Friday, October 30, 2009

Amazon PayPhrase is a nice, risky step (plus some PayPal platform)

Today, TechCrunch posted about Amazon PayPhrase going live. It appears that Amazon customers were notified of this feature, allowing them to set a phrase they can later use on 3rd party sites to check out quickly - just type in your payphrase and PIN and you're out. The TC post mentions a similarity to PayPal's student accounts, I am not sure I agree, but that's not the case. The interesting question (one also raised in the post) is - what new risks does a new feature introduce into the system?

There's a lot to be said about modeling the possible risks in a new payment feature, and I find it to be some science, some art. You have to weigh not only what users and fraudsters are doing now, but also what opportunities will they have once you introduce a feature, and understand how to design controls that mitigate the major issues without hurting functionality. That's why there's some art in it.

Saturday, October 24, 2009

The EU is less united than expected

This mystery research, widely advertised today by the EU union's research department, puts cross border shopping declines inside Europe at 60%. I once wrote a post about 3rd world shoppers unable to shop, but this situation is a much graver one. Unfortunately, the pros' call to invest in better, more intelligent risk management to open up to international purchases goes unnoticed, while merchant insist on making lives harder for legitimate buyers.

Hopefully SEPA will help solve at least part of the issues dealt with here, at least giving a head start for merchants and buyers on their mutual trust issue.

Thursday, October 22, 2009

Reconstructing Zynga: the industry's opinion on fraud in social games

My previous post about fraud in Social Games raised a few objections and spun a few sub-discussions. That's great, because it shows people are interested, and there's a LOT to be discussed in this field. I wanted to circle back to some of the main points that were raised in this discussion.

There's nothing new about fraud. Really. Ever since people walked this planet, I would assume, there has been fraud - more and more as time advances and human kind introduces additional currencies that replace tangible goods. It's beyond the limited availability of tangible goods; being able to control supply and demand through a symbol (call it cash, checks, virtual currency or repackaged subprime mortgages) is the basis for modern economy. But is the fact that fraud isn't new merely a reason for underestimating it? Definitely not; if it were, then why is the Spanish Prisoner scam, better known in its current days' reincarnation as the Nigerian Scam, still rampant on the web?

Sunday, October 18, 2009

And now for something completely (?) different

I'm diverting from Risk per se the deal with another decision-automation question I'm wondering about.
High-tech fluctuates. It boomed on the verge of the new millennium, and did so (albeit differently) before the latest downturn. And when booming, help is required. High-tech companies don't usually post a "help wanted" sign on their office wall (though some in Israel did), and getting to a good position requires some work beyond coming from a good school. In the days of the "bubble", just knowing a few people would secure you a position somewhere in the space, but nowadays it takes a lot more than that - employers demand good grades, subject matter expertise and experience - all of which are no mere feat for new graduates.

Tuesday, October 6, 2009

Jacob doesn't mind


Let's say there's a guy names Jacob. This guy, he's 23 years old, has somewhat of a steady job, largely sales and maintenance for a nice apartment complex in southern California. He uses PayPal, a lot more than he would like. He also has a Facebook account and a MySpace page; he follows friends on Twitter (and sometimes updates his own status messages there). He has an iPhone 3G; he's on top of things. If he was ever hit by fraud, he would probably tell his friends about it.


You know what? The industry is missing on many of Jacob's friends. Not because they don't have credit cards or because they don't shop online - it's because we haven't changed with them. Why? Because Jacob doesn't mind - he doesn't mind his information being out there on the web (as long as it's kept with a privacy policy). He doesn't mind some interaction with risk controls because web 2.0 and post 9/11 safety education taught many users that it's ok to be asked questions by those with authority. And in the land of risk management online, we are the authority. And we are limiting our business. Jacob and his friends don’t mind working with us to make their lives better – we simply won’t let them.