Comment by thayne

> overwhelmingly businesses simply absorb fraud costs in the same way that they absorb their office rent, staff salaries, and marketing expenses.

I didn't realize that is who usually pays for fraud. I see two problems with this arrangement:

1. The credit card companies, who in some ways are probably in a better position to prevent fraud, are less incentivised to prevent fraud, because they aren't the ones paying for it. For example they could make credit credentials more difficult to steal, by making it so the raw credentials never go directly to online businesses, either by using asymmetric cryptography rather than a number or using an oauth style flow with the credit website in order to complete a transaction. But the credit company would bear the bulk of that cost and it would primarily benefit retailers. 2. Consumers that pay using a method with less fraud risk, such as cash, still have to pay a higher price to cover the cost of absorbing the fraud cost.

On the other hand it does allow businesses to self select how much fraud they are willing to accept.