I am a big fan of James Currier. James was the CEO and founder of Tickle (formerly eMode) — one of the top social networking companies (and now a part of Monster.com). so when James says something, I listen.
A couple of months back we were grabbing a smoothie and I was going on and on about consumer internet, how it is so great and easy, yadda yadda … when james chimed in with something very interesting and profound … and something I have not been able to shake since:
Most consumer Internet sites today have an inherent tax of about 25% on them due to scamming, phishing, hacking, and government requests. That 25% is based on time and mind-share. And the 25% is only going to get worse. This is troubling.
I’m calling it the Black Hat Tax. And we’re certainly facing it at Rapleaf.
Since james and I spoke I spent some time talking to a bunch of consumer internet sites — from start-ups to establish companies. these companies, especially those in the dating or social networks space, are increasingly spending their time thwarting bad guys.
A great example is PayPal. The book PayPal Wars details an intense battle the engineering team and even the CEO fought against fraud. This was one of the consuming issues of the company.
Now PayPal is a financial institution, so you would expect lots of fraud. But dating?
After surveying most of the dating sites, I have found that one of their top three issues is fraud. A frequent scam is to contact an unsuspecting middle-age man from a profile of a good looking woman saying “my husband is beating me here in Moscow, please send $2000 so I can buy a plane ticket and escape.” The unsuspecting chap sends the money only to never hear from the person again. Apparently there are scam factories in the Philippines and other places that have thousands of people, paid on 50% commission, working to scam unsuspecting dupes in this way. And one success a month is $1000/mo which compares well to many countries where the avg salary might only be $200/mo.
And this is in addition to people actually hacking into your site. That is a whole other cat-and-mouse game.
James thinks the Black Hat Tax is 25% for most consumer Internet companies right now (with some approaching 40%). I think that is a fair assessment. That means that 25% of your engineering time and 25% of your management team is about preventing fraud. That is a really onerous tax. And James believes this is even getting worse.
Another strain on time is government requests. I talked to an IT person at a social network that was consumed for three days with a government request for information on someone promoting pedophilia. Not only did this person have to get a bunch of information to the federal authorities, but then he had to ensure that the information was backed-up and cannot be erased for at least three years. not to mention that the work was disgusting as the person had to sift through some horrible pictures.
The nefarious characters are getting more sophisticated too. And while thousands of sites are working feverishly to implement best security practices, the bad guys only need to find one hole.
So while my originally point (that launching a consumer internet company is really easy) is still correct, maintaining that site over time is becoming increasingly difficult. More and more mind-share from the engineering team and the executives are going to thwart the bad guys than to actually improve the offering.
This is a really big problem. Really big. The Black Hat Tax is costing consumer Internet companies Billions and billions of dollars. And it is a much higher percentage tax than off-line brick-and-mortar shops invest in security and anti-fraud matters.