Comment by vishnugupta
3 years ago
This is an extremely long-winded article/blog to say the following
> the policy choices available to them impact the user experience of fraudsters and legitimate users alike. They want to choose policies which balance the tradeoff of lowering fraud against the ease for legitimate users to transact.
You encounter well known tension pattern several places. For instance, in safety critical systems there's a tension between safety and progress. Or take IT-sec industry; tension between usability and being secure.
I work in IT/AppSec, and this came to mind immediately. Implementing perfect security would be "don't connect to the internet and don't let anyone use the computer". Clearly not an option, so my job is to analyze the cost and risks against the benefits and help choose a path of balance. A specific example: we can only heuristically detect the difference between legitimate and malicious calls to the public endpoints. Is that spike in traffic trying to DDOS us, or is it close to Black Friday so customers are in go-go mode? Setting the rate limits somewhere meaningful is a tradeoff.
Great analogy re. appsec.
Risk is never zero and achieving it prevents everything.
It's like a braindump of a thought-train trying to reach a simple conclusion rather than just stating the simple conclusion itself.
patio11 is good at many things, brevity is not one.