> when Paypal decides to freeze your account because one of their algos detected "fraud"
Even thinking about the times that happened to my company brings red in front of my eyes. Not many companies are that bad luckily. Google adsense/adwords comes close.
Paypal does naive keyword matching. I know this, because I used the word 'aleph' in the comments field when sending someone money, because that word was in the name of the thing I was buying.
Turns out, there is some terror group with the same word in their name.
Also turns out, PP's "sophisticated" fraud detection will hold a payment for nearly a month, when a human looking at the transaction is going to figure out it is a false-positive from a bullshit system pretty quickly.
Also turns out that apparently terrorists are somehow still capable of functioning, despite the best minds of our generation writing these super-cutting-edge detection algorithms.
I have to imagine that there are members of the set of people who are terrorists and also stupid enough to type "for the greater glory of MyTerrorGroup!" in a PP comment field, but there can't be many. And guess what? This gets everyone thinking about what sort of scanning takes place. So in the interests of catching the two idiot financiers who do this, we're teaching everyone to Be Careful What You Say.
Which, come to think of it, is probably an outcome that some are not unhappy about.
Companies like PayPal aren't doing this because they honestly believe it will catch terrorism. They are doing this because the US government tells them to, and they risk onerous penalties for non-compliance.
"Aleph" is on that list as an alias of Aum Shinrikyo, the cult responsible for the Japanese subway Sarin attack in 1995.
These regulations are somewhat pointless in that the list is public so anyone on the list can easily find out the fact they are on it and use an alias / front company / etc which isn't – so they only catch the truly incompetent terrorist funder/sanctions-buster/etc. But I don't think we can blame companies like PayPal for the existence of government regulations like this–I'm not aware that PayPal, or any other major corporation, has lobbied for these regulations to exist–although if PayPal take a month to remedy a false positive, that is unacceptably slow and it is fair to criticise them for that.
Question is, does the gov specify what actions to take when a word is encountered? Sure scan for them, maybe report them but banning, blocking etc without proper investigation seems more a typical Paypal thing I have come to expect over the years working with them than something the US gov would specify.
If you apply your best efforts to following the US government's advice, but then unintentionally end up doing business with a denied party – they are unlikely to prosecute you, and any prosecution is unlikely to suceed. If you ignore their advice, and then end up doing business with a denied party – even if you never realised they were one – then negative legal consequences are much more likely.
Any US exporter (including overseas subsidiaries of US corporations) is required to obey these laws. Other countries have similar laws which must be obeyed as well. For a large global business, this can get very messy fast, which is why large businesses employ whole teams of people to manage this and use software to help them do it (many ERP packages incorporate this functionality).
And these laws don't say "report the transaction to the government but let it through anyway". The laws say "report the transaction to the government AND deny it". If you do the former instead of the later, you are likely both breaking the law and telling the government that you've done it, which is unlikely to end well for you.
From an end-user perspective, freezing the suspect transaction until an investigation can confirm it is harmless is unpleasant. But, from the company's viewpoint, if they don't take the time to do a through investigation of a suspect transaction, they are exposing themselves to significant legal risks.
(Disclaimer: I speak for myself, and these statements should not be taken as statements of my employer. I am not a lawyer and I don't work in the export control field.)
come on. there are >6b people on earth, with many many fraudsters trying to make money at other people's expense. It's a problem that has to be automated sooner or later.
Computers are also much faster in fraud detection. You use your credit card at some store that you have never been, at an odd hour, and your bank triggers a fraud lock, and declines the transaction. That's efficiency.
When there are billions of transactions occurring every day, of course a small error rate will reflect itself on a large number of false positives.
PS: goog employee, but i appreciate fraud detection a lot (especially when it comes to how easy it is to leak SSN in this country, and how useful it is for obtaining credits)
Edit: fact check. there aren't 6b people using computers obviously.
> That's efficiency. When there are billions of transactions occurring every day, of course a small error rate will reflect itself on a large number of false positives.
Yes, coupled with excellent customer service that sounds like a good plan.
Unfortunately your employer seems to have decided that customer service is something they can't afford.
It's actually much worse than "not known for super good customer service", Google are known for awful customer service and not just for the "free" tier. I appreciate that as your employer Google means something different to you, and you certainly shouldn't be expected to answer on their behalf ... but lets not kid ourselves here
When I write here, i try to write it on my own. Being a google employee doesn't have any bearing on what I think about google products. I don't use many google products, because there are better ones out there. I think that should be the perspective when you read most comments here.
But the fraud algo's + the support are absolute crap. I am known to Google + Paypal, I am logged on as a user, I have credit cards and bank accounts attached, I am with both about since they came online. I made money for both; I am not talking as a consumer, i'm talking as a business owner. Which is not the 6b people on earth; it's far less.
The problem is that companies actually, legally steal money like that; I did not fraud anyone ever and yet I have to provide proof (which I already did 100 times; they have my passport copy, bank statements, where I live, know me for 15+ years etc (and have data on me for that time)) and then still smug (...) canned responses that 'this is the way it is'. But I have no recourse besides legal action which is usually not worth it. So I just have to suck it up. It's theft; I did not do anything. That is my gripe; outside internet, it would not stand. But luckily I left that all behind many years ago; this just brought it back in my head :) Sorry for ranting.
I'm all for automation, but not for bad automation. Google is still party to that in many ways; I am logged into Google / Gmail / Plus / Drive / Photos and do a search; I get a captcha request because I 'might be a bot', then I fill it correctly and it says my computer might be sending automated queries. IT IS NOT and it's just a disgrace to the company, when I am logged on as a very long term paying loyal user, that they cannot simply see 'oh, that's Tycho, let's not annoy him with stuff that he never does/did/will (and he uses Linux, is a programmer, uses Noscript so his laptop is very much not compromised) do and oh yeah he is logged in via 2-factor auth so it's him'. Boggles the mind. Not sure how you can defend it.
If it has happened repeatedly caused that kind of problem you might start looking around for a class action lawsuit. Absent any consiquences they'll keep doing what they do.
At the time (this is a long time ago) we looked into that; there were (maybe are, luckily we left ads behind) many conspiracy theories and angry blog posts from people who had their life wrecked by an algorithm without any way to defend themselves. Nothing came of it and we/I learned that you cannot count on Paypal or Google for primary income; we switched to affiliate sales and traditional online card payments and we never looked back.
I am in ads, and occasionally deal with ad fraud. So i cannot speak what they do for other products. I don't think you should derive any meaning from what I say.
Maybe you can answer a question I had for a long time. Many years ago my company got banned from adsense suspicious traffic. We got some standardised email, we mailed back and got some canned responses but no-one cared of course. I have no clue what it even means because no-one explained (besides links to vague blahblah), so 1) what does that mean? I can guess what it means, but how, if we didn't do it (and I seriously couldn't give a crap anymore at this time, but we had nothing to do with it), how can we be banned for it? Then 2) if Google can detect this traffic and qualify it, why not just delete it from the stats and leave it at that?
Edit; not saying you work there so you know it, but if you do and can say, i'm curious :)
Even thinking about the times that happened to my company brings red in front of my eyes. Not many companies are that bad luckily. Google adsense/adwords comes close.