On The Optimal Amount of Fraud

Sounds weird, right?

What is the optimal amount of a problem – any problem – in your life? Surely the answer to this question must be zero! No?

Let’s get more specific. What is the optimal amount of poison in your body? Surely the answer to this question must be zero! No?

Well, that would mean no vaccinations, for starters. And no sugar in your body, but that’s a whole other story.

But it certainly would mean no vaccines in your body. Here’s the definition of a vaccine:

“A substance used to stimulate immunity to a particular infectious disease or pathogen, typically prepared from an inactivated or weakened form of the causative agent or from its constituents or products.”


So if you want your body to develop the ability to fight a particular virus, you first need to inject your body with a (much) milder form of that virus. The optimal level of “poison” in your body? Non-zero!

But why should the optimal level of fraud be non-zero?

The answer, as it turns out, is related to opportunity costs:

All fraud is a) an abuse of trust causing b) monetary losses for the defrauded and c) monetary gain for the fraudster. You could zero fraud by never trusting anyone in any circumstance.


Is it possible to have a system set up where there is no fraud whatsoever? Sure. You’re just likely to have a bunch of extremely angry customers, because you’ll have to set up systems where they have to verify that they are who they say they are every few seconds.

Logged in from the same device? I don’t care, you must sign in again. Transacting for a slightly larger amount than usual? I don’t care, you must verify yourself three different ways. Reset your password every three days, and if you don’t comply, we won’t let you in.

Turns out you can live in a zero-fraud world within your organization. It’s just that nobody will want to buy anything from you:

Clearly, e-commerce would cease if, prior to buying a pair of sneakers online, you required someone to go to that degree of effort. You’d almost never lose a pair of sneakers to a fraudster again, but you’d also sell very few sneakers.


And so, much like vaccines and the human body, organizations often voluntarily accept some fraud. Why? Because of what we spoke about above – eliminating all fraud risks throwing the baby out with the bathwater. That is, yes, you could eliminate all fraud, but you would also, in the process, end up turning away all of your genuine customers as well. Or, if you prefer it to be put in our language, the opportunity cost of zero fraud is zero customers.

Which then begs the question – how much fraud is acceptable? Well, that would depend on the volume of transactions, and on your margins. High margin, high volume business? Fraud isn’t your first problem. Low margin, low volume business? Fraud probably makes it into your top three list of problems.

Between these two there exists a spectrum of fraud regimes, and this is broadly a good thing. Society gets to make choices, and here it is choosing through the activities of private agents. It is optimizing for how many resources to let leak to bad actors and much societal effort to burn on policing them versus how much low-friction commerce to enable by good actors. This is often missed in discussions of fraud; one reason it has increased over the past few decades is that legitimate commerce has exploded, as the world becomes richer and as barriers to commerce have come down.


It also depends on the level of trust in the society in which you operate – but that, also, is a whole other story.

My thanks to Navin Kabra for sharing Patrick McKenzie’s article, on which this post is based. Please, do read the whole thing.