I don’t mean to defend this, but I know from experience that gift cards are frequently used for money laundring. The laws against that are very strict, incentivizing companies to overshoot and block false positives.
At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
To add more to the problem, some anti money Landry solutions are … AI powered.
>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.
> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me.
I disagree with this article—its premise relies too heavily on the oft repeated, oft misunderstood line “there is no security in obscurity.”
This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense.
Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene.
I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous.
Also, to be fair, for money laundering it does raise the barrier to entry quite a bit. Doesn't matter if you have billions of dollars to launder, could already make quite a bit of a difference if you only have millions of dollars to launder.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case.
> I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
You misunderstand the nature of financial regulation. The laws on things like money laundering are intentionally vague, they say things like "Apple should take measures against it". And financial regulators will not come out and say (especially in writing) that you MUST do any particular thing (like ban customers entirely on suspicion).
What they WILL do is ask probing questions, frown a lot, and make suggestions. Which the company had better take seriously. Because the financial regulators have the ability to simply close down your business, and if you cross enough of the unclear lines they will do so.
This is also one of the reasons the government is fond of gag orders. If companies could tell you "sorry we closed your account because of government pressure" then at least you would know why, but then you would know why. Which could give you standing to challenge it or create bad PR for the government and generate public outrage sufficient to make them stop doing that.
So instead they censor the company from telling you the reason, because everyone whose account is locked is guilty of Terrorism, obviously, and the people actually committing fraud would be unable to discern that they've tripped the detection system from the fact that their account is locked unless you told them that was why. Certainly not because it would make people unsympathetic to what the government is doing.
> Because the financial regulators have the ability to simply close down your business
You misunderstand how business regulation works in free countries. Financial regulators can't just "simply close down your business" however they want, unless you live in a country that is primarily authoritarian.
Again, I'm not saying closing down accounts isn't easier than turning of functionality, but companies could chose the "harder route" if they did care about the users themselves. Alas, most companies priority remains "make more money above all".
Every company's priority has always been "make more money above all," it's just that once upon a time some of them beloved that treating their workers and customers well was a part of that goal. History has shown them that wasn't really necessary.
And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators. In general it's better for the US government if Apple continues to exist, though.
> Every company's priority has always been "make more money above all,"
Maybe that's true where you live, but it's definitely not true all over the world, many economies have a free economy yet companies exist for public benefit, not shareholder value generation. It's out there, wouldn't be impossible to implement where you live either.
> And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators
Right, I agree. But I also qualified my statement to not be valid in authoritarian countries, so maybe not the greatest example to use.
> many economies have a free economy yet companies exist for public benefit,
I really don't believe you, honestly, unless you're talking only about little mom and pop shops. and what other country would have more regulatory influence on Apple than the US?
A bit like OpenAI (non-profit) or Anthropic (public-benefit-corporation). Based on their business model it is clear that profitability is not their goal, and in their own statements: greater good for the humanity
I don’t know. You can’t buy the kind of loyalty that treating your customer well earns you (nor buy revocation of the spite that treating them poorly does).
Particular airline like United makes your life hell, or even behaves sloppily and heavily inconvenienced you? You not only hate them, you actively go out of your way to tell your friends, family, and anyone who asks your opinion that you hate them. And why you hate them. (Lost one/only bag, for longer than an entire trip, over ten years ago.) And go out of your way, even at higher cost, to avoid them. (Have never flown United afterwards.)
Aside: We know this can be done competently; see Japan. They’ll even fail sometimes, but I suspect that nearly-always, someone from the airline would be delivering the bag personally after they obsessively located it, as opposed to the “meh” attitude US carriers take.
On the other hand, some company like Valve: for an out-of-warranty product (just time, current-model Steam Deck) that was purchased outside the country and gray-market imported (consumer level, just carried out to another country)… and which they don’t sell in your country… they demurred a bit then agreed to ship a replacement part to the original purchaser. At zero cost. Dealing with product issues isn’t fun, but we all know issues arise sometimes, and they killed the “delight the customer” goal.
Some companies still care, and I’d argue that treating your customers like crap while attempting to extract maximum “short term value” doesn’t actually work. Not in the long term, and in the short term, well… it depends on your definition of “short term”. One bad incident can go viral and wreck your quarterly earnings.
The problem is that you and me and every person we've ever met could stop flying United today and they'll keep making billions of dollars for the rest of our lives. Clearly they can horribly mistreat huge numbers of people before it actually risks their business. Same with Apple, Google, Facebook, Microsoft... In fact it's easier with tech companies.
All this costs money for little return of invest. As long as the collateral damage is below a threshold that causes reputational damage, there is no business incentive to solve this.
Yes, I agree, the companies don't actually care about consumers, only what's cheaper for them. But this is a choice companies do, not because laws somehow require them to block the entire account vs individual features. I was just adding that because the original comment made it seem like the companies are somehow forced to act like they do because of laws, but it isn't, it's an intentional cost-measured choice they make by themselves.
Ironically, I had Amazon flag and undo some gift card purchases (of cards, not with cards) that I made for Christmas, while myself thinking about this category of problem, about why cards are a mechanism for scams rather than specifically money laundering.
The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase.
I agree. The way they make sending parcels internationally more difficult through custom declarations and taxes and fines for smaller occasions it’s more practical to send a gift card from the destination country.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
On that note[1] is a good read (Cmd+F: "suspicious activity report"), although this specific case is about gift cards, but the AML/T&S etc. space is remarkably similar.
Wouldn’t work for money laundering. As far as AML regs (and banks) are concerned a small business is indistinguishable from a personal retail account. This makes sense from a business point of view because a lot of small businesses are just one guy, and small business owners tend to mix their personal finance with their business finance. From an AML point of view, a lot, perhaps most money laundering is done with registered business entities. It’s easier to create a numbered corporation than a whole person.
I'm sure they're not all scammers, but what's the upside to the consumer? Why not just give the money directly? Seems to me like all the upside is on the company, and all the risk is on the user.
In some countries, where people receive conditioned social security benefits, just sending the money via bank account will have disadvantages (at worst the next sum from social security is lowered 1:1 by the money received and they try to keep it that way). So, if you do not meet the gift receiver in person and do not trust the postal service with cash, a gift card can be a solution.
The theory is that if you give someone cash, they're just going to put it in the bank or buy gas with it, but if you give them gift card to e.g. a game store then they're going to buy a game, without you having to know which game they want.
It's the same premise as buying someone any gift instead of just giving them the money so they can buy whatever they want.
Arguably, they'll be happier with the video game than with a tank of gas, which you've ensured they'll choose by not giving them the cash
Edit to add: kids often don't have bank accounts, i mostly received gift cards as a child, from relatives who wouldn't want to mail cash and couldn't give me cash in person. On a dark note, giving a kid a gift card to a toy store makes it harder for the parents to steal it for themselves.
The whole practice originates from "gift certificates" where you'd maybe go to your favorite spa and get a gift certificate to give someone, so that the spa treatment is the gift you're giving, but the recipient redeems it whenever they want. That just got abstracted to non-service gifts as well, with the same idea ("treat yourself to a new video game, whichever and whenever you feel like it" -- that's the gift, facilitated by the card)
Also for kids at least, sometimes they really will be happier with less choice. Sometimes kids make bad decisions and limiting choice to good options is helpful.
Additionally the inverse is true. Sometimes kids choices are restrained, and they really would like to do a thing they are not allowed to, and gift cards offered them away to do that. Case in point: my tween figured out that we don’t let him buy in game currency for any the games that we do let him play, however, when a relative gives him a gift card, we let him redeem it, making gift cards incredibly popular gifts.
I joke that a $100 gift card is an "inferior $100 bill", because you can spend the bill anywhere, but the gift card only in one place. People give them as gifts because it shows marginally more effort than just giving cash.
The best date picker is the one which doesn’t require picking a date. If done correctly, the browser can auto-fill your birthday, for example. In many other cases it’s possible and makes sense to guess a date and prefill the date field. Phones attempt the same with being biased towards entering the current date or datetime.
Easy. You have data available which tells you about the most likely travel dates, and you set this as the default. Many booking platforms pick a weekend in 2 weeks or something like that. This predefined field changes the task from entering a date to correcting a date, where the prefilled date is likely close to the desired date and thus requires less input/changes than starting from scratch.
Tangentially related, the AI integrated in Google Chat is hilariously bad. Find a thread which starts with „Bug: (…)“ that has 90+ answers. Hey, an AI could be useful here! Click summarize. Wait. Without fail the result will be along the lines of „X, Y and Z discuss a bug.“
It would be fine if you could then reply with 'no, please tell me about the nature of the bug not the people involved', and then have it remember that forever.
However nearly nobody seems to correctly implement this user-wide memory.
They should mainly be worried about their reliability and trustworthiness. They should not worry about article length, as long as it's from exhaustiveness and important content is still accessible.
Serving perfectly digestible bits of information optimized for being easy to read must not be the primary goal of an encyclopedia.
By the way, "AI summaries" routinely contain misrepresentations, misleading sentences or just plain wrong information.
Wikipedia is (rightly) worried about AI slop.
The reason is that LLMs cannot "create" reliable information about the factual world, and they can also only evaluate information based on what "sounds plausible" (or matches the training priorities).
You can get an AI summary with one of the 100 buttons for this that are built into every consumer-facing product, including common OS GUIs and Web browsers.
I wound up typing that entire listing at least three times before I gave up and never saw the errata. Definitely worth the satisfaction of youtubing or googling the output decades after.
I remember having to figure out how port magazine and book BASIC code between the various dialects between the various spaces I spent time in. In the 1980s, my uncle first taught me BASIC on an IBM PC. At school we had an Apple ][+ while at home I had a Coco II and later an Amiga. Another friend had a Vic 20, while another had a Commodore 64. Then came QuickBASIC, QuickC, Microsoft C, C on the ICONs, Aztec C, gcc... 6502, m68k, 8086, i386... Learning about the quirks across systems so early on turned out to be an invaluable experience.
Lottery is a tax for people who don’t understand statistics.
reply