[fragsworth]

If a transaction is decided to be "High Risk", why not postpone the transaction until additional verification is done?

Instead, we are left wondering if Coinbase is selectively cancelling transactions that they can make a profit off of (due to the volatility of bitcoins)

[pault]

If the flagged transactions were immediately rejected it would obviate the need for excuses. What benefit do they get from putting the transaction in limbo for days before they notify the user?

[patio11]

If you give users immediate feedback as to which transactions hit your fraud screen, this allows fraudsters to black box reverse engineer your fraud detection algorithms much, much faster. You very much don't want to do this if you're a financial services business, because if your primary anti-fraud mechanism is an automated system and fraudsters discover the rules to it, you will probably learn about that first when you wake up, run an accounting report, and discover you lost $8 million overnight.

I don't think the average HN user appreciates the risk environment payments companies work in. Imagine if a criminal gang organized enough to have a payroll had ten copies of people who were every bit as good at app security / financial risk management as e.g. Thomas, with two of them whose only marching orders were "Probe payments sites every day, quietly, and tell the team when you find one which is weaker than it could be. We will then conduct several months of quiet R&D on a software product which is more elaborate than that shipped by most YC startups. Our 'launch' will be deployment of that software product against our adversaries at the payments company, and it will blitz them so fast that by the time anyone thinks to pull the plug we'll be millionaires. Then we'll celebrate our good fortune until we do it again next week, to them or another company as circumstances dictate."

(Risk management, which a lot of startups need, is a high-leverage and very fun environment to work in. At present a lot of companies, large and small, custom build systems out of bubblegum and duct tape. If you get good at this you'll have a very rewarding career ahead of you, for many definitions of the word rewarding. I used to want to go into it but got sidetracked by the unexpectedly high amounts of leverage you can get using software to sell software.)

[sethev]

I'm curious: what do you mean by risk management (other than credit card fraud prevention - or is that what you meant?)

[aryanet]

I had that immediate rejection too. A few days ago when they launched instance buy, I was qualified to buy 1 per week. I did it, not only it immediately reduced my quote of buy by 1, but it immediately got cancelled due to high risk. So, there is something to say about this.

[pault]

That's good to know. I want to give the benefit of the doubt to coinbase, but they haven't done a good job of getting out in front of this story.

[shtylman]

What price would you then give the user?

[colechristensen]

'buy low sell high'

For a given time period

* Mark transactions as 'high risk' at random

* Prefer transactions which buy coins from the user at low prices and sell coins to the user at high prices

* Randomly cancel a subset of non-preferred transactions after you've seen the market move over your time period

* Profit

If you do this right, canceling transactions is like having a price oracle, you can profit with 'future knowledge' by leaving some transactions open for extra seconds/minutes/hours/days.

[aryanet]

I agree with buy low sell high. If they do this at a large volume and keep some liquid at least during price surge, it may solve the problem.

[hga]

There are various physical coin dealers who are said to play the same sorts of games.

[aryanet]

I agree with you entirely. They should use a secondary level of verification than denying service by canceling transactions randomly.