Braid is dead, long live Braid
amandapeyton.comI can some what sympathize with part of what it sounds like here getting crushed by people committing credit card fraud. I had a small little company online in the early day's of the interweb's online payments. We had a very niche retail site, and for a few months we were increasing sales month-to-month. We'd get sales, the merchant company would approve them, and we'd ship out the product. Right up until the point where we got hit with enough fraudulent sales in what had to have been a coordinated effort that it killed us. The card numbers used were stolen, and we got hit with a massive amount of charge backs. Except, now we're out the inventory and no money to restock. It was the end of the retail side of us. To this day, I still have some sort of PTSD from that experience. I have a new site being worked on integrating with a popular modern card processing company. I am terrified to let the site go live and get hit with fraudulent charges again. I am on the fence of not even allowing for sales through the website.
We’ve had good experience using Stripe with extremely aggressive Stripe Radar settings, and using a manual review queue to avoid false positives. We also don’t enable payment methods that automatically accept disputes (e.g. SEPA Direct Debit).
Stripe is who I'm playing with now, but I just do not like having to include their JS library on every page just to use their fraud detection.
The signals they get from you including that library are a big part of what makes the fraud detection effective
It doesn't mean I have to like it. There's a lot of things in the "include our JS file, and get X benefit" in the world that I don't like. I don't have the time nor the desire to attempt to reverse all of the data that is being sent back to the mothership for some "benefit". I take pride in knowing that I'm not collecting data about my users to be stored for later use. I can't say that when I include 3rd party libraries.
If only there were some good and fast internet payment mechanism without middlemen or gatekeepers, where the person getting paid could be immediately 100% sure that they were in possession of the money.
Maybe someone will invent it one day.
In the Netherlands we have such a system called iDEAL. People use the app/site from their own bank to authorize the payment and the money arrives on the receiver's bank account instantly and irrevocably (without a judge stepping in). It's also very cheap (like 25 cents fixed).
Merchant fraud doesn't appear to be a big problem. Probably because the merchant requires a Dutch bank account, which requires a lot of identifying paperwork
It's pretty awesome.
Many other European companies have a similar system, and I believe there are plans to join them into one system. Let's hope the credit card lobbyist don't manage to mess it up.
I’m not knocking it for Dutch people, but the internet needs a trustworthy global payments system that works for more than the 20 million in .nl.
It also sucks that you have to provide strong identity to the payer or payee, sending or receiving payments should not require disclosing identity. That’s a bug, not a feature.
> It also sucks that you have to provide strong identity to the payer or payee, [...] That’s a bug, not a feature.
No, it is a feature, just not a feature for the customer. It's also not a feature for the bank or fintech. The strict identity requirements are a feature for the GOVERNMENT, and if you want to avoid them you probably need to start your own government (which is notoriously difficult).
Your need to buy illegal drugs and launder money anonymously and perpetrate fraudulent rug pulls and shill get-rich-quick pyramid schemes should not trump the needs of most other people who simply require a fast, reliable way to make legal secure business transactions without fees and middlemen. Anyway, the Netherlands and rest of the world already has a fully functioning illegal drug trading and money laundering network, without any need for your cryptocurrency bullshit: that's just a solution looking for problems, which it turns out were solved much better, a long time ago.
you're making a lot of assumptions in bad faith. why?
Maybe they just don't want all of their personal information to be stored in yet another database waiting to be leaked.
The blockchain is a public database that's leaked by definition.
Maybe they shouldn't spend their time evangelizing and shilling cryptocurrencies online just because their own financial security depends on tricking as many new suckers as possible into investing all of their money into the same get-rich-quick pyramid schemes they put their own money into, so they can pump and dump and pull the rug on them the way somebody else did to them.
It’s not a database, it’s just a ledger, and it doesn’t identify people unless you use it incorrectly.
Your unhinged attacks are factually inaccurate, and contribute nothing to the discussion at hand (that is, about payment systems for individual use, which are usually denominated in fiat currencies, which usually get paid in stablecoins) besides anger and hostility. I’ve been using cryptocurrencies as an end user for more than a dozen years and have never done any of these things you list.
Perhaps you paint with too wide a brush.
You suggest that the problems cryptocurrency solve were already solved long ago, but I don’t see it. How do I send money cheaply, instantly, permissionlessly, and irreversibly across borders without identity? I only know of one way.
I still hope for some solution to the problem that doesn't depend on imaginary internet money the value of which fluctuates wildly by the minute. We can keep using cash for anonymous transactions, but there are so many limitations to cash transactions that money transfers via internet don't have.
Hear hear. We have the same thing in Poland.
The problem is that would have the opposite problem, that purchases made with stolen cards were 100% unrecoverable. While im sure we can improve things, the fact that the current system favors individual people, rather than businesses, is intentional, not an accident.
Having a 2FA for credit card / wire transfer payments solves this issue and it's a de facto standard now in many European countries.
How are people using stolen cards?
Do your banks not have 2 factor enabled?
Using the card not present should require a second factor, Visa Secure type of thing and in person should require your pin for non-frivolous amounts.
In the late '90s when it happened to me, this wasn't even invented yet. In the US today, 2nd-factor is not widely used at all. Not once I have I been challenged by a 2nd-factor, and if I were to be, I'd have no idea what to do with it.
If you were purchasing online then it will tell you to refer to your banking app. If it's in perso , them asking for a pin is pretty straightforward.
So who is pushing back against this? The networks already have it in place everywhere else, and since it's part of the transaction process there isn't a lot for stores or websites to do.
In the US, entering a PIN at the terminal is only prompted for debit cards, not credit, and even then you can usually opt to run the debit card as if it were a credit card and just scribble a fake signature.
But that's a low hurdle to resolve.
The Fed should be able to phase in requirements. They've had decades so far.
I assume you're implying some kind of cryptocurrency, but it's impractical to use those without middlemen and you forgot to say "without huge fees".
Also instant 100% certainty is a bit too much in the face of fraud.
> but it's impractical to use those without middlemen and you forgot to say "without huge fees".
It seems your information is quite a bit out of date. These hasn’t been true for a long time.
I didn't say that the huge fees are unavoidable, but they're the norm.
And okay, tell me about how I get some cryptocurrency in a practical way without big middlemen.
The lightning network works great, as does Ethereum.
The incumbents successfully lobbied to get easy on-ramps to this competing system regulated basically out of existence. It’s a tragic story.
You can't really use lightning/Ethereum without using an exchange (a big middleman) to convert your fiat to BTC/ETH, because doing it without KYC etc. is money laundering. I don't really think this is incumbents lobbying, I think it's law enforcement saying, "the way we track organized crime is through money, so you can't do this". Crypto advocates know this, because a big selling point they always bring up is "spend money freely without regulation", which phrased another way is "buy/sell things your government doesn't want you to" which is the definition of organized crime--the only difference here is scale.
There are many occasions where there are completely legal reasons you need or want to transfer money that your government nevertheless does not want you to.
If you are innocent, but accused of a crime, paying a defense attorney is high on that list. The government attorneys would much prefer you not be able to do that.
Donating money to legal organizations that threaten the status quo is another case; you may remember the Wikileaks banking blockade, which happened without any charges being filed against anyone, in response to journalism that some people didn’t like.
The burden of proof for losing access to one’s electronic assets presently is approximately zero. It’s guilty until proven innocent. Proving one’s innocence, unsurprisingly, requires money.
In 2011 I gave a talk at the CCC about how censorship resistant payments are an essential prerequisite to a free society. If you lose the ability to make legal payments the state does not approve of, you lose your basic liberty. You may be interested in seeing it if you care about these things, which I of course think are relevant to everyone.
https://media.ccc.de/v/cccamp11-4591-financing_the_revolutio...
Oh hey, I'm not arguing for less privacy in payments. GP was saying "tell me about how I get some cryptocurrency in a practical way without big middlemen" and there isn't one because of how states define crime and money laundering. I do think it's kind of a tricky problem, but I'm not really defending the regime here nor am I saying that it's actually important to fund things like Wikileaks (which, to disclaim my bias here, I'm not a fan of). I'm sympathetic to the idea that commerce is a basic human right, but I think it very quickly runs into "can I buy black market goods/services" (which are basically like, drugs, guns, human trafficking, violence-for-hire) and almost everyone says "no". I don't see how crypto gets us closer to "you can fund Wikileaks" while not moving us closer to "you can buy a human slave". I think for that we have to look to democratic action to change the laws.
Yeah, I'm sure that's how SBF feels too, but now he's in jail where he belongs. But that's just good government regulation and law enforcement working the way they're supposed to, and I wouldn't exactly call his lobbying "successful". It's SUPPOSED to feel tragic for the people who tried to do it, and got caught.
In Brazil the central bank has such system for free, it's called PIX and is so good and simple to use that some fintechs lost a good chunk of their market share. You only need your National ID or an email. It became even an expression "send me a pix"
> Our product was not in any sort of legal gray area (e.g. crypto) and fit within the bounds of existing law. From the day we started until the day we shut down, we’d spend millions of dollars to build a best-in-class compliance program to sit alongside our offering.
I worked in AML for a short time, and this:
> There were myriad buckets of n users who loved having a financial account designed just for them. A few examples from our own data: coparents, houses, art collectives, extended families who get along, teams, people who share livestock, churches, punk bands, weekend hustles, extended families who don’t get along, wiccans, and our team’s personal favorite, firehouses.
sounds like a compliance nightmare. Who is the beneficial owner of the wiccans collective bank account? What happens when one of the punk band member turns out to be an Iranian national? If three art collective members all deposit 5000 in one day, is that "smurfing" (splitting transactions so that they are under reportable thresholds)?
I think there is a good argument to be made that our current regulatory regime is bad, I'm not defending it. In this current regulatory environment though, "business style accounts but for informal small groups of individuals" cannot possibly make sense as a product. Their sponsor bank obviously didn't care when they were pulling minuscule numbers (10mm in monthly volume on a business account is really not very much to most banks.) Once Compliance finally decides to look at that Braid account, I'm sure it makes perfect business sense to offboard it for risk reasons. I'm shocked they didn't realize this.
ETA: If you are going to build a Fintech, please go listen to The Dark Money Files podcast first,
https://www.thedarkmoneyfiles.com/
Maybe hire them to tell you if your product makes sense. You can't "move fast, break things" with FINRA, it's NOT easier to ask for forgiveness from OFAC, etc.
Hey there - I'm the author of the essay, happy to weigh in. First, your initial reaction makes sense, and we spent many years (and as noted in the piece, millions of dollars) creating a structure that stayed within the bounds of every reg. That's why we didn't have many competitors.
To address your points:
1. The ownership of funds is mapped pro-rata to every user's contribution. If three people contribute $10, $10 and $20 dollars, and then the pool gets spent down to $10 total, the technical per-dollar ownership is $2.50, $2.50, $5. It was critical to have a down-to-the-cent mapping of individual ownership of every dollar in our system at all times. While funds availability is dictated by Federal Law (Reg CC), funds ownership was something we were allowed to establish in our own Terms of Service. It's still live and available to read here (Section 4): https://braid.co/legal/tos if you'd like. Funds ownership was not related to spending permissions, which could be decided by the pool admin (for example, maybe you want all users to be able to spend all available funds, that's up to you).
2. Every individual who signed up for Braid went through our KYC/CIP process. We had a very robust (and expensive) waterfall to verify every indiviual, and screened the entire customer base every time the OFAC list was updated. I was never on board with concept of "treat the group as a single entity" for exactly this reason. For consumers, a group is not a business or an entity, it is a group of individuals and should be treated as such. There are always false negatives and these systems aren't perfect, but if you're on the OFAC list you wouldn't be able to simply sign up for Braid and slosh money around. That's illegal.
3. We built from-scratch internal anti-money-laundering software that was designed to catch exactly the kind of money laundering that could only happen in a pooled account structure, in addition to all the standard money laundering tactics (circular transfers, flow-through, structuring, transaction frequency, and more)
4. From my perspective, a product like this makes sense within the existing regulatory environment IFF the startup (us) was willing to do the hard work to figure it out. We absolutely were and had the time and money to get it right. But yes, it was very complex and at times infuriating.
5. As noted in the piece, the bank off-boarded every fintech they had -- debit cards for college kids, small business banking apps, neobanks for different consumer groups. I know this because we had a phone chain/support group by the end of it. It wasn't about our business model, it was about getting out of fintech sponsorship entirely.
6. We've gone through detailed compliance reviews with multiple banks, and worked with a handful of well-known legal experts (at least that's how they billed). Especially by the end, we had a good sense of the regulatory constraints and what the regulators care about these days. I've met with the OCC personally a couple times and gotten their perspective as well. FINRA regulates investment products, not deposit accounts.
In sum, while there is no such thing "move fast, break things" in fintech, the idea that we shouldn't fight for what consumers want and do the hard regulatory work to make it happen is too depressing for me. I have to believe new products are possible, and still do.
Thanks for the very in depth reply! That was a very interesting read, especially how you managed beneficial ownership. It does sound like hard work, and expensive. I guess I'm convinced it's possible, but it does sound like it would be hard to make it profitable.
Was the business model mainly going to be fee-based?
I've been thinking about writing some sort of white paper on this, because a lot of what we did was relatively unknown and may benefit the larger financial community. "I guess I'm convinced it's possible" is a great first step! I'll take it!
We had four revenue streams (interchange, instant send, credit card loads, and float on deposits) but IMO to really make this work it needs to have a subscription fee as well. That's a whole OTHER controversial topic in payments, but outside the scope of this discussion thread :)
> Every dollar a startup can raise is a gift. For a time I lost sight of this, and I won’t make that mistake again.
This seems like too general of advice. If you are profitable without raising, that in itself is a gift. Why take on debt if you don't need to? This might apply to fast-growth ventures that need to outpace competition to have a chance at existing, but not every company is structured like this or is in a market that requires this.
> A regulatory rug pull can and will outstrip any early traction or compliance gold stars that you think might save you.
Interestingly, this reminds me of all the apps built off Facebook's APIs in the early days. They would regularly remove one feature that was catastrophic. It's difficult to base your existence on some whale's whims, but in some ways often inevtiable too.
> A critical third-party informed us that they’d changed their mind on a key technical decision.
I'm so curious who. I got sick of dealing with Plaid's ceaseless API changes and ended up writing my own scraper for Wells Fargo transactions. I doubt they were using Plaid though XD.
Overall a really interesting writeup and I'm thankful to the author for sharing.
That strategy works fine till hard times come. Look up Beyond The Summit sometime. Sad story how it ended.
Raising money insulates against death by starvation of funds. Of course, the game becomes different; you need to keep growing. But those are the two alternatives, and of the two, sustained growth over 8 years seems like a better general strategy.
Just to balance out your comment — OTOH, a bootstrapped might survive tough times with some tough choices, but a VC-fueled rocket might sometimes have no choice but to liquidate if they can’t carry through with the growth necessary for the next round of fundraising.
Selling your soul to the Devil is great strategy for the Devil. It may be for you too, at least initially. But it isn't good for the rest of the world.
In addition, if I’m reading the article correctly, the reason why it would have been better to raise money when the projections looked amazing is that they didn’t pan out, and to expect them to be accurate was greedy?
I’ve been a founder, so I know that raising money is all about telling a story about the future, and the time to raise is when your graph supports that story, or before you have a graph. If a week later, everything is different, well, that’s start-ups for you. But I think it’s good to be able to take a step back from this and recognize how bizarre it is, and that a business doesn’t have to be structured this way.
Author here. Every week was better than the last, and I didn't expect all the bank/third-party stuff to get SO bad. It felt manageable in October 2021, but for most of H1 2022, the period of our best growth, it got a lot worse. The greedy part was waiting for a "perfect" time to raise. I think this may be obvious, but no such thing exists (as you probably know).
That was such a well written, introspective, and vulnerable story. I've had several opportunities to experience similar rides with very similar endings, and know how gut wrenching failure feels. And how it's often just a failure, with nothing learned. With writing like this, though, the rest of us get to learn.
> Initially, we thought leveraging third-party software would help us move faster and focus on our core offering.
> What we found, instead, was every additional partner had the potential to break big, important parts of our stack.
Sounds like a, literally, very expensive lesson to learn
And the other side of this is also worrying, I wouldn't put it past Braid being one of the biggest customers of this 3rd party, (unless it's a big one like AWS) and then you shoot yourself in the foot with a non-planned deprecation making your customers migrate.
> every additional partner had the potential to break big, important parts of our stack ... > our distaste for contractual and technical lock-in grew dramatically
I learned this through osmosis at one financial-adjacent company I worked for. Every senior technical manager was extremely hostile to any third-party integration. I personally saw several product driven initiatives completely dropped because it would require even the slightest lock-in.
When I see posts on HN or Reddit where the startup mentions a tech-stack built entirely on third-party services, I cringe. That is one of my main frustrations with the current AI wave - where most businesses are only viable with a quality of AI that is available only through third-parties. I believe in 3-5 years we'll be reading a lot of blog posts just like this one telling the same story about how their AI startup was forced to fold due to some locked-in provider changing policies.
I thought I was going to read about the Braid (masterpiece) video game.
I appreciate stories like this, they are the memento mori of startups.
One of the critical observations here for me is: whatever your primary product / value proposition is, make sure to build that out internally yourself, and not buy it from a 3rd party. According to the author, Braid repeatedly bought third party fintech products as core pieces of their platform rather than building it. This simply makes you a hostage to those companies.
I also echo some other top comments here - payments and banking is very highly regulated, and for good reason. The base concept seems extremely ripe for fraud.
> Myth: Your Early Adopters Are Your Best Customers
These folks suffered an extreme case of Early Adopters being unlike the majority, but anyone who gets this advice should read Crossing the Chasm (one of the 2 or 3 non-worthless business books, even if it's really only a single drawing).
Basically: consider the bell curve of a product's life span: First early adopters, then the early majority (your volume customers once you really have PMF), then on the other side of the midpoint: late majority and then the laggards).
The think is your early traction is on early adopters: people with special needs (not usually fraudsters :-), who find your product so valuable that they can put up with its bugs and lack of features to get value out of it, or just people who like the latest thing.
The features the early adoptors want not only are rarely what the majorities want, they could work against what the majorities want. The gap between the early adopters and the majority is a "chasm" -- huge, hard to get across and, as with Braid, often something a company falls into and dies.
I wanna know who the critical third party was, and also why the regulators said "Yeah but nah"
Did the regulators say no to Braid specifically? Felt more like the regulators were putting pressure on the sponsor bank to get out of risky businesses in general.
Author here, yes this is what happened. It wasn't related to our model specifically but rather to the bank's entire portfolio.
Have you ever gotten your coins stolen from your wallet or invested in an ICO that turned out to be a scam, you are not alone because this happened to me too. I initially lost $90,000 in just 3 months from Cryptoallday, I contacted the authorities and they refereed me to a bitcoin recovery agent who helped me recover all my funds within less than 2 days… I’m speaking out to improve our awareness of these cryptocurrency thieves and help you if you have been a victim yourself. Simply email: CRYPTORECOVERYHACKER @ GMAIL COM
What an unfortunate story, trying to do most stuff right and caring about what you're doing, yet failing due to a lot of things mostly outside of your control. I'd feel justifiably wronged by the bank and the vendors of the third party tech.
Oh no, I was hoping this was about a Braid remake, like Time Travel Understander!
I also hoped for some news about the game, maybe an update on the Anniversary Edition announced in 2020 [0].
Yeah, whatever happened there? http://braid-game.com has similar "coming soon, in early 2021" message from 2020.
Oh man, I was really excited to watch that video, since I love Braid, but wtf is that voice? I couldn't bear listening to it.
Then you will HATE the other "Game Helpin' Squad" tutorial videos! ;)
No seriously, the smarmy voice and vocal fry is meant to be annoying -- it's spot-on parody of geeky video game tutorials. And it's well worth pausing and reading the hilarious dialog in the chat logs! But be careful not to accidentally open up your Space Inventory.
I like "World Quester 2" the best, and I recently showed "Pretend Gas Station" to Will Wright:
https://www.youtube.com/watch?v=0Gy9hJauXns&list=PLCD3AF7C1B...
(Edit: That's a playlist with all of them, from long ago. I really wish they would review some new games now, there are so many ripe for parody!)
Haha, the voice in that is normal, so I enjoyed that a fair bit (especially the part where caps lock opens up your space inventory!).
Wow, you really weren't wrong... why would someone do that?
Oh mate, that is a perfect parody.
Well written, I guess the key takeaway for me was to be a little wary about being dependent on building businesses on partnerships, there are few .. I have personally seen some business teams in incumbent partners using small startups for their pumping their own metrics and once their motto is over they can pull the plug.
It's like Venmo meets a corporate card program.
I can’t think of any scenario described in the post that Venmo wouldn’t handle.
One person is the admin of the collective or company bank account, and repays people as needed using Venmo.
If all of that has to be free - no transaction fees, etc - then there is no business there to build. I wonder if revenue wasn’t also a problem for this startup.
It's amazing anyone ever thought there was a fintech sector when it only seems to have about two useful companies (Stripe and Betterment).
Revolut is still going well. Wise.com is still doing consumer forex. But it seems to me that there is only so much space for B2C fintech.
There's a bunch of B2B fintech you might be less aware of because it doesn't advertise to the general public. I spent 7 years at one, Duco, that specializes in reconciliation - comparing data flows from different entities in the finance industry, making compliance with regulations easier.
I am hopeful for the future of this findom app
I don't think findom needs money pools. Its just a bunch of individual account holders receiving payments.
Imagine if your dom could call you a piece of shit within minutes of paying your electric bill
When I saw the title, I thought it is the video game Braid[1].
I really want the Anniversary Edition.
I thought it was https://github.com/braid-org/braid-spec
Except I didn't believe it would shut down. It hasn't :)
Imo, it's the best game ever made. It's the Rembrandt of games.
Meh, it was okay. Not nearly as good as the artiste (and COVID denialist and general arsehole) Jonathan Blow made it out to be.
Same! Was just drunkenly ranting about that game to a very patient rando the other night. I’ve really been wanting to take turns running through it with my partner lately, especially given the atom bomb references in light of the recent Barbieheimer phenomenon.
It's about time!
"We’ve found our cohort of wildly passionate early adopters... Unfortunately, these people are criminals"
reminds me of another exciting and hip big fintech-adjacent industry
I offer this testimony to all victims who have suffered financial loss from fraudulent investments, lottery scams, romance scams, or any online scam and thought it was over. I was introduced to cryptocurrency trading and investing by a group that contacted me online. I invested a total of 28,000 USDT, and the broker which i was introduce to ripped me off completely, i was deceived and also made me a false promises. But luckily, I immediately contacted the Cyber Retrieve that I knew so well. I received complete help from them, by recovering my money from the brokers and perpetrators with whom I invested my money with. And It took Cyberetrieve Service 48 hours to recover my money. I hereby recommend their service to anyone who is looking for any form of financial recovery, contact Cyberetrieve.
Email: Cyberetrieve@mail.com WhatsApp: +1(716} 545-4535
I was hoping to read about the video game (man, I loved that game)