PayPal was founded in December 1998 by recent college grad Max Levchin and hedge fund manager Peter Thiel. The company went through several ideas, including cryptography software and a service for transmitting money via PDAs, before finding its niche as a web-based payment system. That service became wildly popular for online vendors, especially
eBay sellers, who preferred it to traditional payment methods. PayPal went public in early 2002 and was acquired later that year by eBay for $1.5 billion.
PayPal was started during the Internet Bubble, but it was in no sense a Bubble startup. Its success was a direct reflection of the intelligence of the people who built it. PayPal won because they built a better mousetrap.
With any new method of moving money comes new forms of fraud. In large part, PayPal succeeded because it could deal with fraud—and its competitors couldn’t. The software that Levchin and his team developed to combat fraud runs quietly and invisibly. To this day, PayPal doesn’t talk much about it. But Levchin’s software was just as much the reason for PayPal’s success as a more visible product like the Apple II was for Apple.
Livingston: Tell me a little about how PayPal got started.
Levchin: The company was really not founded to do payments at all. My focus in college was security. I wanted to do crypto and stuff like that. I had already founded three different companies during college and the year after, which I spent in Champaign-Urbana, where I went to school. Then, in favor of not doing graduate school, I decided to move out to Silicon Valley and try to start another company.
So I was hanging around Silicon Valley in the summer of ’98 and was not really sure what I was going to do with my life. I was living in Palo Alto, squatting on the floor of a friend. I went to see this random lecture at Stanford—given by a guy named Peter, who I had heard about, but never met before. The lecture turned out to have only six people in it. It was in the heat of the summer, so nobody showed up. This guy was like, “There are only six of you, OK.” Afterwards I walked up to talk to him. He was this really intense guy, and he said, “We should get breakfast sometime.” So we met up the next week.
I had two different ideas that I was considering starting companies around, and I pitched him on both evenly. Peter was running a hedge fund at the time. For a few weeks we kept talking, and eventually he said, “Take this idea, because this one is better, and you go start a company around it, and then I can have my hedge fund invest a little bit of money in it”—like a couple hundred thousand dollars. That was a good thing, since I was starting to run out of money.
I had just moved from Champaign; most of my contacts and friends were in Chicago. One of them I was trying to convince to be the CEO. He wasn’t really available, so I wound up being without a CEO. I called Peter and said, “This investment is a great thing, but I have no one to run the company. I’m just going to write the code and recruit the coders.” And he said, “Maybe I could be your CEO.” So I said, “That’s a really good idea.” The next 2 weeks we were sort of playing with the idea, and by 1/1/99 we agreed that he would be the CEO and I
would be the CTO.
Livingston: How did you have the idea?
Levchin: The initial idea was actually very different. At the time, I was really into developing software for handheld devices, which is sort of an art and a science unto its own. And I was really into security. This idea that I had in college, which I was vaguely successful with—if you’ve ever seen these authentication devices, like a little card that spits out numbers at you that you can log in with. It’s like a one-time password generator, like S/Key, Digital Pathways, and CRYPTOCard. Most of the algorithms are variations on the standard called
X9.9, which is a public standard. The algorithms don’t really use it correctly. In college one day I had bought all the different kinds of cards. Each costs like $50 or $100, so it’s not that expensive. They weren’t that difficult to reverseengineer because you already know the standard, so you know it can’t be too far outside the standard. I reverse-engineered most of them except for one which was very proprietary. I decided not to touch that one since I was too poor to handle a lawsuit.
Once I got them all reverse-engineered, I wrote an emulator for every single type of them for a Palm Pilot. I had a lot of friends on campus who were really into security as well—most of them were sys admins—and they carried a whole bunch of these things in their pockets, because most of the time you can only use one per computer, per system. If you adminned a lab with ten servers, you’d have a stack of these things in your pocket, and that adds up. They are heavy, and they need batteries. I basically emulated the whole thing on a Palm
Pilot so my friends were able to throw out their stupid devices and use my thing.
I posted it on the Web, which was young and silly then, and I got hundreds and then thousands of downloads, and people were offering me money to get more features in. So I thought, “This seems to be a business.” At the time, I was just keen on getting any sort of business off the ground. So, when I moved to the Valley, I basically pitched Peter on the following concept. There’s clearly demand for moving these cryptographic operations that are poorly understood. Even though it’s not rocket science to reverse-engineer this stuff, no one else had done it before me, so there’s some complexity involved.
The real difficult thing actually was getting an implementation of a cryptographic algorithm on a Palm Pilot, because Palm Pilots are very low power, and, back then, they were really low power—like a 16 MHz processor. So, to do an encryption of a public key operation on a Palm Pilot was really expensive. There is some art involved in how you speed it up—both from the user interface perspective and the math perspective. In math, you have to see how much you can squeeze out of it, and in the user interface, you have to make it feel like it’s not
taking that long, even though it really is taking like 2 seconds, which is a really long time.
On these handheld devices, the cards that you get, you type in the password and it’s done. I was able to get it to the point where it was instantaneous on a Palm Pilot. These things are all sort of child’s play at this point, but at the time they were very important. Anyway, I wanted to start a company that would take this scarce skill of implementing crypto on handheld devices and then packaging it into libraries and products. The assumption was that the enterprises are going to all go to handheld devices really soon as the primary means of communication. Every corporate dog in America will hang around with a Palm Pilot or
some kind of a device. What I wanted to do was capitalize on that emergence of technology. And then, of course, enterprise requires security; security requires these scarce skills; I have the skills; start a company.
So that’s what Peter funded. By the time he joined, we had realized that, even though the theory was pretty much logical, the move of the enterprise to handheld devices was actually not forthcoming. Kind of like the early Christians in the first century were all really hard at work waiting for the second coming. Still waiting. So it felt like the early Christians. “Any minute now, there’ll be millions of people begging for security on their handheld devices.” It just wasn’t happening. We were correct to change our strategy, since it still hasn’t happened.
Livingston: Tell me about how you adapted the strategy.
Levchin: Initially, I wanted to do crypto libraries, since I was a freshly minted academic. “I won’t even need to figure out how to do this commercialization part. I’m just going to build libraries, sell it to somebody who is going to build software, and I can just sit there and make a penny per copy and get marvelously rich very quickly.” But no one was making the software because there was no demand. So we said, “We’ll make the software.” We went to enterprises and told them we were going to do this and got some positive reception, but
then the thing happened again where no one really wants the stuff. It’s really cool, it’s mathematically complex, it’s very secure, but no one really needed it.
By then we had built all this tech that was complicated and difficult to understand and replicate, so we thought, “We have all these libraries that allow you to secure anything on handheld devices. What can we secure? Maybe we can secure some consumer stuff. So enterprises will go away, and we’ll go to consumers. We’ll build the wallet application—something that can store all of your private data on your handheld device. So your credit card information, this and that.” And we did, and it was very simple because we already had all the crypto stuff figured out. But, of course, there was no incentive to have a wallet with all these digital items that you couldn’t apply anywhere. “What’s my credit card number?” Pull out your wallet and look, or pull out your handheld wallet and look? So that was really not going to happen either.
Then we started experimenting with the question: “What can we store inside the Palm Pilot that is actually meaningful?” So the next iteration was that we’d store things that were of value and you wouldn’t store in other ways. For example, storing passwords in your wallet is a really bad idea. If you store them in your Palm Pilot, you can secure it further with a secondary passphrase that protects it. So we did that, and it was getting a little bit of attention, but it was still very amateur.
Then finally we hit on this idea of, “Why don’t we just store money in the handheld devices?” The next iteration was this thing that would do cryptographically secure IOU notes. I would say, “I owe you $10,” and put in my passphrase. It wasn’t really packaged at the user interface level as an IOU, but that’s what it effectively was. Then I could beam it to you, using the infrared on a Palm Pilot, which at this point is very quaint and silly since, clearly, what would you rather do, take out $5 and give someone their lunch share, or pull out two Palm Pilots and geek out at the table? But that actually is what moved the needle, because it was so weird and so innovative. The geek crowd was like, “Wow. This is the future. We want to go to the future. Take us there.” So we got all this attention and were able to raise funding on that story.
Then we had the famous Buck’s beaming—at Buck’s restaurant in Woodside, which is sort of the home away from home for many VCs. Our first round of financing was actually transferred to us via Palm Pilot. Our VCs showed up with a $4.5 million preloaded Palm Pilot, and they beamed it to us.
The product wasn’t really finished, and about a week before the beaming at Buck’s I realized that we weren’t going to be able to do it, because the code wasn’t done. Obviously it was really simple to mock it up—to sort of go, “Beep! Money is received.” But I was so disgusted with the idea. We have this security company; how could I possibly use a mock-up for something worth $4.5 million? What if it crashes? What if it shows something? I’ll have to go and commit ritual suicide to avoid any sort of embarrassment. So instead of just getting the
mock-up done and getting reasonable rest, my two coders and I coded nonstop for 5 days. I think some people slept; I know I didn’t sleep at all. It was just this insane marathon where we were like, “We have to get this thing working.” It actually wound up working perfectly. The beaming was at 10:00 a.m.; we were done at 9:00 a.m.
It was one of these things where you can’t just be done. With crypto, if you are one bit off, nothing’s going to work. We started testing at midnight the night before and fixed all the bugs and tested more. There were definitely some memory leaks, but it was secure. It was one of these things where the software wasn’t perfect, but the security path where the money changed hands was definitely provably secure. The danger was that the Palm Pilots might crash, but the transaction was perfectly safe. I could have bet my own life on the transaction. The thing that was not safe was just the software was not really perfect. It
was clunky; I was worried that it might crash.
So we had stacks and stacks of Palm Pilots preloaded with the same software. Obviously, money could only reside in one of them, but the plan was that, if I see that any one of them is crashing, I’m going to make a fresh pair, because we needed two Palm Pilots, one for the receiving and one for the sending. I was fully prepared. They were marked, “Sender A, Sender B, Sender C, Receiver A, Receiver B, Receiver C.” So I had this stack of Palm Pilots, I hopped in a car, drove to Buck’s, and it was like 9:50 a.m. Peter was getting very anxious about the whole thing. That’s where everything becomes very blurry, because I was so
tired by then.
There were about a dozen TV cameras and journalists—there was really big coverage. We did the beaming, and some group showed up late and said, “Well, can you do it again?” I said, “No, I just slaved away for 5 days straight—for 5 months straight. The whole point of the security is that you can’t replicate the transaction. Once it’s done, the money has changed hands.” So these guys actually made Peter pretend like it was going to happen and turned away the screen—because the screen was actually saying, “Security breach! Don’t try to
resend the same money again.” Which was a triumph for me, but a pain in the ass for the camera.
As I was getting interviewed by the Wall Street Journal, or some big pub guy, all I remember was that he went off to the bathroom for a second, and they brought out my omelet. The next thing I remember, I woke up, and I was on the side of my own omelet, and there was no one at Buck’s. Everyone was gone. They just let me sleep.
Livingston: How many users did you have for the website when you killed the
handheld product?
Levchin: I think we must have been 1.2 . . . 1.5 million users. It was an emotional
but completely obvious business decision.
Livingston: When did you first notice fraudulent behavior?
Levchin: From day one. It was pretty funny because we met with all these people in the banking and credit card processing industry, and they said, “Fraud is going to eat you for lunch.” We said, “What fraud?” They said, “You’ll see, you’ll see.” I actually had an advisor or two from the financial industry, and they said, “Get ready for chargebacks. You need to have some processing in place.” We said, “Uh huh.” They said, “You don’t know what a chargeback is, do you?”
Livingston: So you didn’t foresee this fraud?
Levchin: I had no idea what was going to happen.
Livingston: But you weren’t too surprised?
Levchin:We tried to attack the system for ourselves, like a good security person would. How can you cheat and steal money and do whatever? We made some provisions from day one to prevent fraud. We prevented all the obvious fraud, and then, I think 6 months into it, we saw the first chargeback and were like, “Ah, one per week. OK.” Then it was like an avalanche of losses; 2000 was basically the year of fraud, where we were just losing more and more and more money every month. At one point we were losing over $10 million per month in
fraud. It was crazy.
That was when I decided that that was going to be my next challenge. I started researching it, figuring out what could be done and attacking the problem.
Livingston: So you made a conscious decision to attack this problem?
Levchin: It was actually sort of a side effect. We had this merger with a company called X.com. It was a bit of a tough merger because the companies were really competitive—we were two large competitors in the same market. For a while, Peter took some time off. The guy who ran X.com became the CEO, and I remained the CTO. He was really into Windows, and I was really into Unix. So there was this bad blood for a while between the engineering teams. He was convinced that Windows was where it’s at and that we have to switch to
Windows, but the platform that we used was, I thought, built really well and I wanted to keep it. I wanted to stay on Unix.
By summer 2000, it seemed like the Windows thing was going to happen because Peter was gone. He took a sabbatical to make sure there were no clashes between the CEOs. So, this other guy was pushing me toward accepting that Windows was going to be the platform. I said, “Well, if this is really going to happen, I’m not going to be able to provide much value, because I don’t really know anything about Windows. I went to a school that was all Unix all the time, and I spent all my life coding for Unix.”
I had this intern that I hired before the merger, and we thought, “We built all these cool Unix projects, but it’s kind of pointless now because they are going to scrap the platform. We might as well do something else.” So he and I decided we were going to find ourselves fun projects. We did one kind of mean project where we built a load tester package that would beat up on the Windows prototype (the next version was going to be in Windows). We built a load tester that would test against the Unix platform and the new Windows one and show in
beautiful graphs that the Windows version had 1 percent of the scalability of the Unix one. “Do you really want to do that?”
It was me acting out, but it was kind of a low time for me because I was not happy with the way we were going. Part of having a CEO is that you can respectfully disagree, but you can resign if you don’t like it that much. But then eventually I became interested in the economics of PayPal and trying to see what’s going on in the back end, because I was getting distracted from code and technology. I realized that we were losing a lot more money in
fraud than I thought we were. It was still early 2001. If you looked at the actual loss rates, they were fairly low. You could see that we were losing money, but, given the growth of the system and the growth of the fraud, fraud was not that big of a problem. It was less than 1 percent—it was really low. But then, if you looked at the rate of growth of fraud, you could see that, if you don’t stop it, it would become 5 percent, 10 percent of the system, which would have been prohibitive.
So I started freaking out over it, and this intern and I wrote all sorts of packages— very statistical stuff—to analyze “How did it happen; how do we lose money?” By the end of the summer, we thought, “The world is going to end any minute now.” It was obvious that we were really losing tons of money. By midsummer, it was already on a $10 million range per month and just very scary.
Livingston: Did the rest of the company know you were right?
Levchin: Through the summer, I think various people were slowly coming to understand that this thing was really serious. It was pretty obvious at a certain point. I didn’t have to really convince anyone. In the beginning some people said, “Yes, it’s a lot of money, but we’re really growing, too. As an absolute amount, $5 million is a lot of losses, but, if you are processing $300 million, whatever.”
There was actually a bit of an altercation at the very top management level, which caused the CEO to leave. Peter came back as the CEO. The first decision that he and I took was that my new job—in addition to technology—was going to be this fraud thing, because I already spent so much time looking at it. This guy Bob, the intern, and I—I convinced him to drop out of Stanford for a year and work with me more on it—for the next year, we just worked nonstop on trying to understand and fix these problems.
Livingston: So the CEO left and Peter came back?
Levchin: The three of us are pretty good friends now. At the time, already I had hated the guy’s guts for forcing me to do Windows, and then, in the end, I was like, “You gotta go, man.” My whole argument to him was, “We can’t switch to Windows now. This fraud thing is most important to the company. You can’t allow any additional changes. It’s one of these things where you want to change one big thing at a time, and the fraud is a pretty big thing. So introducing a new platform or doing anything major—you just don’t want to do it right now.” That was sort of the trigger for a fairly substantial conflict that resulted in him leaving
and Peter coming back and me taking over fraud.
Livingston: When was the first time that you said, “This is working”?
Levchin: Bob and I built this package called IGOR. We had all these different things that were all named after various Russian names—and they had to be four characters long and start with an I. It was sort of a random requirement that I came up with. We had IGOR, INGA, IVAN—at least two more. So we built this tool—actually we have a patent on it now—and it was very impressive. It’s based on the assumption of all sorts of convoluted guesses on our part, but the guesses turn out to be mostly right. We actually had these human investigators, like 20 to 30 human investigators, that would try to unravel particularly large fraud cases and see if we could recover some money or send the Feds after somebody. We didn’t really have much success sending people after criminals. All they’d try to do is see where the money went and see if we could recover some of it before it left the system. That was pretty difficult to do because the tools we had available to us at the time allowed you to look at only a couple of accounts at the same time. If you had a well-coordinated fraud, with thousands of accounts or hundreds of thousands of accounts involved, you basically didn’t know how to follow it. I remember walking into the cubicle of one of the investigators, and he had volumes and volumes of printouts. I asked what it all was, and he said, “I’m racing some money.” I said, “How many cases is this?” And he said, “This is just one case.” I said, “How much money are we talking about?” He said, “It’s like $80,000 worth of losses.” “Well, that’s a lot of money, but it’s taken you clearly at least a week to print this stuff out.”
We realized that the way we were attacking these things was just fundamentally flawed. So Bob and I built this system that was part visualization package, part graph balancing tool, that would try to represent large-scale travels of money in the system in a visual form. Taking that as a base, we built all these different tools that would allow computers to predict where particularly expensive losses would be and then represent the networks of losses to the investigators in such a way that they could very quickly make a decision whether or not
to pursue a particular case.
Once we had that, I sort of had this tearful moment with one of the investigators where she was just crying in happiness—“You don’t even understand what you did, Max”—when we showed it to them. They were really overworked. Once that happened, there was this huge reduction. It wasn’t like 80 percent or anything. But, all this time, we had all these different ideas and we’d bring the fraud down one-tenth of a percent or one-fifth of a percent, but it was really not noticeable. Then, one day, we brought the fraud down with that tool,
a lot. So we’re clearly getting better at this.
Then a woman named Sarah Imbach went into a sort of self-initiated exile. She moved to Omaha and first became the manager of the fraud group and then eventually became the manager of the whole center. When the fraud group operations moved to Omaha, that made it a lot cheaper for us to run. She was working on the human management part—all the investigators—and I would be supplying her with software. Between those things, we got fraud pretty well under control in about a year.
Livingston: So the fraud solution was a combination of humans and software?
Levchin: Depending on who you ask. I think Sarah feels that it’s probably more humans and the coders think it’s more technology. It’s one of those things where, in the end, fraud is so nondeterministic that you need a human or a quantum computer to look at it and sort of make a final decision, because, in the end, it’s people’s money. You don’t really want some computer saying, “$2.00 for you, nothing for you.” You need a human with a brain to say, “Hmm. This looks like fraud, but I really don’t think it is.” Then there are various processes and exception handling where you say, “Even though it’s fraud, you don’t handle it because . . .” We got really good at it later on. Initially, we sorted things by loss, but then we started sorting things by expected loss. We’d estimate the probability of losses programmatically, and then we’d get the amount of money in question calculated, figure out the expected loss, and then sort the cases for the investigators by expected loss. The investigators would only have to deal with the top 5 percent. You’d never go through the entire queue of things for them to judge, but, because they judge things pretty quickly, they would go through half the queue, and they would inevitably start with the ones we thought were the highest possible
loss. So, the highest probable, the highest possible. That was one of the techniques that we used to guide development.
Livingston: Were any of your competitors doing anything similar?
Levchin: We kept the stuff under wraps for a very long time. We never really showed IGOR to anyone. We never talked about it in the press. I was definitely very paranoid. Initially, when we built it, we had a conference room where there was the IGOR terminal, and people would go in there, use it, and leave. There were no other copies available. Eventually, various federal and state authorities wanted to use it too, because they started to see that we were getting pretty good at this stuff. We would invite them in, and they would have to go into the room and use it and leave. They couldn’t take it with them, couldn’t print.
Livingston: Did you patent this technique?
Levchin: I didn’t really want to patent it because, for one, I don’t like software patents, and, two, if you patent it, you make it public. Even if you don’t know someone’s infringing, they will still be getting the benefit. Instead, we just chose to keep it a trade secret and not show it to anyone. After a while, IGOR became well known to the company, like all the other tools that we had built early on. We had patented some of it, and some of it we said, “OK, it’s open for wide use now.” There’s still a whole bunch of tools that they are using today that are not public. They don’t talk about it much at all, and I think that’s a good thing.
Livingston: So is PayPal in a sense a security company?
Levchin: I think a good way to describe PayPal is: a security company pretending to be a financial services company. What PayPal does is judge the risk of a transaction and then occasionally actually take the risk on. You don’t really know the money’s good; you just sort of assess the riskiness of both parties, and you say, “I’ll be the intermediary with the understanding that, on occasion, PayPal will be on the hook for at least part of the loss if the loss occurs.” Which is very tricky; it’s a hard position to be in.
So the company’s core expertise, by definition, has to be in this ability to judge risk—to be able to say, “Is this the kind of transaction I really want to take on or is this something I should steer away from because you people look like thieves?” I think that’s the security part. I mean, security not in any sort of a sense of anti-hacking defensive, but just security in a broader sense: risk assessment, figuring out what’s the sane thing to do, what’s unsafe, what’s safe. Everything else that PayPal has built is sort of a commodity. The reason we had
so many competitors in 2000 was because it looks really simple on the outside: you sign up, give us some credit card numbers, let’s trade some money, done.
Livingston: What did you do that your competitors couldn’t?
Levchin: The really complicated part is figuring out the risk. The financial industry people understood the risk, but they weren’t willing to do the sort of stuff we did, where they would basically say, “Bad guys over here. Let’s get all the bad guys out.”
There are tools to just say, “Give me your social security number, give me your address and your mother’s maiden name, and we send you a physical piece of paper and you sign it and send it back to us.” By the time that’s all accomplished, you are a very safe user. But by then you are also not a user, because for every step you have to take, the dropoff rate is probably 30 percent. If you take ten steps, and each time you lose one-third of the users, you’ll have no users by the time you’re done with the fourth step.
The point is, the startups didn’t realize there was this risk. We didn’t really realize there was this risk component either when we started. But we were just lucky enough . . . Maybe I should be thankful for that happy year of boredom when I was expecting Windows and digging into stuff, figuring out what fraud was all about. But one way or the other—whatever caused that—we were smart enough to realize that fraud was a huge issue very quickly, and then were successful enough combating it while the startup competitors of ours did not and
got buried very quickly. I remember all these companies announcing that they were going out of business and they expected PayPal to go out of business soon too, because the fraud numbers were so staggering that they could not see anyone handling this sort of thing.
There was one company—I think it was eMoneyMail—that shut down the company at a conference basically saying that the Internet is not a safe place to conduct transactions. They had 25 percent fraud. So for every $4.00 changing hands in the system, $1.00 was stolen. And it was all coming out of their pocket. They said, “We lost a ton of money,” and they just quit. Then, people like Citibank and other large financial institutions that also
competed with us that understood the fraud thing very well—they knew from many years of practice that this was going to become a big problem—didn’t really approach it with the same happy abandon that we did. We started with this, “Fraud is going to kill us. What can we do to save ourselves?” They started from, “We have no fraud. How can we build this and not let any more fraud in?” Which is the wrong position to start because you are limiting your users, and new users learning about a new system really don’t want to be restricted.
Livingston: Why do you think they thought that way?
Levchin: I think there’s a very strong power of default where, to them, certain behavior to solve a particular problem is well understood. There are people that make careers out of risk management in big banks. They know that what you do is this and you don’t do that.
The other part, I think, is that a lot of them are public companies. We didn’t go public until we had the fraud thing figured out. Somebody like Citibank or anyone with a substantial public visibility announcing that they are suddenly bleeding out $10 million a month in fraud would send serious shocks through the investor base. But I think, even if they did that, it’s likely they wouldn’t have been successful because—we had talked to a lot of them both as a potential acquirer and as partnership potential—none of them had actually ever gone to
the sort of stuff that we did for our anti-fraud work.
The default of how you do these things is very powerful, if you’ve been in the industry for a long time. So we were sort of beneficiaries of our naïveté. We thought, “We don’t know how to do this; let’s just invent it.”
Livingston: What else worried you?
Levchin: There was always something, every day. I could not sleep well for 4 years. If you are in charge of technology at a really fast-growing company that gets lots of publicity, there’s always something that worries you. In early 2000, it was scalability. We had a few days when the site was down. Even though we were adding servers and rewriting code to be more scalable, at a certain point the original design was starting to crack. It was kind of painful.
Peter was pretty good at insulating me. He’d be talking to the reporters saying, “We’re growing so fast.” eBay lost, I think, 20 percent of their market cap one time—they had this downtime, when the system went down because of scalability concerns a few years before and so the reporters were asking, “Is this like eBay? Are you guys going to be down for a week?” So it was really tense.
Livingston: What were some of the more intense moments?
Levchin: One of the more intense moments was when Peter and our PR guy were flabbergasted with this reporter who demanded to talk to someone technical, because he wanted to hear from the horse’s mouth what’s going to happen. I was on the phone with the guy, and he asked, “Is this just like eBay? Are you guys going to crash? Are you not going to be able to scale?” I said, “Dude, I haven’t slept for 3 days trying to fix the problem.” Of course he said, “I’m going to quote you on that.” Peter was worried. It’s one of those things where you have to fly by the seat of your pants all the time. It would be nice to test some hardware and set up a big lab: “We have x systems now; let’s 2x the systems and get twice the amount of hardware and see if it can scale.” But, it doesn’t work that way because, by the time you are done testing 2x, the real system is 3x because the growth is so fast. We were getting 20,000 new active users every day. The transactional growth is exponential
because people are sticking around. It’s not like people came in, did one thing, and left. They came in, did one thing, and stayed. And they kept doing more.
Livingston: Was the growth viral?
Levchin:We built the system to be viral from day one. The idea was: I can send you the money, even if you aren’t a member. If I send you $10, you get an email saying, “You have $10 waiting for you. Sign up, and you can take it.” That’s the most powerful viral driver there is. Free money available to you. For eBay buyers and sellers, it became this crazy loop where buyers would be like, “I want to pay you with PayPal,” and sellers would be like, “I don’t
accept PayPal.” And buyers would say, “That’s OK. I’ll just send you $10, and you can sign up.” So the seller would get infected, and the seller would say, “Oh, this is really simple, so I only accept PayPal.”
Livingston: Any other turning points?
Levchin: Peter and I like to reflect on the fact that we got lucky so many times. Pick any one episode in the company history, and we got lucky and lucky and lucky again. I think it’s luck in the sense that we could have collapsed under this particular one, and we didn’t. Mostly we didn’t because we did something about it, and we corrected the problem or caught onto it early enough. But I think the fact that we caught the signs early enough in part is a luck thing because we could have just missed it, or we could have been too tired or too bored.
Livingston: Was there ever a time when you wanted to quit?
Levchin: The Windows thing was the closest I ever came to contemplating being out, but I probably wouldn’t have done it anyway. I was still really attached to the company.
Livingston: What was one of the most surprising things to you?
Levchin: It was all surprising. Nonstop learning of things that I didn’t really know before.
The most surprising thing was how big it became. I never thought it was going to be that big. I think I told Peter, “If we ever get to be 25 people, I’ll probably quit because I like small companies. Is that OK?” The next time we talked about it, we already had 75 people, so I sort of missed my window. He said, “Why don’t you stick around till 100, and we’ll see what happens?” Next time we talked, we had 1,000 people.
Livingston: What advice would you give to a young programmer who’s thinking of starting a startup?
Levchin: Try to have a good cofounder. I think it’s all about people, and, if you are doing it completely alone, it’s really hard. It’s not impossible, in particular if you are a loner and introverted type, but it’s still really hard. One of the ways PayPal changed me is that I used to be really introverted, and I sort of still am, but not anywhere near to the extent that I used to be. A big part of it was that I had run a company before PayPal, alone, and I thought
it was fine. I could deal with it. But, you only can count on energy sources and support sources from yourself. There’s really no one else who you can go to and say, “Hey, this thing is going to fall apart any minute now. What the hell are we going to do?” The thing that kept us going in the early days was the fact that Peter and I always knew that both of us would not be in a funk together. When I was like, “This fraud thing is going to kill us,” Peter said, “No, I’ve seen the numbers. You are doing fine. Just keep at it. You’ll get it.” On the flip side, when Peter would be annoyed by some investors or board dynamics or whatever, I was usually there trying to support him. That sort of sounds touchy-feely, but I think
you have to really have good people. If you have a good team, you are halfway there. Even more importantly, perhaps, you have to have a really strong cofounder. Someone you can rely on in a very fundamental way.
Livingston: Did you feel that way about Peter when you started?
Levchin: We hit it off really quickly. I have this IQ bias—anybody really smart, I will figure out a way to deal with. It was very positive. Both of us are really competitive and really—not mistrusting, but not willing to assume that the other guy knows what he’s talking about. When we met, we sort of hung out socially, and then one night we had this showdown where we sat around in this café for like 8 hours and traded puzzles to see who could solve puzzles faster—just this nonstop mental beating on each other. I think after that we realized that we each couldn’t be total idiots since we could solve puzzles pretty quickly. We would constantly try to come up with ones that the other person wouldn’t be able to solve. I’m really into puzzles. I’m not a very quick solver, so I tend to take a long time. Not always, but on occasion, I will take a lot longer than an average time to solve it, but I almost always will succeed. I think in a big way, the reason for PayPal’s success is that I got very lucky
with Peter as a cofounder, and I’d like to think he got pretty lucky with me.
Livingston: Who did you learn things from?
Levchin: There are different segments to running a startup. Different people taught me different things. A lot of the top management people at PayPal were really good. It was very fun and meaningful to work with them and pick up their various interests and skills. I never really paid much attention in college in econ, and I never really took any accounting classes. One night I came over to our CFO’s office, and I said, “I really don’t understand a lot of the balance sheet math and all this stuff. I’m pretty good at math, so I should be able to get it, but I just don’t understand the language, so teach me accounting.” We had this crazy multihour session where he was explaining accounting to me. I learned debits and credits and why certain things are called what they are; liabilities versus assets and capital. Until
then, I had no idea. It was maybe a year into the company, and I thought, “I really should understand this balance sheet stuff. It’s kind of an art.” I had never really raised money before, so when Peter was raising money, I was tagging along as much as I could, trying to pick that up.
Livingston: Did you have a good relationship with your investors?
Levchin: It’s one of these things where, if you look back now, when everyone walked away with a ton of money, everyone loves everyone. We had this great time, etc. It’s generally more complicated than that where, when the company is doing well, they’re happy and they think they’re great. The company’s not doing well; they’ve overpaid and they’ve been too nice. It’s half and half. I think I was blissfully spared a lot of it because Peter managed the board much more than I did. I was on the board all through my tenure there, but a lot of the more unpleasant conversations were handled by Peter. I got involved more as the fraud thing grew. For a long time, it was one of these things where—I was really much younger than now—my whole “brand” both to the investors and to our board members was this crazy Russian boy-genius who comes out and sprinkles magic dust on technology and things just work. So for a long time I got away with, “Don’t ask how it works. Max will solve it.” It worked OK until the scalability problems hit us, and then I had to be much more vocal and explain to the board, “Here’s what’s going on. Here’s what I’m doing about it. It will be OK. Just chill out.” Then, when the fraud thing became my primary concern, obviously I had to get involved much more because it had to do with things they dealt with on a daily basis: money. So I had to prepare much more thoroughly. The whole boy-genius thing had to be discarded
for the much more serious attitude and language.
Livingston: Looking back, is there anything you would have done differently?
Levchin: No.
Livingston: You didn’t make any mistakes?
Levchin: There are all sorts of tactical decisions that we made here and there that played out to be wrong, but it’s not like I could have predicted it. It’s not one of these things that I’m now smarter and therefore I could have done it even better. I think, given the information available at the time, I would have likely chosen the same outcome. There are some business decisions that I think we made incorrectly, where we partnered with some companies, but generally in financial industries, partnerships are not . . . we got screwed and had to back out, but, in retrospect, these are not major.
I think we hired the absolute best people, we were able to do things pretty well on average, and we had lots of fun.
Livingston: Did things change a lot after PayPal was acquired?
Levchin: I think the acquirers tend to be more—it pays to be different from the founders; otherwise, you still have this clinging-on of the original culture. It’s very sad that, when you buy a company, you have to sort of squash a lot of the original stuff, but if you don’t, you foster this festering of distrust and dislike. So you just have to get through the unpleasant bits as fast as you can and go on doing business. Which doesn’t make it any easier for the early people or the founders, but I don’t know any other format in which you can acquire companies. You could let them be on their own, but then you aren’t really getting any
of the benefits. Usually, when you acquire companies, you sort of calculate these synergies,
which is this nebulous number: if we take you and we take me and we combine it, we can get rid of this much stuff and this many people. It’s really painful to hear about it, but that’s why people buy companies. eBay bought us because, for a while, they had their own floundering payment service. They had 65 people that were doing this thing called Billpoint that was an also-ran in the payment space. They did particularly poorly. Even though they were bought by eBay and they were the eBay solution, they still got completely smashed by us. The ultimate justice was carried out when they bought us and they announced to those people that they were going to be let go. It’s really painful. I wouldn’t want to be on their side at all. Finding out that you’re being told to pack up and being replaced by these people that you’d fought all this time with. The mothership has capitulated, and they’re replacing us with the people we’ve been fighting against.
Livingston: What can big companies do to preserve a startup culture?
Levchin: I don’t know. Less PowerPoints. I think PayPal—even by the time we were acquired—still felt really startup in a variety of ways. But not as much as originally. People were definitely grumbling about how the startup culture was being lost, even internally. But then, when we got to eBay, which was three times the size, it was even less so. But, as you grow larger, you need more structure and coordination and meetings.
My theory is that you sort of subdivide, and you make smaller units and you give them a lot of power and responsibility. You let them make it or break it. But I have no practical knowledge as to whether this works or not.
Livingston: Was there anything that was misunderstood about what you were trying to do?
Levchin: No, because I think we didn’t know what we were doing. I think the hallmark of a really good entrepreneur is that you’re not really going to build one specific company. The goal—at least the way I think about entrepreneurship— is you realize one day that you can’t really work for anyone else. You have to start your own thing. It almost doesn’t matter what that thing is. We had six different business plan changes, and then the last one was PayPal.
If that one didn’t work out, if we still had the money and the people, obviously we would not have given up. We would have iterated on the business model and done something else. I don’t think there was ever any clarity as to who we were until we knew it was working. By then, we’d figured out our PR pitch and told everyone what we do and who we are. But between the founding and the actual PayPal, it was just this tug-of-war where it was like, “We’re trying this, this week.” Every week you go to investors and say, “We’re doing this,
exactly this. We’re really focused. We’re going to be huge.” The next week you’re like, “That was a lie.” One of the interesting moments was after we got funding from Nokia Ventures, the first VC firm that funded us. The beaming at Buck’s was still done under this, “We’re doing this handheld device thing and there’s some payment component, but it’s really handheld device, share your lunch bill with your Palm Pilot.” By the time we had our first board meeting a month later, we had already realized that that wasn’t going to work and that we had to do the web stuff much more prominently—and we had all these other ideas that we wanted to do, which we later on threw out. But we started the board meeting basically
saying, “Hi, John. Hi, Pete”—the new VC guys—“We changed our business plan.” And these guys were like, “What?” They just put down $4 million to see something happen, and we said, “Sorry, we’re not going to do that; we’re going to do this.” To their credit, they were like, “All right, you guys are smart. Let’s do it.” Usually VCs get freaked out by that, but these guys were like, “OK. You’re so crazy. Let’s go.”
Source: Founders at Work – Stories of Startups’ Early Days by Jessica Livingston
