About my frozen Google account

Well, at least I know what the problem was. It was China's fault! When I was living in Beijing early this year, I tried to reserve a domain name and pay for it using the Google Checkout system. Google's fraud-detection system flagged the transaction as likely fraudulent. It then canceled the deal and put a hold on my account.

This happened to me all the time in China. Maybe once a week my wife or I would find that our Visa or Master Card account had been frozen, because any online purchase we tried to make from a China-based Internet connection would trigger all the fraud detectors. Then we would spend 30 minutes on the phone, via Skype, getting the cards re-upped. We should have remembered always, always, to fire up the VPN before trying to buy something online -- so that the credit card company would think we were logging in from San Francisco or suburban Washington --  but sometimes we forgot. I hadn't tried to pay for anything else by Google's system until this week, so I didn't know until now that my account had been put on the watch list.

A product manager for Google's Checkout utility sent me the following explanation, and said I was free to quote it:

"I am the product manager responsible for fraud prevention on Google Checkout, and I want to follow up with you about the recent issues with your account.

"The issue with your Checkout account actually begun shortly after you placed the first order on January 28, 2009 for domain [XXX] which was cancelled because the IP address that was used for the order had a high rate of attempted fraud. [The IP address was our apartment building in Beijing.]

"Google's algorithms automatically review IP addresses when orders are placed on Checkout to catch attempted fraud with stolen credit cards.  Fraud is a pressing issue in the electronic payment industry, and merchants bear the financial risk associated with these transactions so Google (and most online merchants) collect additional signals to determine the risk of online orders. Where our algorithms see suspicious transactions, we will often ask for additional proof of identity.

"While Google employs an advanced fraud detection system, it does occasionally catch legitimate user orders, which was what happened in your case. An error can occasionally arise when people share the same IP addresss on WiFi or VPN networks.  For more info about Checkout fraud detection, take a look at the Checkout Security Center and our recent blog post."

Tomorrow some time, an elaboration on the security/usability trade-off in online commerce, which has surprising similarities to the comparable trade-off in air travel. The same Google official who sent the note above re-instated my account long enough for me to enter new credit card info and re-up my bona fides. Responding one-by-one to people who complain in public is obviously not a solution that "scales." But if I hadn't complained in public, I would simply never have used Google Checkout again: I am not about to send a scan of my passport or driver's license to some random email address, which is the only option offered for "verification." More on what this means anon.