point to a well-written piece explaining why they're a bad idea.
Uhhh, it depends on the business?
I know there are some businesses which suffer high chargeback rates (pay2cheat SaaS), and most of the chargebacks were happening by customers who said that their card has been stolen (as the merchant could easily disprove any other lie). The usual customer cycle was: buy the cheat, get banned in the game due to suspicious stats, reports or whatever, be mad about it, and then they would turn to their bank and say that their card was stolen -> chargeback.
Eventually, they started forcing 3DS (which shifts liability from you to the card issuer, and apparently card issuers don’t like paying!). Revenue didn’t decline, but fraud rates did go indeed to zero.
Fyi... submitter put "not zero" instead of original title of "non-zero" which causes the "past" link's search algorithm to not list this previous discussion:
https://news.ycombinator.com/item?id=32701913
A similar insight from economist Daniel Davies from 2005:
>> The optimal frequency of disasters is not zero. This graceful formulation is due to Prof. Richard Portes, who used to say it about emerging market financial crises. However, it’s a fundamental principle of risk management and one of entirely general application. Most dangers can be absolutely eliminated for all practical purposes, but only at unacceptable cost.
> This is counterintuitive and sounds like it is trying a bit too hard to be clever.
Indeed.
You could make the same counterintuitive and clever point about any bad thing, pointing out that there are things one might do to reduce that thing, which have other costs, and aren't worth it, but for many bad things that would not sound counterintuitive and clever, but deranged.
Consider the following statement:
> The optimal amount of salt in food is non-zero.
That's true, and it's not clever at all, we need salt. It's not that trying to remove all salt from food would be too expensive.
But consider also:
> The optimal amount of radioactive material in food is non-zero.
We might defend this in a similar clever counter-intuitive sense. But it's a completely different statement, and it's wrong.
EDIT: The three replies making the same point about bananas are a great illustration of the desire (and failure) to be clever and counter-intuitive that's also evident in the article. We don't eat bananas for their radioactive material. We don't need to eat radioactive material.
> But it's a completely different statement, and it's wrong.
Well, then I have some bad news for you regarding bananas.
Which is funny, because it proves the point of the article: The optimal amount of [bad] is usually nonzero because otherwise you have give up too much of [good].
Lead-208 is the heaviest "stable" nuclide, assuming proton decay is not possible, but it is not the only stable nuclide. Excluding isotopes like argon-36 (which has an energetically permitted double electron capture to sulfur-36) and not considering possible spontaneous fissions for those A>92, there are still 146 nuclides (all of which Z<67) that are stable.
Incidentally, astute readers that have picked up on the fact that Pb has Z=82 which is larger than 66 should pat themselves on the back and note that the 4 isotopes all have a yet-to-be-observed decay to mercury, with half life of >1.4×10^20 years for 204 and experimental lower bounds of >10^21 for the other 3. Theoretically, 208 takes >10^124, which means 207 is "more" stable.
For the theoretical background, see Ronald Coase on Transaction Cost Economics.
The law can place liability anywhere. In a situation where transaction costs are zero, it doesn't actually matter where liability is placed, because the participants will contract in the most economically efficient manner to share the burden.
That means liability choices can reduce to reducing transaction costs. For credit, the $50 is to avoid the adverse incentive of the cardholder permitting fraud, but otherwise the cost and mitigation is better shared among the big players at scale that reduces overhead. (Conversely, shifting liability via forced arbitration and legal disclaimers monetizes market power.)
As a policy matter, ask yourself: so why then do debit cards not come with the same limitation of fraud liability to $50, since the same economies of scale apply?
He makes the point that although Enron was clearly doing shady things, it's possible for a legitimate business to do many of the same stuff ("mark-to-market" accounting, tricky SPEs, and so on). Try to categorically eliminate Enron-style fraud and you might take down the next Google in the crossfire.
Clickbaity, trying-too-hard title. The point being made is mundane: perfection is too expensive, so we settle for "good enough". This is near-universally applicable and near-universally understood.
The author is trying to make it sound deep and meaningful with statements like "you should welcome some fraud", as though fraud is actually required for the system to function (clever counterintuitive point made, cue huge dopamine spike). But no, we simply tolerate a certain amount of fraud because eliminating it isn't worth it. Yawn.
The comment directly above you on the page right now gives an example of people getting the trade-off wrong, so your dismissiveness is pointless.
The framing is also relevant for another reason: choosing a conscious trade-off point means that you can choose to move it as circumstances dictate, which can be very non-obvious. There's currently a lot of noise in the UK media about dodgy PPE contracts issued during COVID, and for my money most of the coverage misses the point.
The coverage focuses on who the contracts went to, and how much they cost. There is only scant consideration given to whether the contracts were fulfilled (and they weren't - the PPE was no good and couldn't be used).
This is precisely backwards: in an emergency situation where you don't have enough of a thing, and the existing systems to provide the thing are very much tuned to preventing fraud, you absolutely want to be able to throw money at the problem and accept that more of it than usual will be going places you wouldn't ordinarily tolerate. That's a lever we should definitely be able to pull, by making a conscious choice to relax . But that's only true if you do actually get what you paid for.
Yes, you want to be able to follow up any dodgy procurement after the fact, but in the moment what you need is the critical resource.
The scandal should be that none of it worked, not how it was bought.
> The comment directly above you on the page right now gives an example of people getting the trade-off wrong, so your dismissiveness is pointless.
I was only dismissing the way the article presented fraud tolerance as something deeper than a trade-off. I did acknowledge that the trade-off exists and in my other comment stated explicitly that I think discussion of how one finds the right trade-off is interesting.
On your COVID example, I agree that in an emergency it's worth pulling the lever as you put it, i.e. grease the wheels and get the stuff we need. But I wouldn't expect the extra spending to be directed disproportionately at cronies of the government, fraudulent or not.
Exactly. "We can't divert all of society's resources on policing" is different than "The optimal amount of murder is non-zero" or "you should welcome greater than zero murders".
Your mundane explanation misses the main point that perfect security can't exist while maintainint function. It is not just a matter of cost cutting, it is a (sort of) fundamental law that security and usability are opposite ends of a spectrum, at the limit any gains in security can only be achieved by a loss of usability. So any system that is perfectly secure will be perfectly unusable, or in the business angle, any system with 0% fraud will have 0% sales.
I'm not sure this is true in principle though. For example, there's plenty of encryption in use today that has "perfect" security (in the sense that a cipher hasn't been broken) and which is transparent to the end user. This wouldn't have been true a long time ago, when there was no such thing as computer science and the security of information was more to do with how many soldiers you had and how beefy your strongbox was.
Similarly, there's no reason in principle why certain classes of fraud couldn't be rendered practically impossible by an advance in technology, which would undermine the whole "you should welcome some fraud" argument.
Agree. Particularly the tax writeoff argument is complete bullshit.
You could make an argument that you need some level of fraud to keep the anti-fraud dept on its toes. It’s like war. If you have an army that has never fought a war in a century, you should have no confidence you have an army at all. That’s a problem the day a real war or in this case a real fraud, happens.
Yes, and that would be a genuinely interesting point. For example, it could be compared it to the need for regular backup testing, where we generally try to maintain DR readiness with artificial testing and certainly not by accepting a certain frequency of disasters.
If you liked the content of the article, I urge you to read the excellent book "Lying for Money: How Legendary Frauds Reveal the Workings of Our World" [1] by Dan Davies, which I believe is the main source of inspiration for this article (I'm just guessing here, I have no proof of that).
I discovered this book through another great post by Patrick McKenzie, "The fraud supply chain" [2] where he heartily recommend it, and I haven't been disappointed. On top of being informative, the book is very entertaining to read.
A lot of the confusion and anxiety will melt away if we distinguish the terms “optimal” and “desirable”.
The most desirable amount of fraud, corruption or tax evasion is zero.
In the real world we don’t get what we desire. The closest we can came is to the optimal amount, where the marginal cost has to equal the marginal benefit.
I think that fraud prevention is mostly the wrong approach. Instead they should let the frauds happen, then track the fraudster and send the police to arrest them. Normal prevention just means the criminal has to keep trying until it works. Tracking the money after means that criminals will never know if the next knock at their door will be the police.
Well basically if you spend more money to prevent fraud of monetary value that is less than amount spend to prevent it, you loosing money by preventing fraud.
But this logic is only applicable for things that on both ends measure in money.
This article falls into the common pitfall of over rationalizing "the market". It's true that from first principles you don't want to establish the bureaucratic apparatus it would take to effectively eliminate all forms of fraud, this is the intuition most people tap into when they say "you can't catch every crime". This is in fact not a surprising observation, most people just understand it as common sense. It's also not the main motivating factor driving the enforcement of monetary fraud prevention.
The monetary system doesn't care about fraud. Banks, credit card companies, and the rest of the financial sector make money from transactions, with no regard for who spends the money, who owns it, or if the transaction was legitimate. Bad actors need banking too, and their transactions are just as valuable as the ones your grandmother makes.
Here we find the sharp divide that fraud controls try to bridge. The social cost of fraud is extremely high. Yet the proportional value, defined in a capitalist sense, of fraud is close to 1. A transaction that happens to be fraud is almost if not as valuable as a transaction that happens to be legitimate. For a bank, the optimal amount of fraud is not just non-zero, it's basically as much as possible.
Very true article and it's a pretty shit model for innovation!
I want to launch a business which requires investing a lot of resources per customer. Think, the users pay 100$ and I spend 80$ in resources straight away, transform the resources in a peculiar way and provide it to the customer.
I have already tried this and failed due to occasional credit card fraud and sneaky chargebacks from users AFTER having used resources.
Now, being a small business (zero employees) I can't afford to stomach losses for months, invest into marketing and then wait until 100x growth bring me some profits.
Just because of fraud being the problem of the seller and not of the cardholder, my choices are:
1. Go to parasitic VCs and convince them to give me money, in the hope I'll be profitable in a few years
2. Sell 1 on 1 to trusted companies - which doesn't work if you're selling B2C, increase your sales cost and bar you from a typical SaaS paths with random customers
3. Accept only crypto-currency payments - but nobody will bother to convert money to purchase something when they are used to just use their credit card
I believe this is a trivial thing with a misleading title.
Of course the optimal amount of fraud for a business is zero. A world with zero fraud would be optimal for them.
And (also of course) given that combating fraud has costs, there is a level at which investing more money and effort into anti-fraud has diminishing returns.
Therefore it is not worth it to go all in into the fight against fraud, but accept that some amount of it happens.
It's very unintuitive. It's come up on threads here several times, with people incredulous about the statement.
It has ramifications for the kinds of discussions we have on HN, because the primary stimuli we get are news anecdotes, and anecdotes about fraud can be galling but still under some sane noise floor that organizations don't bother to stop.
The concept of diminishing returns applies to everything any living thing does. I think it's very natural, even in the 'our brains are wired for this' sense.
Yes, it's counterintuitive to many people that "the optimal amount of $BAD_THING is non-zero" for a rather large set of possible values for BAD_THING.
"You can't put a price on human life" is one common occurrence of this. I thought it was just a throwaway phrase, or a wish of how things could be, but I've regularly run into people who don't understand why we would ever fail to spend absurdly large amounts of money to save a single life.
I have had people say "Is the only reason we aren't doing something about X money" for various forms of X. I personally spent over an hour walking one such person through the concept of opportunity costs, the fact that money is representative of value, &c. with the conversation ending with them still certain that the US Government could just print a trillion dollars and solve the problem.
I have talked to people who honestly think that every person with depression should be forcibly committed to prevent them from committing suicide and respond to the "but only a fraction of those people have suicidal ideation, and only a fraction of those commit suicide" with a "if it saves just one life, it's worth it!" So forcibly committing 8% of the adult population is not too high a cost in their minds.
Well, the optimal quantity for many things is actually zero.
It's the edge cases-- the things where it's really hard to get rid of and we get some useful benefit from the related activity-- where it's nonzero.
Of course, those edge cases are our biggest world problems-- for example, pollution, because pollution abatement is hard and the industry and commerce that produces pollution is beneficial... or fraud, because fraud protection is hard and the industry and commerce that provides opportunity for fraud is beneficial.
because they somehow have this idea that they own the rights to control others. Once you consider that you can force others to do anything, regardless of reason, you can begin to rationalize anything, and it will be "for the greater good" or "for their own good". They probably even sincerely mean it too.
some kind of bald man once quoted someone: "With the first link, a chain is forged..."
you cannot perform crimes on others, thats about it. If someone comes to my house dying of cold, they have no right to demand I help them. I would be an asshole if I dont, and I think people SHOULD help, but you have no right to demand I do (and again, not saying I wouldnt, just that nobody gets to be entitled to it)
Unfortunately, we encounter far more complex scenarios, from "can the car dealership dump engine oil into the creek behind their maintenance bay?" to "we sold a product that provably killed thousands of people, but none in a way that can cause us direct individual liability".
Societally, we've largely decided we're all better off without a pile of frozen bodies at our door.
> Once you consider that you can force others to do anything, regardless of reason, you can begin to rationalize anything, and it will be "for the greater good" or "for their own good". They probably even sincerely mean it too.
Eh, I know lots of people who are neither anarchists nor totalitarians, so I'm not sure this is true.
i said you CAN begin to rationalize... I didnt say most would do it about everything, but as is clearly evidenced here, many would about a great many things.
"Red cars are more involved in traffic accidents, I therefore think you must be a murderous lunatic if you get a red car, and we cant have that, so lets forbid it"
> Yes, it's counterintuitive to many people that "the optimal amount of $BAD_THING is non-zero" for a rather large set of possible values for BAD_THING.
How much "earth is sterilized" risk is reasonable per year?
It is unintuitive. It hits some primal part our brain, the same as is isolated in that capuchin monkey experiment where two monkeys get varying levels of grapes. People get either really excited or really pissed off when they see people getting away with something; at the same time, when we read stories about bureaucracy --- a perennial bête noire on HN --- we rarely think in terms of the fraud we should be accepting. We just think fraud is bad, and anti-fraud is bad.
I think it is in part rooted in the difference between committing fraud and detecting that there is fraud. They're entirely different things and the misunderstanding results from the fact that. It is indeed very interesting how deeply hardwired this sort of thing is.
One of the key factors is that a large part of the cost is opportunity cost. People tend to get all tangled up when thinking about such counterfactuals. We want to have our cake and eat it too. And if we can't, we persist in trying to find ways to believe that we can, and are surprised that the world continues not working that way.
The optimal amount of X under the assumption that it costs more and more resources to reduce X is non-zero. It's this middle part that you omitted that turns an unintuitive statement into an obvious one.
The optimal amount of airline catastrophes is zero. It is also impossible.
Should all humans spend all of their effort and all of their resources to lower the amount of airline catastrophes? I believe that pretty much everyone finds it reasonable to say no.
Why is that zero? I don't want to die in a plane any more than the next person, but is zero really optimal? It's least life losing, it's least catastrophic, but is it optimal? the question becomes, what are we optimizing for? If the optimization equation is for lives lost, I can make that zero real easily by just stopping air travel entirely. If no one travels by air, then no one can die by air. But of course that's not a useful solution at all. So we're not optimizing for lives not lost. We're optimizing for people being able to travel. Loss of life is tragic, but not the be all-end all. The gross reality that we don't want to face is that there's a price for a human life, the only question is how much?
Would you take a $10 10,000 mile flight across the world with a 1% chance of dying? How about a $100 flight with a .1% chance of dying?
Optimum is zero, because if you could wave a magic wand to magically make the amount of accidents zero, it would be a good thing to wave the wand.
The optimum is non-zero only if there are enough costs associated with making it zero.
That's why asking for optimum amount of fraud is misleading. It omits the costs. Once the costs are taken into account (i.e. it is clarified what the question means) the answer is obviously above zero.
"Optimum is zero, because if you could wave a magic wand to magically make the amount of accidents zero, it would be a good thing to wave the wand."
You are conflating optimum (highest value outcome for all variables) and ideal (highest value outcome for one variable). The ideal number of any bad thing is zero. I can't, off the top of my head, think of any bad thing for which the optimum number is zero. Extinction level events, perhaps.
Yes when we look at it from both an individual level and a societal level. There's a very very strong aversion to loss and many decisions (including my own) are based on the concept of not losing something. Many times these decisions lead to making decisions that are sub-optimal (for the thing that's being optimized for).
By extension, many people apply this thinking to businesses and higher levels as well.
I wonder if it's the phrasing rather than the actual idea that sets people off. Many readers here understand the increasing costs of pursuing higher SLI targets, but I doubt many of them would express it as "the optimal level of availability is not 100%".
I think it's just phrased unintuitively. "Balance usability against security hoops to jump through" sound better to me. You have to get to the last paragraph of the fifth section of this article before it makes anything resembling that statement. This could have been a paragraph or three.
The optimal admount of fraud attempts is zero. Given that's impossible, one should not attempt to eradicate fraud or else you'll do nothing but seek it out.
For me and you it's not surprising, for others it seems it is.
Maybe people have gotten worse at intuitively understanding that tradeoffs need to be made in anything, and that the questions that define systems are never choices as much as what the tradeoff should be.
Yes, but isn't this obvious when you internalize the concept of "diminishing returns"? The domain might matter, as developers with some experience will understand for instance that the optimal amount of bugs is non-zero, but sometimes fail to generalize.
I agree. It's a self-serving failure of the imagination to believe that fraud and usability are intertwined. My issue with this kind of big corporate thinking is that it's often rooted in neglect and it harms real people by the millions.
Also, it fails to consider that corporations (or any entity which operates at the kind of scale suggested by the author) may not be optimal economic constructs for a society to begin with. Society worked fine before corporations and arguably was far more efficient given technological shortcomings. Think of how much human time was wasted on data entry, physically searching for documents in large archives, travelling between home and work on foot or by horse, doing accounting with pen and paper, manual farming, primitive irrigation systems, no synthetic fertilizer, etc, etc... Now that we've freed up people from all that work, how come everyone is busier than ever and yet there are so many poor people?
I think it doesn't make sense to look at our modern economic system as a model of efficiency, instead, I think it should be studied as a model of economic parasitism.
We shouldn't conflate efficiency driven by technology with other aspects of the socio-economic system which are canceling out much of that efficiency.
> Of course the optimal amount of fraud for a business is zero.
Only if the business doesn’t have to pay to avert fraud.
> A world with zero fraud would be optimal for them.
You are misunderstanding the statement. We are not imagining which hypothetical world we wish to live in. We are making a claim about fraud levels in this world and how they feed into profits.
In this world, every reduction in fraud costs money or time or opportunity. Therefore, optimizing your profit means choosing a non-zero (often higher than you’d think) level of fraud.
Yea; I think this is one of the times where terms of art matter. "Optimal" here doesn't mean like "It would be optimal for me if I had infinite money", it's a term of art in fields like economics that describes the best case of the available variables.
This is how we end up going back and forth between "the optimal amount of fraud is non-zero" and "it would be optimal to have no fraud". Economics has to live with the world that exists, and there is no plausible combo of variables where people who are about to attempt fraud are instantly evaporated into dust.
>You are misunderstanding the statement. We are not imagining which hypothetical world we wish to live in. We are making a claim about fraud levels in this world and how they feed into profits.
Then the question should be stated clearly:
"How much effort and resources should be spent to combat fraud?"
The answer is very obviously not "all of the effort and all of the money". Therefore the matter is trivial.
I regularly travel for work and it's impossible for me to make any purchases on major sites like Walmart, Best Buy, Target, Costco, etc. They all will accept an order, charge my card, and then randomly cancel the order some hours to days later, and refund me.
Similarly when traveling internationally, Schwab bank decided they didn't like one of my debit charges and blocked the card. I called Schwab and they gave me some "publicly sourced" 3 question quiz about myself that I apparently failed and they locked my entire account until I can fly back to the states and come into a branch.
Luckily I have a 2nd bank account and was able to change my payroll. But it's just insane to me that some random debit charge has resulted in my inability to access most of my money or my brokerage positions.
I hear similar issues and horror stories from all my coworkers and friends that travel.