[luckylion]

> I know it sounds bad & counter-intuitive, but if they revealed lots of little parts of their risk model, fraudsters could use it to their advantage.

This is a commonly stated argument, but I don't think it holds water.

I once worked with a company that did grey area SEA stuff where they'd bid on one thing and then show another thing to the users to get around regulatory issues. Of course, Ad-Networks don't like that for all kinds of reasons and shut down their accounts. So they hired people who previously worked at those networks on compliance, enforcement, or in customer support. Those people gave them all the info they needed to make their accounts not get flagged, not look suspicious when someone glances at them etc.

The fraudsters and manipulators are making money, and they're happy to pay money, and will usually find an ex-employee (or current, large corps don't have super-loyal employees) to spill the beans.

The legitimate customers will not, and they'll be harmed and annoyed because of the secrecy (which I think is more to cover corporate asses anyhow, because corporate knows all of this, obviously).