Hacker News new | ask | show | jobs
by Muromec 76 days ago
The bank has to perform the authorization and identity checks, but the bank will not make them for you, they do them for themselves based on their own risk analysis. The scope of authorization could also be different based on who it's presented to.

The authorization is not transitive so to say.

>As an aside, I suspect that leaving it to the bank would also provide additional legal protection

If it would, they will have to pay the bank for it and the bank should also be willing to accept the liability (spoiler alert -- the will not be willing to accept the liability)
2 comments
afferi300rina 76 days ago
Google wants the authority of a gatekeeper without the overhead of human accountability. They automate the "no" but offer no path to a human "yes."
link
Muromec 76 days ago
That's all fine, they can want their wants, but then, once the bad cop writes them strongly worded letter and they start throwing tantrums over "regulation".
link
fc417fc802 75 days ago
> The bank has to perform the authorization and identity checks, but the bank will not make them for you

We aren't talking about authorization, only about identity verification. I'm no domain expert but it is my understanding that banks provide these sorts of services. They certainly already have all the necessary information on hand both for practical reasons (security) as well as legal (KYC and AML laws).

> If it would, they will have to pay the bank for it ...

For the identity verification? Probably, depending on how you went about it. What's the issue? This is already a paid process we're talking about here.

For the additional legal assurance that I described? No, that doesn't cost extra. Please read what I wrote more carefully. It's a transitive property due to the penalties involved in addition to the degree to which the legal system and the bank care (at least assuming my understanding of that legal environment is correct).

link
Muromec 73 days ago
From the point of view of the bank the problem is usually defined as

"how do we asses a complex situation where identity of the person X is one of the signals (but maybe not the strongest one) with enough certainty to balance a probability Y of bad something happening that will cost us Z and still make money"

Most of the time Y and Z are defined because the other department said so and we trust our colleagues, dus the answer is computable (somebody somewhere has it open in a spreadsheet right now).

If you add a transitive property to the system, then, unless there is some regulatory magic that caps the possible value space of Y and Z, the answer is (by default) no.

link