On building a peer-rated credit system

2016-07-26 · 748 words

Two days after the previous exchange on business principles, Alyssa’s correspondent had come back with a specific startup idea: some kind of system in which users would publish personal financial information and the resulting peer consensus would be used to make credit decisions. Her reply walks through three obstacles she sees as more fundamental than the question of whether the matching algorithm itself works — anonymity, fakeability, and US lending regulation.


That sounds like a hard problem, but hard problems aren’t bad. Startups should seek out hard problems, since if a problem is worth billions of dollars, it has to be hard, or someone else would have solved it. But I think this might be approaching the difficulty of the problem from the wrong angle. Like, take dating sites as an example. When starting a dating site, most people think about the problem of how to match people with other people they’re interested in. And that certainly matters, but it’s not really where the focus should be. The fundamental obstacle that dating sites run into is that they’re Schelling points: no one wants to use them until everyone wants to use them. Even if the match-making algorithm is really good, the benefit to user #1 is always zero, and even the benefit to user #100 is probably pretty small. It’s like how history nerds think war is about weapons and battle strategies, and those do matter, but logistics is (although boring) much more important.

In this case, the big challenge seems like it will be publishing personal financial information in a way that’s a) anonymous, b) hard to fake, and c) compliant with relevant regulations. Being anonymous is important because judging creditworthiness involves lots of sensitive information — your salary and past salary, your employment history, how much debt you have, whether you’ve ever not paid your bills, whether and how much you borrowed money for college, whether you have past due medical expenses, and so on. To judge a person’s credit risk, people need to have this information, but very few people will want all of this to be on the public Internet forever. And doing anonymization properly is hard — any data set with more than 33 bits of information will uniquely identify you in theory, so you have to keep careful track of which combinations of information are possible to search for with current tools. Medical providers have struggled with this forever, since HIPAA requires data de-identification, and very often you get things like people with very rare diseases who can be identified from just their disease and their zip code.

Faking is a pretty obvious problem, and there (AFAIK) really isn’t anything on the Internet today that can’t be faked with a modicum of effort. Some services now connect to your Facebook account, and there you at least need to do some work to set up a plausible profile with plausible friends, but even that falls over pretty fast if you offer people thousands of dollars based on Facebook data. You can require people to provide passports, tax returns, pay stubs, and so on — which obviously conflicts with anonymity (and might create identity theft risk) — but even then, people will do crazy stuff if they can get thousands of dollars in anonymous crypto-currency. My Bitcoin company was pretty small, and I still got calls from various police departments about how the IDs customers gave me had been stolen.

And then there’s legal compliance. Lending itself is heavily regulated, of course, so much so that startups rarely deal with those regulations directly — they instead partner with existing financial institutions, and some now actually specialize in providing white-label services for other companies ( The Bancorp ). But even providing information that’s used for lending decisions is regulated. (If you’ve ever talked to a background check company, you might have noticed the fine print where they say that you can’t use any information from them to make credit decisions.) In the US, there’s a law called the Fair Credit Reporting Act that governs what credit information companies are and aren’t allowed to do. In addition, there are a number of categories (which vary by state) which you’re legally prohibited from discriminating on — things like race, gender, family status, etc., and there’s a huge list of other categories which can act as proxy variables for illegal categories. So, for example, if you use user consensus to make credit decisions for you, and which restaurants people like to eat at is visible in the data, and black people disproportionately visit certain kinds of restaurants, and some of your users have negative associations with black people (even unconsciously — you might have heard of Implicit Association Tests), and they therefore down-weight people who go to those restaurants, you are now legally liable for that, which isn’t a place you ever want to be.