This week on Bits about Money: geeks running Internet-enabled small businesses using a combination of software development, marketing savvy, online platforms, and boutique investment firms... except they're evil.

Welcome to the fraud supply chain.

bam.kalzumeus.com/archive/the-fr…
This is a follow-up on my tweetstorm from Giving Tuesday about how charities get preferentially targeted by card testers, one link in this supply chain.

A number of y'all told me that this was surprising, so I thought I'd go into it in more detail.
I have some weird hobbies. One of them is email spam, which I did a (tiny) bit of work on in my first job in Japan.

In doing the research for it I read a new article by some blogger who had a Plan for Spam.

paulgraham.com/spam.html
Anyhow, while I was reading everything I could about spam, I fell backwards into reading about the world of online fraud, and it was so freaking fascinating. It combined my interest in systems about money, programming, etc, with the thrill of a heist movie.
Fast forward 15 years and I ended up working in the payments industry, and it turns out that there are a number of people who love geeking out about this stuff.
If you were e.g. a technologist or marketer or similar who was newly hired at my day job, and had never thought about this subject before, this essay is approximately what I would tell you over a coffee prior to pointing you to the internal docs about What We Do About It.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Patrick McKenzie

Patrick McKenzie Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @patio11

4 Dec
Shower thought:

Crypto “earn” products (“give us your stablecoins/etc and we’ll lend them you; you get interest”) are sold as deposits but are actually complex structured products containing multiple equity derivatives.
“That seems like a bunch of really complicated words to describe something which isn’t that different from what banks do.”

Yeah but the word “that” is pulling much more weight than most people think.
(It’s not a new realization that these products are shadow banking. Of course they’re shadow banking. But they appear to have made shadow banking *more* risky, not less, by implementing it on top of the substrates they picked and selling it for the use case they sell it for.)
Read 7 tweets
4 Dec
In a bit of extremely potent irony given that I’ve this week been on a writing tear about charitable donations and why they’re unexpectedly implicated in the fraud supply chain, a bank saw some of my end of year planning and locked my account due to suspicious activity.
On the one hand I’m annoyed, on the other hand now every time silly bank stuff happens to me I get to spend less time wracking my brain for newsletter topics, so I suppose I should be thankful.

Though next time would appreciate risk actions *before* I exit writer’s block.
A weird thing is that during conversations with banks to get these sort of things reversed sometimes I get dug in deeper when I try to be empathetic and say “Oh no worries I’m not angry; I understand exactly what happened. You were worried this account was being card tested.”
Read 5 tweets
4 Dec
People sometimes wonder when fraud is such a thing when it is “so obvious” to spot.

I have a transaction to report. Place your bets on whether it sounds legitimate.

A high school student opens an Amazon account in 1996 from Illinois. They use it to purchase books through 2000.
After 2000 the account goes almost entirely dormant, except sometimes buys Christmas gifts. It never purchases anything over $200.

In 2007, the account uses a new credit card with a billing address in Chicago associated with the account holder to buy a $2k laptop.
The transaction is initiated from Nagoya, Japan, on a machine that has never accessed this account before. The account has never been accessed from Nagoya at all.

The shipping address is entirely new. The name shipped to is, going by e.g. apparent ethnicity, not related.
Read 8 tweets
4 Dec
No lie, sometimes I hear about the vibe people get from DAOs and think “This really rhymes with the first few weeks of that charity that started out of a bunch of geeks piling into Discord.”
I love people getting enthusiastic about collaborating on things over the Internet, and honestly the whole Constitution thing kind of pushed my buttons in a way Number Go Up projects generally do not, but broadly unclear to me that DAOs the form benefit the communities they serve
The job to be done here is much more interesting than the job currently being done, IMHO.
Read 7 tweets
3 Dec
I had the opportunity to speak with a class of fellows at the Impact Africa Network a few months ago, and enjoyed the experience and their questions.

impactafrica.network

Talented geeks exist everywhere; market structures that support them do not.
I was struck by how similar some of their challenges were to the ecosystems I've been directly physically in in Ogaki and Tokyo.

Lack of mentors, social scripts for success which only allowed young people to aspire to BigCo jobs, little opportunity for skill building early.
Mark, the CEO, sent me an interesting email earlier today, about the cost structure for employing geeks in Africa while they skill them up. The subject was 509.

$509 (US) per month per employee in average fully-loaded cost of employment.

That's an interesting advantage!
Read 9 tweets
3 Dec
“What happens if you invest depositor’s money in a debt platform which suffers a $100M+ operational loss of which you own 50%+ in traditional finance, Patrick?”

… That doesn’t happen.

“But play along with the hypothetical.”

Alright I’ll try:
We’ll start with the notion of “depositor.” Speaking broadly, if you accept retail money, by regulation you are almost certainly prohibited from investing in anything which has any reasonable probability of having a $100M operational loss.

But Ops losses do happen in the world.
So you have an agreement with your contra operating the platform that gave rise to the ops loss. That contract, which was negotiated by competent professionals on both sides, is extremely explicit as to which of the two of you owns the loss.

It’s probably your contra?
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(