The Birth of Alipay: Building a Bridge of Trust on the Edge of Compliance

At 11:30 PM, on Taobao's chat window (AliWangWang), two messages, typed at almost the same time, stood like two walls, bringing a pending transaction to a screeching halt.

A buyer in Wuhan asked: "I'm afraid to pay, in case you don't ship the item." At nearly the same moment, a seller far away in Wenzhou replied: "I'm afraid to ship, in case you don't confirm the receipt."

On both ends of the screen, there was silence. This silence was happening thousands of times every night on the nascent platform, like countless tiny blood clots blocking the arteries of commerce.

If you had to make two complete strangers, separated by a network cable, complete a transaction, but one was afraid to pay and the other was afraid to ship, what would you do?

---

What you'll learn from Jack Ma's story:

• Make the biggest psychological barrier your first battlefield: First, use the "dumbest" method to eliminate the user's fear of "daring not to pay."
• From manual escrow to a systemized product: First, validate the effectiveness of a solution with a minimal manual loop, then gradually productize and scale it.
• Run on the edge of compliance with risk in parallel: Boldly solve the core transaction problem while rigorously building a "safety net" of risk control and compliance.
• Build trust with plain language and minute-level response: Clearly inform users about the money's path and the rules, and nurture fragile trust with extreme service speed.

---

Three Words on a Whiteboard: "The Third Hand"

"The money stays with us first."

In a small conference room, brightly lit late into the night, a whiteboard was scrawled with arrows forming a simple fund flow diagram:

Buyer Pays → "The Third Hand" (Platform Escrow Account) → Seller Ships → Buyer Confirms Receipt → Platform Releases Funds to Seller

"The money stays with us first," Jack Ma said, pointing to the "Third Hand" box in the middle. "We'll give the money to the seller only after the buyer says 'I've received it, no problems' on WangWang."

There were no complex financial models, no elaborate page designs, just one incredibly simple, almost crude idea: Before the buyer and seller can trust each other, let them both trust us, this "Third Hand."

---

The First Week: Manual Escrow and a Handwritten Ledger

A "Primitive" Loop of CSVs, Phone Calls, and a Little Ledger

The initial implementation of this idea, which would later change the face of Chinese e-commerce, was unbelievably primitive:

• Every day, a technician would manually export the previous day's payment records from the database into a CSV file.
• An accountant would take this spreadsheet, check it against the bank's deposit slips one by one, and then write the order number and the word "Frozen" in a small hardcover ledger.
• When a seller clicked "Shipped" in the system, a customer service rep would randomly call them to verify the authenticity of the tracking number.
• When a buyer clicked "Confirm Receipt" online, the accountant would manually transfer the funds to the seller via online banking, cross out "Frozen" in the ledger, and write "Released."

The entire process was clumsy, slow, and prone to error. But a miracle happened. A week later, a customer service rep posted a message in the internal group chat that lifted everyone's spirits: "Tonight, three previously stuck orders finally went through because we told them 'the money is with the Third Hand'."

"Plain Language" That Users Could Understand

They immediately designed two very simple system notification emails for buyers and sellers:

• To the Buyer: "Hello, the money you paid has arrived safely with us. Rest assured, we will only release the funds to the seller after you have received your item and are satisfied."
• To the Seller: "Hello, the buyer has paid, and the money is being held safely by us. Please ship the item as soon as possible."

No jargon like "escrow," "guarantee," or "irrevocable." Just a plain language statement that everyone could understand: "Where the money is."

---

Three Details That Welded the Bridge of Trust

1. "Auto-Release" and the "Circuit Breaker"

To prevent sellers from not getting paid because a buyer "forgot to click confirm," the system set an "auto-release" timer: 10-15 days after the seller shipped, if the buyer raised no objections, the funds would be automatically released to the seller.

But at the same time, they designed two critical "circuit breaker" rules:

• If the buyer clicked "Open Dispute" within the time limit, the release countdown would immediately pause, and the funds would be locked.
• If the platform's risk engine detected high-risk characteristics (e.g., a high-value order, an unusual shipping address, a suspicious new account), it would automatically extend the release observation period and trigger a manual review.

2. "Dispute Tickets" and "Minute-Level First Response"

When a dispute arose, the worst fear was being ignored. So, "Open Dispute" was designed as a standardized "ticket" process: the buyer had to provide a description, upload evidence, and state their desired outcome. Once a ticket was generated, the customer service team was required to make a "first response" at the "minute level." Even if it was just a reply saying, "Hello, we've received your issue and are looking into it," the first step was to let the user know that "someone is handling this."

3. "Logistics Tracking" and "Callback Hooks"

They integrated their system with major courier companies, automatically pulling logistics node information and triggering "friendly reminder" text messages: Your package has been picked up, has arrived in your city, is out for delivery. At the same time, the customer service team would conduct random callback checks on certain high-risk or high-value orders, asking gently, "Hello, did you receive your package? Does the item match the description? Are you satisfied?"

These two seemingly minor "hooks" significantly reduced the anxiety caused by information asymmetry.

---

Risk and Compliance: Paving the Road While Running on It

Building a "Safety Net" on a Knife's Edge

In 2003 China, there were virtually no laws or regulations governing this "third-party escrow" model. It operated in a gray area, skirting the edge of "illegal fundraising" and carrying immense risk. Jack Ma later recalled joking with his colleagues, "If someone has to go to jail for this, it will be me."

But they didn't choose to run naked on the razor's edge. While boldly solving the transaction problem, they used almost austere discipline to build a basic "risk control safety net" for themselves:

• Front-end Interception: Established a "blacklist" of fraudulent users, using device fingerprinting and abnormal login IP detection to reject high-risk users.
• In-transit Monitoring: Real-time monitoring and alerts for behaviors like frequent changes to shipping addresses, multiple accounts placing orders from the same IP, and abnormally high-value orders.
• Back-end Protection: Instituted a "seller security deposit" and "transaction reserve ratio," temporarily holding back a portion of funds from sellers in high-risk categories to cover potential after-sales issues.

"First Straighten the Books, Then Widen the Road"

On the compliance front, they stuck to one principle: We are an information intermediary and a transaction guarantor, not a bank that handles direct payments.

They prioritized establishing reconciliation and payment-agent partnerships with major banks, strictly segregating escrow funds from the company's own operating capital in physical accounts. They insisted on daily reconciliation, weekly reviews, and monthly audits. At the same time, they gradually rolled out mandatory identity verification for both buyers and sellers.

This prioritization—solve the core problem first, then continuously align with compliance; let good transactions happen faster first, then shut the door on bad actors—ultimately won them precious time to develop before regulations became clear.

---

From a Comment to a Name: Alipay

"Put that name on the page."

In internal tech documents and emails, people used all sorts of clunky terms for the system: "third-party escrow," "intermediary guarantee," "that money-holding account." Until one day, an engineer, writing a comment in the code, casually typed two characters: "支付宝 (Zhīfùbǎo)."

That name, like a diamond discovered by chance, quickly moved from the code comments to the product's front stage:

• The payment page began to feature the option to "Use Alipay Escrow (Recommended)."
• All explanatory text was unified into that plain language phrase: "The money goes to Alipay first, and is released after you're satisfied with your delivery."
• The "Open Dispute" link was quietly renamed "Request Alipay Intervention."

Users could finally answer the question "Where is my money?" with a simple, clear phrase. The answer was: "It's with Alipay."

---

A Late-Night Risk Control Battle: "Empty Packages" and a Fraud Ring

Late one night, the risk control dashboard suddenly lit up with alerts: within a short period, a dozen orders from the same city were marked as "shipped," but their tracking numbers showed no updates for two hours.

The risk control and customer service teams immediately connected on a call and made a decision: First, freeze the release countdown for these transactions, then verify them one by one over the phone. Within 24 hours, they confirmed it was an "empty package ring" exploiting platform rules to "cash out" through fraudulent orders.

The next day, a notice was posted on every seller's dashboard:

• The fraudulent accounts involved have been permanently frozen, and the funds have been returned.
• The sellers involved have been blacklisted, and their information has been shared with all internal risk control systems.
• A new rule was added: same-city orders that are frequently marked as "shipped" with no tracking updates will have their release period automatically extended and will trigger a secondary manual verification.

This successful real-world battle made the team realize they were building not just a payment tool, but an intelligent "trust-filtering system."

---

Bringing it Back to You: Remove the Biggest "Mental Barrier" First

The core of this story is not financial innovation, but a profound insight into human nature. When you also face a "trust deficit" among your users:

1. First, use the "dumbest" method to draw your "third hand." Design a minimal loop that solves the core fear, even if it starts with manual work and spreadsheets.
2. Simultaneously build your "risk control foundation." Blacklists, anomaly detection, fund reserve ratios, and manual review mechanisms are what give you the confidence to "hypothesize boldly."
3. Earn trust with plain language and superhuman responsiveness. Clearly tell users where their money is and what the rules are, and show up instantly when they need you most.

When your users can explain your guarantee mechanism to their friends in a single sentence, true trust begins to grow virally on its own.

---

Key Takeaways

1. Solve the Mental Barrier First: Remove the biggest fear ("daring not to pay") from the user's path, and only then can the transaction flywheel start to spin.
2. Minimum Viable Loop → Productization: Start with manual escrow and spreadsheets to validate that the core need for "third-party guarantee" is real, then invest resources to systemize and productize it.
3. Run Risk and Compliance in Parallel: Boldly innovate to solve transaction friction while rigorously building a "safety net" of blacklists, fund reserves, and audits to keep bad actors out.
4. Nurture Trust with Plain Language and Minute-Level Response: Explain the path of the money in three simple sentences, and provide the strongest sense of security by being hyper-responsive in the user's most anxious moments.