Background

Bravo is a great platform for sending person-to-person payments with both credit and debit cards. I first heard about Bravo in early 2019 from the now defunct Middle Age Miles blog. It’s never been the lowest fee liquidation option, but if you are earning 5-15x when buying gift cards and you’ve filled up other channels or run out of lower-fee liquidation, it can make sense.

The problem with Bravo though is that the fees started out relatively high and they’ve continued to creep higher, just like ancillaries on Frontier airlines. The evolution:

  • The fees started out at a flat 2%
  • They capped the flat 2% to payments of $499.99 or less
  • Around September 2020 they raised the fees for payments above $10 to be 2.9% + $0.31 per payment (or more)
  • Sometime in the last several weeks, they raised the fee to 3.6% + 0.31 per payment above $30.01

At this point, it’s really, really hard to justify the use of Bravo. That said, I suppose it could still make sense for some of you.

Forcing the Old Fee Structure

Here’s the kicker with the fees though: Until the last couple of weeks you could still send payments under the old 2% flat fee structure. How? By using an old version of the app and jumping through a few other (small) hoops.

Why did this happen? Well, I can tell you in general even though I don’t have any special inside information: a golden rule in mobile app and web development is that the server should validate everything, and the server should be responsible for “business logic” like the fees charged on a transaction. You can never trust a users device to be above board. Bravo’s team clearly didn’t follow this rule. The fees were hard coded into the application itself, so using an older application would give you an older fee structure. It took their team years to finally plug this hole.

Lessons Learned

  • Older apps can unlock functionality that’s been removed or changed, and that can even affect the way you’re charged for a service
  • Backing up your applications on iOS or having quick access to apkmirror on Android will often be useful for future tinkering
  • Sometimes you’ll need multiple versions of an application to accomplish a task

And of course the most important lesson for the software developers out there: Always validate on the server side. Always. (Unless you’re trying to help us out, in which case, thanks.)

Pictured: Bravo’s fix for the “2% in perpetuity” hole.