Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
monerozcash 3 days ago

>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.

For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.

dnet 3 days ago | parent [-]

See https://doctorow.medium.com/como-is-infosec-307f87004563

> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.

stephen_g 3 days ago | parent | next [-]

That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me.

macNchz 3 days ago | parent [-]

I disagree with this article—its premise relies too heavily on the oft repeated, oft misunderstood line “there is no security in obscurity.”

This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense.

Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene.

I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous.

monerozcash 3 days ago | parent [-]

Also, to be fair, for money laundering it does raise the barrier to entry quite a bit. Doesn't matter if you have billions of dollars to launder, could already make quite a bit of a difference if you only have millions of dollars to launder.

monerozcash 3 days ago | parent | prev [-]

I don't disagree, but still think it's better to do as the lawyers tell you to.