Category Archives: Financial services

I really want Apple Pay to fail. So much.

5 Replies

Let’s start with qualifications. I am not a payments industry pundit, and whatever payments experience I’ve had, it’s always been more on the risk and data side. I’m also a bit out of touch because I’m focused on my company, TrueAccord.

I’m also not an Apple fanboy or hater. I own a great 2 year old Macbook Pro and a Nexus 5; I don’t wake up at 3am to buy the latest model but if it’s good, I’m going to get it.

Still, I want Apple Pay to fail. So much. Why, you ask? WHY?

29cf7acf1a772005d650b0005f4f3bf7

(tough choice: Platoon or the Reddit “why” meme? ugh)

Here’s why.

First, it’s been just a few weeks and already I hear VCs who previously didn’t care about payments, random entrepreneurs, and journalists talking about Apple Pay like it’s the third coming. The data! What they could do with it! I didn’t hear these people talk this way when previous installments of phone + NFC wallets were introduced, and for a good reason – they are not that interesting, and I think Apple Pay is not interesting in exactly the same way[1].

Second, the talk about Apple now disintermediating banks. Anyone who makes the jump from storing credit cards in a “wallet” to going after issuers or retail banks in one sentence should be awarded a gold medal in mind-athletics. These are completely different activities and mind sets. Most infuriating is the suggestion that disintermediating banks is a corollary to what Apple did with iTunes. You don’t just unbundle banks and sell services through a clunky iInterface. The regulatory and operational impacts are incredibly complicated and Apple, if it ever does anything in the space, will likely partner rather than reinvent. This will further demonstrate what Apple Pay is for me: putting lipstick on a pig.

To further this point, I don’t believe Apple has real payments chops. I didn’t believe that in 2011 and I don’t believe it now. Like Google Wallet, I think Apple will use Pay to do what it knows best; in its case, sell hardware. This isn’t a new sentiment, but it’s still true; I don’t believe the commotion around Apple Pay because I don’t think Apple believes it either. They’re not here to reinvent payments.

Finally, going back to my first point, I don’t think Apple Pay is solving a real problem. That’s the main reason that other wallet providers failed to gain traction. While I understand the idea of Nash Equilibriums and accept that a huge investment in marketing could buy a stake in the market, I’d be surprised (and disappointed, if you couldn’t tell) to discover that consumer behavior was just a marketing campaign away. I don’t believe that, though – I still don’t think Apple Pay solves a problem, I don’t think using it does any good to anyone other than Apple, and I’d rather all that energy put into fitting Apple Pay would be spent on something else.

And that is why I really want Apple Pay to fail.

[1] I guess that makes me a reverse hipster. I hated the idea before it was cool.

Hiring inexperienced employees helps me beat the talent wars. Here’s how I do it.

Leave a reply

Building a stellar team is one of the key activities for a new company. I’ve noticed that hiring dynamics (who gets hired or courted) and success stories (how CEOs discuss their hires) often focus on credentials: which school new hires went to, companies they were a part of, and roles they filled. Conversely, one of my competitive advantages in hiring is hiring the less experienced based on their aptitude and attitude, and helping them grow. This has worked well in FraudSciences, where all the analytics team (including me) had very little experience before coming on board; in Klarna, where the Risk team’s leadership is still comprised of talented people whose first job out of school was at Klarna; and even today, at TrueAccord. Experience is important when you have a specific problem to solve and limited time to solve it. At any other time, hiring inexperienced people is a competitive advantage when everyone else focuses on experience. Why, then, isn’t that a more common practice?

Maybe because hiring inexperienced people early is difficult: they’re, well, inexperienced. Often they won’t come up with unique insights early on because they are unfamiliar with the domain. They will make rookie mistakes. They will be too much or little action driven. They definitely won’t help you hire them by signaling how or where they can help. But following just a few rules will allow you to define where inexperienced people can fit in your organization, make the best of them, and enjoy the advantages: a strong drive, a unique type of creativity sparked by zero pre- and misconceptions, and a much easier supply and demand dynamic. Here are a few pointers for succeeding in hiring inexperienced people.

First, know your domain and how to hire for it. I wouldn’t be able to hire inexperienced engineers, but for data science and operations roles it takes me roughly 20 minutes to know whether an interviewee is a right fit. Knowing the type of skills and mindset you’re looking for is imperative.

Second, you must have an initial mental model for the problem they need to work on, and some kind of onboarding plan (even if that only means a few hours of your time). You can’t just say “here’s a problem, solve it for me” – that’s setting your new hire to fail. The good news are that if you maintain proper documentation and involve every hire in a newer hire’s training, soon they will be able to do the onboarding themselves.

Third, invest a lot of time in mentoring. Identify when they need to “level up” and what that “leveling up” means, then guide them through the process. I learned that the ability to translate a perfect mental model to reality and deliver an MVP is a key capability. I’m ruthless in forcing team members to deliver when I feel they’re ready, even at the cost of their extreme discomfort. Once they’ve leveled up and understand the lesson, you’ll get constant improvement. Bonus: plan ahead and let them take on new roles in your team as they evolve. In the best-case scenario, inexperienced people are like stem cells. Having no previous experience, they’ll immerse themselves in your product, and become ideal candidates for product, marketing and customer success roles.

Fourth, teach them how to say no. By definition, being their manager and an experienced operator means that your opinion will be over-weighted. You won’t identify all of your mistakes in advance, and if the whole team follows you blindly, they’ll exacerbate the situation. You can hire opinionated people, but it’s also crucial to make them aware of your mistakes when you make them, so they don’t delude themselves that you’re perfect. Properly voicing your opinion is an acquired skill, and they need to learn to disagree.

Last, be prepared for mistakes. They will happen, and you’ll need to help them identify, analyze and correct them. Don’t just let them fail. However, know that hiring this way can definitely yield false positives, and be prepared to identify them fast. In the long run, no one likes being stuck in a role they clearly don’t fit.

Are inexperienced candidates the answer to all your hiring woes? Of course not. Experience still plays a huge role in leadership and specialist roles. Still, they represent an incredible talent pool. Especially nowadays, when talent is scarce in many tech hubs, hiring and growing them can fuel the growth you need to make your company successful.

Dealing with Account Take Over? Here are my top tips (O’Reilly post)

Leave a reply

Online payments and eCommerce have been targets for fraud ever since their inception. The availability of real monetary value coupled with the ability to scale an attack online attracted many users to fraud in order to make a quick buck. At first, fraudsters used stolen credit card details to make purchases online. As services became more widely used, a newer, sometimes easier alternative emerged: account takeover.

Account takeover (ATO) occurs when one user guesses, or has been given, the credentials to another’s value storing account. This can be your online wallet, but also your social networking profile or gaming account. The perpetrator is often someone you don’t know, but it can just as easily be your kid using an account you didn’t log out of. All fall under various flavors of ATO, and are easier than stealing one’s identity; all that’s needed is guessing or phishing a user’s credentials and you’re rewarded with all the value they’ve been able to create through their activity.

Read more on O’Reilly’s programming blog here.

Working on risk and fraud prevention? Don’t dig your career into a hole

Leave a reply

I give this talk about Risk Management called The Top 8 Reasons You Have a Fraud Problem. I learn a lot from the way audiences respond to it, mostly from objections. Most commonly, objections tell me how risk managers paint themselves into a corner in day-to-day work, effectively limiting their ability to drive change or participate in key business decisions.

How do they do that?

First, they make losses their one and only benchmark. It’s easy to focus on reducing losses when the business is taking hits, it’s your job and it’s what’s expected of you. But overcompensating and focusing on aggressive loss reduction whenever possible, while rejecting troves of good customers, will not only limits your business’s growth prospects – it turns the risk manager into a single-issue player. Revenue enablement must be a core KPI for the risk team or it will lose relevance.

Second, risk managers focus on maintaining status quo. When one lacks tools and methods to control their environment, their first response is to try to make sure that nothing ever changes. It’s not the risk team’s job to say no to everything new; it’s their job to find a way to say yes. That’s where the technological and organizational edge is. Find ways to enable new business by shifting risk across your portfolio and finding detection and prevention solutions that support even the craziest marketing ideas. You may flail at first but long-term, you’re building an important muscle.

Last, they tend to distrust the customer. It makes sense – when faced mainly (and often solely) with the malfunctions of the operation, often caused by customers themselves, one tends to stop believing in people’s good intention. That starts becoming a problem when every product design process turns into a theoretical cat-and-mouse game where every possible abuse opportunity must be curbed in advance. You should let users be users, and that means that there will be breakage and there will be losses. Zero losses can easily be achieved by stopping all activity in your system; you should accept that some customers will be bad and find a way to detect these as they act in your system, rather than limit every customer’s ability to use your product.

As I often write, risk teams are multidisciplinary and must think about operations, data science, product design and more. Whenever one focuses on limiting risk instead of trusting users, challenging the status quo and enabling new business, they are contributing to turning risk into a control function, a technocratic add-on that doesn’t deserve a seat at the decision makers’ table. Make sure that’s not you.

(If you want to read some concrete advice on how to do that, take a look at my free eBook here)

Why did PayPal buy Braintree?

Leave a reply

(Pasting my Quora answer here)

PayPal wants to be anywhere payments happen and it seems to be willing to pay a good price for that. Beyond the standard dynamic where the leader buys one of its most affordable up and coming competitors, PayPal acquired a few nice assets:

– The Braintree team is strong, with multiple highly talented folks that are both well known in the industry (= strong advocates) and generally capable.
– The product is superior to anything PayPal has in gateway tech. PayPal acquired Verisign’s gateway a long time back but that integration was not synergistic. With new PayPal management and Braintree’s product, they can get better access to a large and growing volume of gateway payments. This is a good and needed complement to PayPal’s portfolio.
– Last but not least, PayPal bought a foothold in the upmarket – medium and large merchants that usually do not use standard PayPal products due to lack of UX flexibility and integration, as well as strong presence in mobile payments.

So, bottom line, PayPal acquired a team, a product and a market. A smart move.

BitCoin mass-adoption challenges

Leave a reply

Crypto currencies, specifically BitCoin, are touted as the next big thing in financial
services. A secured, encrypted, technologically advanced platform that can support
monetary transactions across the globe is a dream come true for a lot of financial
services innovators hoping for a borderless financial world. This wave of innovation,
while still nascent, bears a lot of advantages.

It’s important to note, though, that not everything is green in the realm of BitCoin. While
some disadvantages are obvious – exchange rate volatility and lack of sufficient market
making are two obvious ones – some are less obvious, and are sometimes mistakenly
presented as advantages by newbies to the industry. Specifically, I am referring to fraud
using or on the BitCoin platform, and misconceptions about its feasibility – while some
may think it is much safer than other means of payment, that is absolutely not the case.
With BitCoin’s no-recourse movement of funds, transactions are subject to two types of
fraud: supply side fraud, and social engineering. Their prevalence might hinder mass
adoption of crypto currencies and must be addresses by the ecosystem before those
can be used the proverbial “normals”, the majority of consumers.

When a consumer purchases online using a credit card, the merchant charging the card
isn’t protected from fraud the same way they would be if charging the card in the offline
world. No issuer, acquirer or card network provides any fraud protection and merchants
can easily be victims of stolen cards or “friendly fraud”, a term describing customers
making actual purchases then charging back alleging fraud, while keeping the goods.

Defending oneself from chargebacks is difficult for merchants and fraud constitutes a major line item in retailers’ financial statements. However chargebacks serve a purpose: they
protect consumers from fraudulent merchants, failure to provide service and other
issues. With no ability to reverse transactions, no consumer protection is possible,
hence more and more fraud is perpetrated by those who pretend to be merchants. As
merchants, they can sell a service or product while charging in advance, and never ship
the product (or never own it in the first place). Consumers who pay find themselves out
of their money and the product they were offered, with no ability to reverse a payment.
Thus, demand side fraud becomes much more appealing to fraudsters.

This lack of protection hurts consumer trust. It also amplifies the damage from each
fraud case. A single fraudster using a stolen credit card may shop for $1000 in stolen
goods; a single fraudulent shop can easily scam dozens and hundreds of consumers.

The other thing to consider is social engineering. Fraud wasn’t invented in the 20th
century nor is it dependent on credit cards. There is a reason why Western Union or
MoneyGram was and still is a favorite for 419-type (“Nigerian”) scams; it, too, has no
option to reverse a payment. Every complex system is as strong as its weakest link, and
BitCoin is no different; the human element is its biggest failure point. As the SEC brings
to trial a man accused of running a BitCoin ponzi scheme, it becomes obvious that no
encryption beats greed and no sophisticated technology beats lack of good judgement.
In that sense, BitCoin isn’t different than any other means of payment, for better or for
worse. It is just not any safer.

Crypto-currencies hold a big promise for a more sophisticated financial infrastructure,
but the discussion about them is still limited to a small group of techies. As the world of
those currencies expands to meet the average user, questions regarding consumer
protection and social engineering must be dealt with, otherwise BitCoin will fail to be
adopted. We cannot just trust the users to be sophisticated, as we have all consistently
demonstrated that as a crowd, we are not sophisticated at all. In a sense, the same lack
of a governing 3rd party guaranteeing at least some protection or recourse, justifiably
hailed as the platform’s greatest advantage, is also one of its biggest disadvantages.
That, too, needs to be a part of an informed discussion.

Why using Bitcoin is like abstinence, and other thoughts about cryptocurrency and financial systems

4 Replies

Elad Gil has this brilliant post titled “6 Startup Ideas Every Nerd Has” with a poignant explanation of how these are thought out. As someone who works on macine learning I can tell you that idea #2 repeats itself too often. I, too, have dabbled with ranting about ideas I hear too often. There is yet another type of ideas, though – ideas that are essentially interesting and good but that are too deep in geekdom to be relevant. Cryptocurrency is one of them.

If you work in payments you can’t get away from cryptocurrency, and its poster child Bitcoin. Every talk of fraud in payments draws scoffs from random commenters; Bitcoin will solve your fraud problems, they say. Irreversible, anonymous, plain and clear. Objecting responders talk of Bitcoin’s (lack of) merits as legal tender and the probability that governments will accept a legal tender they don’t control, if only for money laundering control. Both miss the point: Bitcoin isn’t a contender in the race to replace money. Claiming that Bitcoin solves fraud is like claiming that abstinence solves STDs; at zero participation from the general public, proliferation of fraud in Bitcoin is as futile and unadvantageous as being a sexually transmitted disease is in a world full of monks.

If everyone used Bitcoin, there would be ways to defraud people out of it; from Man In The Middle to 419/Nigerian Prince scam to simple MLM, scams and fraud in eCash are as old as eGold. The human factor is the weakest link, and no cryptocash will replace that. Furthermore, the barriers to entry into cryptocash usage, even if it could solve the problem of fraud, are too high, and prevent wide acceptance. The crypto-community likes this difficulty so much, cherishes it so, that wide adoption is impossible. If you disagree, have your mom mine me some bitcoins. I’ll pay more than the $42 they’re asking for in Mt Gox. You know what? Just have her read through the documentation and explain them back to someone who isn’t you.

Is the system broken? No doubt. The problem isn’t in the way legal tenders are minted, though, but in two other places: identity brokers and financial infrastructure.

The brokers – the card issuers – own the financial relationship and data to underwrite consumers for credit. That’s one major part of the financial equation that let financial institutions dictate the rules of the game both online and offline. If you undermine that relationship you get access to one of the most significant relationships consumers in the developed world have. That’s why I love short term credit schemes like Klarna and prepaid card services like Card.com; the first creates a financial relationship from thin air by extending credit in real time, and the second encourages consumers to deposit some of their paycheck directly to their prepaid-supporting account. Both have the ability to disintermediate issuers.

The financial infrastructure is where I actually think cryptocurrency can be helpful. No matter what you do you can’t run away from the card networks or clearing houses; they are the backbone of money movement. Every dollar moving around ends up paying tribute to the eternal gods of monetary movement. What if Bitcoin didn’t try to become a replacement for money consumers are using, but rather create the first true cloud based clearing house, where newly created financial institutions trade reserves and foreign currency using the Internet, but securely, rather than using the current broken systems? That for me is a big promise, and one huge problem no one’s tackling. What it would require is large Bitcoin liquidity reserves, backed by real currency, and with a stable enough exchange rate to plan a 12 to 18 months window. If new lenders could borrow in Bitcoin from a central Bitcoin exchange, its way to becoming a de-facto backbone of a new breed of financial transactions will be much more probable. So far, it doesn’t seem remotely as available and stable as required.

The payments and personal finance world is broken, but it enjoys a distorted local maximum that a lot of energy is required to move away from. Simply waving an interesting idea at the public doesn’t work. Like flash players weren’t as popular before the iPod and Napster, while changing the music industry, crashed as a business, cryptocash is a precursor to something, but is still not it. It can go somewhere, but is still not there. We need to recognize that to be able to move ahead.