| ▲ | pflenker 3 days ago |
| I don’t mean to defend this, but I know from experience that gift cards are frequently used for money laundring. The laws against that are very strict, incentivizing companies to overshoot and block false positives. At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult. To add more to the problem, some anti money Landry solutions are … AI powered. |
|
| ▲ | monerozcash 3 days ago | parent | next [-] |
| >At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult. For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong. |
| |
| ▲ | dnet 3 days ago | parent [-] | | See https://doctorow.medium.com/como-is-infosec-307f87004563 > This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them. | | |
| ▲ | stephen_g 3 days ago | parent | next [-] | | That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me. | | |
| ▲ | macNchz 3 days ago | parent [-] | | I disagree with this article—its premise relies too heavily on the oft repeated, oft misunderstood line “there is no security in obscurity.” This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense. Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene. I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous. | | |
| ▲ | monerozcash 3 days ago | parent [-] | | Also, to be fair, for money laundering it does raise the barrier to entry quite a bit. Doesn't matter if you have billions of dollars to launder, could already make quite a bit of a difference if you only have millions of dollars to launder. |
|
| |
| ▲ | monerozcash 3 days ago | parent | prev [-] | | I don't disagree, but still think it's better to do as the lawyers tell you to. |
|
|
|
| ▲ | embedding-shape 3 days ago | parent | prev | next [-] |
| > The laws against that are very strict, incentivizing companies to overshoot and block false positives. Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it. They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case. |
| |
| ▲ | mcherm 3 days ago | parent | next [-] | | > I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it. You misunderstand the nature of financial regulation. The laws on things like money laundering are intentionally vague, they say things like "Apple should take measures against it". And financial regulators will not come out and say (especially in writing) that you MUST do any particular thing (like ban customers entirely on suspicion). What they WILL do is ask probing questions, frown a lot, and make suggestions. Which the company had better take seriously. Because the financial regulators have the ability to simply close down your business, and if you cross enough of the unclear lines they will do so. | | |
| ▲ | AnthonyMouse 3 days ago | parent | next [-] | | This is also one of the reasons the government is fond of gag orders. If companies could tell you "sorry we closed your account because of government pressure" then at least you would know why, but then you would know why. Which could give you standing to challenge it or create bad PR for the government and generate public outrage sufficient to make them stop doing that. So instead they censor the company from telling you the reason, because everyone whose account is locked is guilty of Terrorism, obviously, and the people actually committing fraud would be unable to discern that they've tripped the detection system from the fact that their account is locked unless you told them that was why. Certainly not because it would make people unsympathetic to what the government is doing. | |
| ▲ | embedding-shape 3 days ago | parent | prev [-] | | > Because the financial regulators have the ability to simply close down your business You misunderstand how business regulation works in free countries. Financial regulators can't just "simply close down your business" however they want, unless you live in a country that is primarily authoritarian. Again, I'm not saying closing down accounts isn't easier than turning of functionality, but companies could chose the "harder route" if they did care about the users themselves. Alas, most companies priority remains "make more money above all". | | |
| ▲ | queenkjuul 3 days ago | parent [-] | | Every company's priority has always been "make more money above all," it's just that once upon a time some of them beloved that treating their workers and customers well was a part of that goal. History has shown them that wasn't really necessary. And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators. In general it's better for the US government if Apple continues to exist, though. | | |
| ▲ | embedding-shape 3 days ago | parent | next [-] | | > Every company's priority has always been "make more money above all," Maybe that's true where you live, but it's definitely not true all over the world, many economies have a free economy yet companies exist for public benefit, not shareholder value generation. It's out there, wouldn't be impossible to implement where you live either. > And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators Right, I agree. But I also qualified my statement to not be valid in authoritarian countries, so maybe not the greatest example to use. | | |
| ▲ | queenkjuul 2 days ago | parent | next [-] | | > many economies have a free economy yet companies exist for public benefit, I really don't believe you, honestly, unless you're talking only about little mom and pop shops. and what other country would have more regulatory influence on Apple than the US? | |
| ▲ | rvnx 3 days ago | parent | prev [-] | | A bit like OpenAI (non-profit) or Anthropic (public-benefit-corporation). Based on their business model it is clear that profitability is not their goal, and in their own statements: greater good for the humanity | | |
| |
| ▲ | nullfield 2 days ago | parent | prev [-] | | I don’t know. You can’t buy the kind of loyalty that treating your customer well earns you (nor buy revocation of the spite that treating them poorly does). Particular airline like United makes your life hell, or even behaves sloppily and heavily inconvenienced you? You not only hate them, you actively go out of your way to tell your friends, family, and anyone who asks your opinion that you hate them. And why you hate them. (Lost one/only bag, for longer than an entire trip, over ten years ago.) And go out of your way, even at higher cost, to avoid them. (Have never flown United afterwards.) Aside: We know this can be done competently; see Japan. They’ll even fail sometimes, but I suspect that nearly-always, someone from the airline would be delivering the bag personally after they obsessively located it, as opposed to the “meh” attitude US carriers take. On the other hand, some company like Valve: for an out-of-warranty product (just time, current-model Steam Deck) that was purchased outside the country and gray-market imported (consumer level, just carried out to another country)… and which they don’t sell in your country… they demurred a bit then agreed to ship a replacement part to the original purchaser. At zero cost. Dealing with product issues isn’t fun, but we all know issues arise sometimes, and they killed the “delight the customer” goal. Some companies still care, and I’d argue that treating your customers like crap while attempting to extract maximum “short term value” doesn’t actually work. Not in the long term, and in the short term, well… it depends on your definition of “short term”. One bad incident can go viral and wreck your quarterly earnings. | | |
| ▲ | queenkjuul 2 days ago | parent [-] | | The problem is that you and me and every person we've ever met could stop flying United today and they'll keep making billions of dollars for the rest of our lives. Clearly they can horribly mistreat huge numbers of people before it actually risks their business. Same with Apple, Google, Facebook, Microsoft... In fact it's easier with tech companies. |
|
|
|
| |
| ▲ | pflenker 3 days ago | parent | prev [-] | | All this costs money for little return of invest. As long as the collateral damage is below a threshold that causes reputational damage, there is no business incentive to solve this. | | |
| ▲ | embedding-shape 3 days ago | parent [-] | | Yes, I agree, the companies don't actually care about consumers, only what's cheaper for them. But this is a choice companies do, not because laws somehow require them to block the entire account vs individual features. I was just adding that because the original comment made it seem like the companies are somehow forced to act like they do because of laws, but it isn't, it's an intentional cost-measured choice they make by themselves. |
|
|
|
| ▲ | ben_w 3 days ago | parent | prev | next [-] |
| Ironically, I had Amazon flag and undo some gift card purchases (of cards, not with cards) that I made for Christmas, while myself thinking about this category of problem, about why cards are a mechanism for scams rather than specifically money laundering. The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase. |
| |
| ▲ | pacifika 3 days ago | parent [-] | | I agree. The way they make sending parcels internationally more difficult through custom declarations and taxes and fines for smaller occasions it’s more practical to send a gift card from the destination country. |
|
|
| ▲ | supriyo-biswas 3 days ago | parent | prev | next [-] |
| > The laws against that are very strict, incentivizing companies to overshoot and block false positives. On that note[1] is a good read (Cmd+F: "suspicious activity report"), although this specific case is about gift cards, but the AML/T&S etc. space is remarkably similar. [1] https://www.bitsaboutmoney.com/archive/debanking-and-debunki... |
| |
| ▲ | nullfield 2 days ago | parent [-] | | An excellent blog. Their piece on credit card rewards programs is an excellent read as well. |
|
|
| ▲ | gpvos 3 days ago | parent | prev [-] |
| AML = ? (edit) Ah, right, anti-money-laundering, found it in your last sentence. |
| |
