← Back to context

Comment by pflenker

2 months ago

I don’t mean to defend this, but I know from experience that gift cards are frequently used for money laundring. The laws against that are very strict, incentivizing companies to overshoot and block false positives.

At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.

To add more to the problem, some anti money Landry solutions are … AI powered.

25 comments

pflenker

Reply
monerozcash  2 months ago

>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.

For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.

  • dnet  2 months ago

    See https://doctorow.medium.com/como-is-infosec-307f87004563

    > This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.

    • stephen_g  2 months ago

      That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me.

      2 replies →

embedding-shape  2 months ago

> The laws against that are very strict, incentivizing companies to overshoot and block false positives.

Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.

They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case.

  • mcherm  2 months ago

    > I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.

    You misunderstand the nature of financial regulation. The laws on things like money laundering are intentionally vague, they say things like "Apple should take measures against it". And financial regulators will not come out and say (especially in writing) that you MUST do any particular thing (like ban customers entirely on suspicion).

    What they WILL do is ask probing questions, frown a lot, and make suggestions. Which the company had better take seriously. Because the financial regulators have the ability to simply close down your business, and if you cross enough of the unclear lines they will do so.

    • AnthonyMouse  2 months ago

      This is also one of the reasons the government is fond of gag orders. If companies could tell you "sorry we closed your account because of government pressure" then at least you would know why, but then you would know why. Which could give you standing to challenge it or create bad PR for the government and generate public outrage sufficient to make them stop doing that.

      So instead they censor the company from telling you the reason, because everyone whose account is locked is guilty of Terrorism, obviously, and the people actually committing fraud would be unable to discern that they've tripped the detection system from the fact that their account is locked unless you told them that was why. Certainly not because it would make people unsympathetic to what the government is doing.

    • embedding-shape  2 months ago

      > Because the financial regulators have the ability to simply close down your business

      You misunderstand how business regulation works in free countries. Financial regulators can't just "simply close down your business" however they want, unless you live in a country that is primarily authoritarian.

      Again, I'm not saying closing down accounts isn't easier than turning of functionality, but companies could chose the "harder route" if they did care about the users themselves. Alas, most companies priority remains "make more money above all".

      7 replies →

  • pflenker  2 months ago

    All this costs money for little return of invest. As long as the collateral damage is below a threshold that causes reputational damage, there is no business incentive to solve this.

    • embedding-shape  2 months ago

      Yes, I agree, the companies don't actually care about consumers, only what's cheaper for them. But this is a choice companies do, not because laws somehow require them to block the entire account vs individual features. I was just adding that because the original comment made it seem like the companies are somehow forced to act like they do because of laws, but it isn't, it's an intentional cost-measured choice they make by themselves.

ben_w  2 months ago

Ironically, I had Amazon flag and undo some gift card purchases (of cards, not with cards) that I made for Christmas, while myself thinking about this category of problem, about why cards are a mechanism for scams rather than specifically money laundering.

The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase.

  • pacifika  2 months ago

    I agree. The way they make sending parcels internationally more difficult through custom declarations and taxes and fines for smaller occasions it’s more practical to send a gift card from the destination country.