[yuy910616]

I do love the product and don't want to appear like I'm bashing it. Great work on lunching! Best of luck!

However, it seems if this practice (scanning card) becomes more widely adopted and becomes a standard process of detecting fraud, it'd become a relatively easy target for fraudsters to crack, right? I don't know if DL or card making technology will outpace fraudsters' will to make fake cards?

Further more, if I'm a fraudster and know some websites that adopt this policy, there is a big incentive for me to get a credit card embossing kit to start making cards, right? After all, I'd think it is far easier to make a copy of a card than making the magnetic strip thing? And given your tech is a strong signal of 'not fraud', if it is relatively easy to beat this system, wouldn't it attract a huge number of fraudsters?

[splonk]

I used to work in this field. The goal is not to create something unbeatable. The goal is to make something difficult enough that it becomes more cost effective for a fraudster to attack someone else instead. Acquiring thousands of credit card numbers and credentials (and even CVCs) is trivial. Actually converting those to real cash using real hardware is an incredible pain compared to just finding the least well defended e-commerce site out there that will sell you a gift card or bitcoin or whatever.

We used to say that our job wasn't to stop fraud, it was to move the attacks to Paypal instead. I don't have strong product opinions on this either way (personally I find all the card scanning apps to be incredibly annoying, but I think I'm a minority), but I do think it'll be a long time before I'd be worried about self-embossed cards being a meaningful attack vector.

[avip]

Security is always about bar raising. Any protection can be bypassed. But for a non trivial period, fraudsters would be forced to try their CC listings on other apps, not protected by this tech. This will provide tremendous value to Dyneti's customers.

[lennyevans]

Lena here: completely agree avip. In terms of fraud losses, most companies are really worried about fraudsters that can scale their operations, not super targeted attacks. If you can increase the cost (in terms of time and money) of committing fraud, it becomes less scalable and less profitable for the fraudster. So certainly, a fraudster can get a card embossing kit and start making cards, but this is going to be much slower. Without our solution fraudsters are just typing in a card number, which takes seconds! Unless each instance of fraud is highly valuable (for example, as is the case with banks as Julia mentioned earlier), the economics start to look worse and worse. On top of that (and this certainly applies more to any deep-learning based solutions trying to bypass us) our models will constantly improve and so we'll force the fraudsters to constantly improve any fake card generation, making the fraudsters spend time on that rather than defrauding.

[yuy910616]

Hi Lena, Great answer! Congrats on launching. I do have a few more counterpoints.

Thinking about this from a individual fraudster perspective. Acquiring a stolen cc is not an easy transaction, there is risk, and cost involved. So I think each fraudster would be trying to maximize the value of each stolen cc they have on hand. When you have a system that doesn't tell the fraudster what is causing the stolen cc to be rejected, the fraudster has nothing but trial&error to improve their chance, maybe instead of public wifi they have to use a private one, maybe instead of a gmail account they have to use a edu account. But in this case, if they know that a embossing kit will significantly improve their chance, wouldn't they spend the money and get that technology?

The bottom line is this technology has to make it more expensive for the fraudster to throw their hands up and say "well i better go try a different place". but I'm not sure if the barrier is high enough here. Furthermore, if you have an 'invisible' barrier, then it is all about trial and error, if you have a 'visible' barrier, I think it is just going to garner more attention and more people trying to solve it?

[julia-zheng]

So actually acquiring stolen cc numbers is very easy - there's a bunch of marketplaces that sell thousands of them. Figuring out a scalable way to extract value out of them, however, is hard. More than visible or invisible barriers, what makes a fraudster want to spend time getting around the defenses of a specific business is the value of the offering (e.g., banks vs an app that sells a service)