you are a very safe user. But by then you are also not a user, because for
every step you have to take, the dropoff rate is probably 30 percent. If you take
ten steps, and each time you lose one-third of the users, you’ll have no users by
the time you’re done with the fourth step.
The point is, the startups didn’t realize there was this risk. We didn’t really
realize there was this risk component either when we started. But we were just
lucky enough . . . Maybe I should be thankful for that happy year of boredom
when I was expecting Windows and digging into stuff, figuring out what fraud
was all about. But one way or the other—whatever caused that—we were smart
enough to realize that fraud was a huge issue very quickly, and then were successful
enough combating it while the startup competitors of ours did not and
got buried very quickly. I remember all these companies announcing that they
were going out of business and they expected PayPal to go out of business soon
too, because the fraud numbers were so staggering that they could not see anyone
handling this sort of thing.
There was one company—I think it was eMoneyMail—that shut down the
company at a conference basically saying that the Internet is not a safe place to
conduct transactions. They had 25 percent fraud. So for every $4.00 changing
hands in the system, $1.00 was stolen. And it was all coming out of their pocket.
They said, “We lost a ton of money,” and they just quit.
Then, people like Citibank and other large financial institutions that also
competed with us that understood the fraud thing very well—they knew from
many years of practice that this was going to become a big problem—didn’t
really approach it with the same happy abandon that we did. We started with
this, “Fraud is going to kill us. What can we do to save ourselves?” They started
from, “We have no fraud. How can we build this and not let any more fraud in?”
Which is the wrong position to start because you are limiting your users, and
new users learning about a new system really don’t want to be restricted.
Livingston: Why do you think they thought that way?
Levchin: I think there’s a very strong power of default where, to them, certain
behavior to solve a particular problem is well understood. There are people that
make careers out of risk management in big banks. They know that what you do
is this and you don’t do that.
The other part, I think, is that a lot of them are public companies. We didn’t
go public until we had the fraud thing figured out. Somebody like Citibank or