← Back to context

Comment by matthewdgreen

2 months ago

There are several ways to reduce costs underlying payments. One is better IT. Notice that IT infrastructure has improved and dropped in cost by immeasurable amounts since those 3% fees were first instituted. Another way is to reduce card fraud. Notice that we’ve had excellent solutions to many types of fraud for decades now, but online shopping still requires us to enter 16-digit easily-stolen numbers into websites, and so fraud is enormously higher than it needs to be. With biometrics and modern smartphones, in person fraud should be very low.

A better way to look at these networks is to understand two things: the first is that at one level, they’re an insurance business that makes a profit from insuring against fraud, and reducing fraud would reduce the profit margins they can make from that business. And a second way to understand them is as guardians of a hugely profitable network portal that’s very hard to compete with, and they’re charging as much as the market can bear for that service.

4 comments

matthewdgreen

Reply
doikor  2 months ago

> online shopping still requires us to enter 16-digit easily-stolen numbers into websites, and so fraud is enormously higher than it needs to be

EU partially solved this with PSD2 enforcing two factor authentication for online card purchases.

https://finance.ec.europa.eu/publications/strong-customer-au...

  • elric  2 months ago

    I've noticed that I'm getting fewer and fewer 2FA requests with my 3DSEcure enabled VISA card of late. Places I frequently order from no longer trigger 3DS. Sometimes new shops don't either. From what I understand, whether or not the second factor triggers depends on a variety of factors including amount and retailer reputation.

    • hakfoo  2 months ago

      They added a "frictionless" flow in 3-D Secure v2, so probably for situations like "we recognize this combination of device and payment card and the transaction is pretty small" it can slide you through without a direct interaction.

      I think some interpretations of the PSD regulations call for specific "after X euros of spend/Y transactions you have to explicitly challenge" but it may vary by country.

      1 reply →