Even as it contemplates past lessons, Citibank is following a strategy plotted by PayPal-which has already learned so well from past failures that rivals may find it difficult to catch up. Indeed, PayPal’s founders are adamant they wouldn’t have achieved their current position without learning from early failures in the digital-payments marketplace.The company was born in the fall of 1998, when Levchin, newly arrived in California, attended a lecture at Stanford University given by Thiel, then running his own hedge fund. The two got to talking afterwards and made a breakfast appointment for the following morning. By the end of that meal, Thiel had agreed to help find funding to develop and market Levchin’s software, which at the time scrambled transactions sent between mobile Internet devices.
As he took up the quest, however, Thiel immediately hit a solid stone wall of skepticism. Although funds were flowing freely to thousands of half-baked Web ploys at the time, the market the two men were eyeing was already littered with high-profile fiascos like CyberCash, DigiCash and First Virtual as well as dozens of lesser-known flops aimed at popularizing new brands of encrypted digital currency for online payments. “We met with a hundred different venture capitalists,” Thiel recalls. “A lot of people told us it was insane to be going into this space.”
As the company struggled to get off the ground, however, Levchin and Thiel delved deeply into the state of digital-cash technology in order to learn from the spate of calamities and bankruptcies in that market. “There are a half a dozen different theories about why DigiCash and all the others failed, and all the theories are valid,” says Thiel. “We tried to avoid making the same mistakes.”
The first mistake involved complexity. Most of the early digital-cash solutions required users to download hard-to-use software, known as digital wallets, that encoded money in an encrypted format; consumers simply refused to go to all that trouble just to pay for something. What’s more, merchants had to adopt a standard called Secure Electronic Transactions for deciphering encrypted payment codes; those systems typically required the purchase and installation of sophisticated workstations.
PayPal opted for the far simpler Secure Sockets Layer encryption method-built into most browsers and already used by many e-commerce companies-to scramble data sent by its customers. The system also relieves merchants from the obligation to protect their customers’ financial data; indeed, that data is never in their hands. PayPal sends no payments or payment codes by e-mail. Only notifications about transactions are transmitted over the Internet. When money is transferred between accounts, the debits and credits happen only on PayPal’s secure servers in California, which cannot be accessed over the Internet. “All the money lives and dies on our servers,” says Thiel. “We decided to force all the complexity of keeping transactions secure upon ourselves,” adds Levchin. “Consumers and merchants shouldn’t have that burden.”
Micropayments were another holy grail of some early digital-cash companies. Ill-fated ventures like First Virtual and Digital Equipment’s MilliCent aimed to create payment systems that could handle transactions under $5-even those of just a few pennies-potentially opening up vast new markets for selling news articles, songs and other low-priced information goods. Yet micropayments never caught on, possibly because users didn’t appreciate being nickel-and-dimed to death and possibly because there really isn’t much money to be made collecting change. “It reminds me of that Saturday Night Live skit,” Thiel says, about the First Citiwide Change Bank, which specialized in exchanging coins for dollar bills. The punch line was, “All the time our customers ask us, How do we make money doing this? The answer is simple: volume.”
Instead of promoting micropayments as a separate market, PayPal simply processes small charges like any other transaction. While the maximum is set at $10,000, PayPal will process payments as low as one cent. The company, of course, loses money on such tiny transactions, but Thiel says there haven’t been enough of those to cause a problem. “If it becomes a major expense,” he says, “we could change our policy very quickly.”
Another roadblock for early digital currencies was their lack of liquidity. DigiCash and more recent flops, like Flooz (a currency used for giving gift certificates that could be redeemed at certain Web sites), weren’t denominated in dollars but were more like poker chips in a casino. You couldn’t spend these strange new digital currencies universally, and that made people reluctant to accept them. “Money needs to be liquid,” says Thiel. “The most popular currency in the world is U.S. dollars.” PayPal has customers in 36 countries, and it charges higher rates for international money transfers. But to keep transactions on one simple level among all its members, there are no currency conversions. With PayPal, everything happens in U.S. dollars.
By far the biggest obstacle for any company trying to create a universal payment system is trust. Visa, MasterCard, American Express and Discover have spent billions of dollars building up trusted brands through advertising and marketing campaigns. PayPal has hardly spent anything. Instead, it issued a guarantee. It now ensures merchants that follow certain rules that it will reimburse them for any fraudulent transactions. The chief rule is that merchants must ship all merchandise to the account holder’s official address, with no items going to a buyer’s “office address,” for instance. Stealing a credit card number, insisting on a phony shipping address, walking away with the goods and sticking the merchant with the bill is one of the most popular swindles on the Internet. PayPal’s rule and guarantee may seem simple (though the company has drawn some heat for not extending the same protection to defrauded buyers), but mainstream credit card companies have been unwilling to take even those steps.
Fighting financial fraud in a world of interconnected data networks isn’t just a way to save some money; it is and must remain one of the core competencies of the world’s banking system. That’s why, possibly fearing PayPal really has developed technologies and tactics to combat con artists better than anyone else, especially in the tricky Internet commerce arena, the giants of the industry have organized themselves to fight back. In recent months, longtime rivals Citibank, Bank One and Wells Fargo banded together with some two dozen other companies to form Project Action, an alliance aimed at standardizing secure Internet payment transactions. In what could be the ultimate compliment, PayPal hasn’t been recruited to join.