You could eliminate a lot of the fraud by moving off a mostly-static identifier to merchant, amount and time-limited tokens the user generates with their bank (or the merchant redirects them there). This would address a lot of the issues - the tokens are useless when leaked (as they only work against the merchant's own account) and can't be misused even by the merchant to go beyond the agreed amount or time limit.

This means with such a system you’d immediately eliminate a whole category of fraud, with the only thing remaining being merchant-level disputes like goods not as described/etc, which can easily be made optional and the user can choose to opt-in for the extra fee. Then you would actually have a good case for lower/no mandatory fees at all.

One problem you need to keep in mind is that fraud mitigation is a big industry in an of itself (some of it is real, some complete snake oil but relies on the underlying problem being real to sell itself) and wouldn't be in favor of a system that is inherently immune to (at least some types of) fraud.

Paypal etc basically exist to deal with the backward underinvested USA payment systems.

Now I'm confused. There's a better way, and other 1st world countries have already adopted it?

The product in that case is not "payments as a service" to the consumer but in fact "payer as a service" to the business. If consumers didn't represent an unbounded ability to generate recurring revenue there are lots of profitable businesses that would go under overnight.

This can be generally be accommodated in my suggested model, they just have to specify upfront how much & how often they'd want to charge. If the gym membership is 50 bucks a month, then the token has a monthly limit of 50 (or maybe a bit more, to account for potential extras). The token lifetime could be set for the membership duration.

> car rentals

Get 1 token with your rental fee + a separate token (scoped until car return date + some time to inspect/discover any damage) for the deposit amount?

You'll still get a lot of chargebacks by the way. With a lot of ecomm I've been involved with the fraud you are talking about is actually a small part of chargeback volume. Most is unhappy or demanding customers, or another type of low level fraud, claiming goods didn't arrive despite a photo of the person literally accepting them from the delivery company. This is absolutely rampant in b2c with smaller merchants (I am aware you mentioned this but not sure if you are aware of the scale of it).

If chargebacks go away and aren't replaced by something at least as effective, that means that we're losing one of the most significant advantages intrinsic to the payment mechanism: peace of mind.

When the merchant fails to deliver or underdelivers -- "my fries were cold" -- appropriate customer service should be meeting the customer at that point and addressing it directly.

Modern systems of unempowered on-the-ground employees and endless loop self-service support stand in the way of that. Consumers naturally respond by pulling the levers that remain, which is invoking the wrath of American Express.

Pay with cash. No risk of recurring charges, charging more than what you hand over, etc.

It already works like that here (eu) for debit cards (which most people have; very few have credit cards although they don't know the difference). Double charges from taxi drivers is not possible as it's tapping or dipping your card and you are there for that (we are assuming some system that prevents someone stealing your card like biometrics or whatnot); products not as delivered is responsibility for the seller to refund/replace and in other cases you go through a process of mediation. I had it once in my life, which is now 50 years. It sounds like Americans willy-nilly chargeback whatever because they can (fries were not hot or cold enough): seems not very good for the fees. Most people who travel have creditcards here and the most ones I know have no idea they can chargeback or ever needed it.

You'd be surprised - at least in the public transit context with iOS Express Mode, double Apple Pay taps by transit systems have absolutely been recorded plenty of times. I admit I haven't heard about this in the taxi situation, but unless the technical problem is specific to Express Mode and not general to tap-to-pay, I don't know why it wouldn't ever happen.

> products not as delivered is responsibility for the seller to refund/replace and in other cases you go through a process of mediation.

This assumes the seller is willing to do their job or go through the process of mediation, and/or that the buyer has sufficient legal insurance or available cash to cover the up-front cost of lawyers plus any related expenses plus the possible attorney's fees of the other side if the court decides against them.

Even in the EU, this is far from always true, especially for low-price purchases or when dealing with foreign online merchants who are more likely to ignore EU lawsuits or mediation attempts than to cooperate.

Of course, trying to resolve things with the seller is always the right first step, and that's the usual approach even in the US. It's just great to be able to have the leverage of the chargeback option as extra incentive for the merchant to be reasonable. (By the way - the chargeback right is not unconditional even when the reason claimed is one of the allowed reasons. The merchant can dispute it and can sometimes win depending on the circumstances, the evidence, and the bank.)

> It sounds like Americans willy-nilly chargeback whatever because they can (fries were not hot or cold enough)

To be honest, no, the idea that chargebacks are something Americans rush to do is a stereotype and not true. They're pretty rare when neither the buyer nor the seller is doing something shady, but having the option to charge back is pretty important in order to make US single-factor (no-pin / no app-based verification / no meaningful signature verification) credit cards secure enough for customers to rely on, especially for online purchases from random small merchants who can't be relied upon.

And "fries were not hot or cold enough" would pretty much never be a valid reason for a chargeback, since usually a specific temperature isn't promised before purchase.

> seems not very good for the fees

It definitely affects the fees, but honestly, a bigger impact is that the US does not cap what fees credit card issuers can charge the merchants, so the fees are much higher than the typical EU consumer card regardless of chargebacks. Some of that is of course kept by the banks as profit, but much of it is returned to customers as reward points, cash back, or other perks. It's among the reasons why I continue to use my US credit card as my primary form of payment even here in Germany. Zero foreign transaction or currency conversion fees, great perks. (This card does require a decent US credit history and has an annual transaction fee, but I get enough value out of it to outweigh that fee.)

How many chargebacks have I done in my entire life for a reason other than actual fraudulent / unauthorized transactions? Probably under 5, maybe 1-2 at most. Plus most of the fraudulent transactions were noticed proactively by the bank rather than me having to bring it up to them. Because it's a true credit card and not a debit card, I never had to pay for those fraudulent transactions.

The thing is, even here on HN (where I expect, maybe not warranted, the level to be higher), people seem to absolutely proud and entitled to chargeback whatever for whatever reason. Those are almost 100% Americans (I check) and that is where I got the idea; this sentiment is much higher on tiktok, youtube, reddit etc. I even saw some shorts of people screwing merchants with chargeback like it is some batch of honour.

I'm not American (I'm from the UK), but filing a chargeback is an incredibly satisfying weapon for a consumer.

So many companies try to weasel out of their legal obligations under consumer protection law, so why not hit them with a chargeback when they won't do what they're required to?

After being burned by PayPal protection not working out, I will now buy anything I can directly on a Credit Card, as you just get so much more protection in the UK - both contractually and legally.

That's an example of selection bias and other confounding factors: HN users are disproportionately American, Americans are more likely to know of chargeback rights than people from other countries, Americans are more likely to have credit cards than people from other countries, American statutory rights in this area (especially for credit rather than debit cards) are stronger than in most other countries, people who abuse chargebacks are more likely to be American than from other countries for all of the foregoing reasons, Americans are more likely to boast than people from most other countries, Reddit has disproportionately many Americans, and people who make shorts about chargebacks are more likely to do chargebacks than people who don't.

Consider statistical rather than anecdotal evidence in this area. According to one payments processing company, Clearly Payments, the USA has slightly below average chargeback rates, at 0.47%, behind the UK, Belgium, Germany, and France:

https://www.clearlypayments.com/blog/chargeback-rate-by-coun...

I'm sure chargeback abuse is a thing, but in aggregate, I'd argue people are still not doing enough chargebacks, because businesses are still engaging in unethical (& potentially illegal) practices of billing customers for services not rendered, or unclear pricing, or dark patterns.

Dark patterns with regards to payment should be a big no-no, and the fact they're still around suggests this behavior isn't being punished enough. So we should in fact have more chargebacks, until the situation becomes that it's more profitable to play fair and legal than try dirty tricks.

Unlimited, no-confirmation access to pull money just based on a static card number is a bug to begin with - ideally every money movement would be authorized on the spot or preauthorized in advance up to a limit.

But assuming we do have this bug, it seems like merchants are happily abusing it - "free" trials that are impossible to cancel, unexpected charges buried in 50 pages of T&C, etc. Chargeback is a completely normal reaction to this and I recommend it to everyone.

The heuristic I use is simple: did I expect this charge, and would I have agreed to pay for it had I been asked for upfront? If not, the merchant gets a quick email, and if they're not cooperating, taking unreasonable time to action it or are outright unreachable they're eating a chargeback and it'll be up to them & their processor to argue it further. They are welcome to put their processor/acquirer person on hold for hours (like they would do me if I were to play their game) and see how that works out for them.

But it only adds fees aka an extra tax; you are paying for it. Merchants just up the prices, banks up fees, conversion rates, etc etc. Someone is paying for it and it's always most likely you. The strange idea people have that 'this is free because it is law' is interesting. It is VCs (in neo banks), it is you in established banks. I rather do not pay for any of your chargeback behaviour really.

Ideally, we’d have technical means to prevent people from getting stuffed (the oAuth-style token system I’ve described in other comments on this thread), combined with legal means to ensure businesses are discouraged from doing the stuffing in the first place (and those who do are promptly sued out of existence).

Until this happens, consumers (including me) will keep using chargebacks as their only way to defend their interests.

Also, if we were to magically rewrite the system tomorrow and eliminate card fees and the potential for chargebacks, do you really think businesses worldwide will suddenly lower their prices as a result? The market already demonstrated it is willing to pay the current prices, so the savings from lack of fees/chargebacks will end up in executives’ yachts instead or pissed away in more advertising.

Where? I heard it many years ago a few times but not for a very long time? Maybe it was a bug which got fixed?

If the cardholder doesn't opt-in then the payment is as good as cash (with the same recourse available as if you paid cash).

This could allow low/no-fee transactions for low-stakes situations where the chargeback protection wasn't going to be used anyway.

This almost sounds like a subtle recommendation for the Lightning Network. It's based on single-use invoices that are locked to a specific recipient and is usually limited to specific amounts.

The fact that invoices are temporary in LN is a weakness of the design, not an intentional choice. The lightning network represents a regression from the typical use-case of cryptocurrency because both sender and receiver need to be online to make a payment.

Good luck convincing J. Random User that your cryptocurrency is none of these things.

The Netherlands had a similar system where they used physical totp (I believe) terminals which generated them from your bank card + pin, completely offline. Nowadays everyone uses iDEAL identically to what you describe.

- Keep the money in the bank (and earn interest on it) for another month or so

- Contest fraudulent charges or payments for goods or services that are never delivered

- Earn travel rewards (I know, those have systemic downsides)

- Pay any business in essentially any country in any currency with no fee for you and a low fee for the business

1. Banks are also allowed to charge fees for SEPA transfers, with some limitations.

2. It does care about currencies, in that it only supports one: the E stands for Euro, and all SEPA transfers, in the four rails it provides, are in Euros, including transfers from and to countries that are not in the euro zone.

3. And SEPA isn't limited to the European Union, as it has 36 states participating in the scheme, more than the EU's 27.

- SEPA instant transfers (exist, but cost extra)

- A consistent (across all banks) API to poll for received payments for the merchant

- A consistent API (e.g. an URL schema that browsers do support) to quickly fill in payment details with your bank's transfer form.

Last time I checked instant sepa (which was today) it was free as in zero commissions on either side and was actually instant.

But yes, instant SEPA is often free and often available and very nice when both of those are true.

I want to buy a CD from Amazon for 19.99. I click on my bank application (or maybe some QR code on Amazons site) And that tells my bank app on my phone to authenticate my phone agains the bank And ask for a 16 digit number that is solely for amazon, 19.99 and 20240812

Browser-based flow, where you're already logged into the bank in an existing browser tab:

* Amazon redirects you to oauth-proxy.visa.com where you select your bank (if you've done it already once, it remembers and redirects straight to your bank)

* Visa redirects you to your bank - if you're not logged in, you do a login - this is up to your bank on how to do that - authorize with an existing phone, WebAuthn, etc. On OSes supporting it, this URL can be hooked and handled directly by a native app which may use the device's secure element to store its auth credentials for the bank

* Bank displays you the payment request details (which include your Amazon account email, order ID, etc - all info you need to confirm it's indeed your payment request and not someone else's) and allows you to change them (maybe you want to authorize more or less, or make it one-time/recurring with a daily/weekly/monthly/yearly cap, or set an expiry after which the authorization is no longer valid)

* In the background, Amazon gets a success webhook from Visa (or their processor) saying that this authorization request has been granted, or they can poll an endpoint - this eliminates the need for a final redirect back to them like in normal oAuth

* If this is a recurring charge scenario, Amazon can store this payment request token against your account and use it multiple times, as long as the charges fall within the policy set during initial payment request establishment (if you set a max of $20, they can do as many transactions as they want up to a total of $20).

Device-based flow, where you aren't/don't want to login in to the bank the same browser:

* Amazon redirects to oauth.visa.com as above

* Instead of clicking on your bank directly, you say "authorize via phone", it just encodes the URL of the current page in a QR code so you can scan it on the phone - you then do the above flow there. Because the success/failure of a payment request is already communicated directly between the merchant and Visa, there is no need for your phone to pass any data back to the browser, so no need for a "reverse channel" to be set up.

* On your phone, you may have your banking app installed, so it takes over the domain name of your bank and automatically opens the payment request authorization there, using your existing session within the app.

Point is, not only is there no longer a concept of a card number that can be copied, stolen, or leaked, but the user also remains in control - they can control whether the payment is one-time or recurring, set limits on recurring payments, and be able to cancel these authorizations at any time, after which they're guaranteed that nobody can take more money without going through this auth process again. This eliminates many reasons for chargebacks, and reduces fraud risks for merchants too (merchants are no longer vulnerable since the auth to authorize a new payment request is between the user and their bank directly), so things like behavioral fraud detection or captchas on payment pages are no longer needed.

Downside (for scammers): business models based on a free trial that rely on the user forgetting to cancel, or those who intentionally make cancellation annoying or impossible wouldn't work, because payment requests should list upfront the max amount they can take, and the user can adjust that and make sure the unwanted charge just won't go through even if they tried.

It doesn’t cover credit risk-even on a debit card, there can be a “hold” period of an arbitrary amount before the final transaction clears. When you swipe a card at a gas station, they often run a $50 authorization hold on your account.

It also doesn’t cover merchant fraud—- Visa/MC covers you if the merchant doesn’t ship the product because they’re a fake company.

Then there are value-added warranty services that higher end cards offer. These are easily worth the 1%+ fee.

Safeway gas stations upgraded their pumps to have tap-to-pay.

But with increasing gas prices (and not getting into that), they upped the auth hold to up to $125.

Except many card issuers limit contactless payments to $100... rendering tap to pay useless on the pump because it'll deny the preauth and require chip insertion.

I’ve noticed lately that contactless payments that go over the limit don’t require chip insertion, the reader just asks for the PIN to proceed. Maybe there’s been some updates to the standards?

My risk to my credit number being stolen is honestly low. The risk is the merchant providing a substandard service 99% of the time, and an OAuth style payment flow does nothing for that.

Someone like Amazon who is a trusted merchant already negotiates fees with their banks and they likely already have an extremely low fee rate.

What Stripe, Square and PayPal provide is a service for integrators who don’t want to spend money talking to a bank, negotiating a rate, and then implementing the required security to execute their own transactions.

Merchants would love to reject all cards that are a Visa Signature and above, leaving only the very low cost cards as accepted. The Card Networks have engineered via branding and contracts that this does not occur though.

Visa or MC could do the same, without additional parties. But no.

Most merchants have a BLIK button... you click it, enter a 6 digit code created on your banking app. Purchase complete. Takes a few seconds. No card numbers, CCV etc..

Can you elaborate? (Am new to the topic, so your perspective would be appreciated).

For example, transfers between accounts are instantaneous, not 2-5 days for ACH (Wire transfers are same-day, but expensive).

Electronic menus/payments in cafes are default for at least 3 years now (US has toasttab.com but it's far from being default).

If you have a small business account, taxes are paid in one click (app shows you tax to be paid with Confirm button).

PS: These features are available in many other countries besides Ukraine, of course. Only in government id/functions Ukraine excels (#2 in the world, after Estonia only).

And if I want to write a petition in this case, I log into the web portal, write it down, click send and blink into the app twice to Electronically sign it.

Which produces your normal CMS ( pkcs#7 ) signature on a pdf file.

It’s also not a special court app for a specific locality, but a nation wide government app.

Wr also don’t write damn cheques and never did, as it’s bullshit. You want to somebody —- you get their card number, open the bank app and tap send.

That's certainly an interesting use case. And yes, difficult to see being pulled off anywhere in the US, the way it tumbles along with such things.

Re: paper checks: they're far from bullshit -- being time-tested, perfectly easy to use, and best of all, not requiring a device of any kind. Provided, as concerns ease of use, one has spent enough time in an environment where their use is ubiquitous. So I can certainly see they might appear as a nuisance or just weird at first, for the rest of the world).

The main downside of iDeal for consumers is that it's irreversible. If you pay and then never receive the product, you can't get your money back. While PayPal and credit cards do offer that extra protection to consumers.

So iDeal is really only good for the merchants due to the very low transaction costs.

For a 3% discount, would customers agree to use something that worked just like cash, where the transfer was instant and couldn't be undone? Then you don't have to worry about fraud, chargebacks, etc.

Fraud is an industrial level enterprise. You absolutely need fraud detection if you're accepting payment that isn't cash.

So it's not that I get 3% off by not supporting chargebacks, but whether I want to have a dollar under a payment system that supports someone emptying me out without recourse.... and the answer is often no.

It is fantasy to think they'd get a 3% discount. The goods in stores that take only cash do not tend to be cheaper than those that do.

They know what people are willing to pay and will charge the price. If they see people are willing to pay $99 with a credit card, then they'll be willing to pay that with cash.

Everyone pays their own credit card fee as a line item on the receipt, merchants are required to print it on the receipt. If customers actually had to pay their own fee's on each swipe you'd see a lot less people reaching for the Platinum card and instead for the no frills local bank credit card. You'd also see immense downward market pressure on swipe fees as now card issuers have to compete against each other.

The reason merchants might not pass it all to you if that they get a lot more sales volume when they support credit cards, so they can still be more profitable while paying for some of those fees.

I know I'm going to get hated for saying this, but the businesses that charge extra for credit card use under $10 are trying to extract as much out of you - they're aiming to get the best of both worlds. The price of their goods are still such that they're assuming you'll pay with a card.

At the end of the day a business has several costs. Rent, cost of shipping, utilities, etc. When these go up so do the costs of goods. Credit card fees are no different in that regard. If they hated it that much they wouldn't support credit card payments. They do support it because then know it'll bring in more revenue than without - and will easily pay for itself and more.

Some cards cost merchants much more than others, but they are contractually forbidden from differentiating their prices based on that. It's anticompetitive. Lots of "buy now pay later" schemes work similarly, when afterpay was (or is) a big thing they charge 7% and forbid the merchant from including that cost in their prices.

If the consumer had to bear the cost of their payment choice, no problem, but the reality is consumers with low fee payments are paying slightly more than they should for everything and those with high fee payments pay less than they should for everything.

In NYC they most definitely do. A lot of the corner stores will change you less with cash. I'm not sure it is a the card payment or that they are keeping the sale off the books, but something that might cost me $18.50, I'll pay $18 for.

The reality is except for a few of the really major cities those types of stores are usually more expensive than their larger counterparts in virtually all other cities in the US.

In my city I'm not going to get cheaper groceries by going to the smaller stores. They are more expensive regardless of whether they support credit cards or not. They may be superior and certain other aspects but price is not one of them.

My guess is the opposite may be true only in places where owning a car is expensive or inconvenient.

I didn't see this anywhere else though. It probably made sense for computer shops because most transactions one would do there would be sporadic, big, and planned.

(Since then, the Mastercard/Visa fees went down to 0.2-0.3% due to EU rules, so probably those discounts are less popular now).

In the US offering different prices when paying by cash vs card was a violation of the agreement with Visa, as is putting a minimum price threshold for card usage.

It's still fairly widespread though, and occasionally makes the news. Might explain why you didn't see it often.

In the US, not only does Visa now allow cash discounts and minimum price thresholds up to US$10, but they also allow, in most states, credit card surcharges (sometimes subject to specific state-law legal requirements).

Visa still officially disallows minimum price thresholds outside the US and certain related territories like Guam, and credit card surcharges outside the US - but I nevertheless see them plenty often here in Germany in small shops. I think the permission to offer cash discounts is global.

Yes, being able to illegally evade taxes is an easy way for businesses to lower prices slightly.

I'm not sure subjecting everyone to poorly regulated (even in the EU it's fair from ideal) monopolies/oligopolies that are legally entitled to literally tax every single transaction in the economy (in addition to the complete loss anonymity and all the implications of that) is not a too high price to pay for some reduction in tax fraud...

In many jurisdictions, cash payments can allow the retailer to avoid on-paying sales tax or VAT, as well as mark stock shrinkage as a loss for their own tax purposes.

Countering this would require very careful auditing of electronic toll records and paper receipt processes, which are in most cases trivial to evade if well-prepared.

And you can’t always be sure that the shrinkage - without the cash - is reported to the manager of the retailer by the person on the till, especially if an unofficial handwritten receipt is provided by the cashier.

I recall seeing a situation involving a very large champagne purchase on New Year’s Eve in cash for 25% off and a “till receipt problem”.

Obviously any electronic payment system needs to be secure internally but society lasted a long time and made fine progress when having your wallet stolen meant losing your money.

It would be fine to require a person to charge their debit card with a finite amount rather than have it be funded up to the limit of the supporting account and that would solve the last problem compared to cash.

The key difference from cash, in the US, is the ability to abuse cards at a later date without the physical card. For someone to steal your wallet, they have to be colocated with you and can only steal as much as you're walking around with.

As long as debit cards have a magnetic stripe and have their full number printed on them, and that information is useful, this problem remains.

Which the EEA/UK has also (partially) solved by enforcing Strong Customer Authentication (SCA) that mandates that (most) transactions require MFA.

When adding a card to a taxi app for example I get SCA prompt for a zero amount, but then they can charge me for any amount without subsequent SCA flows.

Presumably those subsequent transactions wouldn’t have a liability shift to the issuer but it still means that they can at least temporarily steal all your money until your chargeback claim goes through.

The whole concept of “card number” is rotten. What’s needed is an oAuth2-type system where every payment needs to redirect to the bank (actual redirect, no stupid hacky iframe like SCA/3DSecure is) and where you can see the merchant and set the max amount (and whether one-off or recurring) and the bank records that and keeps a list of authorized merchants so you can revoke them at any time. The merchant then must use this token to pull money, and can't pull more than what the token allows - just like your usual oAuth2 scopes.

What I suspect is that the "mandatory" bit is by law (and the law has flexibility, which covers this taxi app scenario) but there is no technical solution to make it mandatory, thus a non-compliant merchant can still drain your account until your chargeback claim goes through.

https://www.checkout.com/blog/exemptions-to-sca

> If you attempt an exemption and the bank returns a decline code indicating that the payment failed due to missing authentication, you’ll have to reattempt the payment with your customer but this time utilizing SCA.

It's not a difficult technological problem to solve. A card's chip should be able to guarantee that the card is physically present for any transaction.

Obviously online payments would pose a problem, people would need to either own USB card chip readers or banks would need to do something new and special.

The physical card can communicate via NFC, and there's a smartphone app you can use with it. For PCs, you can buy some fancy NFC interface if you want, but you can also have your phone act as a reader, the PC connects to it over the local network.

Maybe something similiar could work for banking cards. They all have NFC anyways.

On the other hand, you might as well just have an app that is registered with the bank on your computer/phone (like how it works for smartphone NFC payments) and skip the card.

An older example was getting transaction authorisation numbers. You would either get a long indexed list on paper, or you could receive then over the phone (voice or text). This was then mostly replaced (about 10 years ago) with hardware (H/T)OTP type tokens that required your card to be inserted in the token and PIN authenticated. Later on that too was replaced by a cardless version, and that one then was replaced (for consumers) with mobile apps.

The combination of minimum software versions, online authentication, transaction limits, daily limits, and time-locked temporary limit increases (so you can buy a car with your phone, but you have to up the limit a couple of hours ahead of time for it to take effect) make it pretty safe with acceptable risk for the bank. And then there's of course the standard fraud detection and prevention departments, so if you do something unusual that also involves a lot of money, you're likely going to get a call.

For business use, there are other systems, generally two types like EU-wide smartcards or bank-specific smartcards that can be used to authenticate and authorise. You'd use an USB or NFC connected method for that. Sometimes that involves entering a PIN on the device itself before the computer can talk to it, but that does make the OTP exchange very fast. You'd still have limits or multiparty authorisation setup in your organisation so you don't end up with one person just moving a couple of 100K around on their own.

And then there's some overlapping systems, apparently this one is going EU-wide: hhttps://en.wikipedia.org/wiki/EIDAS and apparently some implementations include useful things: https://www.idin.nl/en/businesses/ like age confirmation where the business doesn't need to know who, what or where you are just if you're of age (and not even a specific age). Granted, nothing is perfect, but it's a whole lot better than finding some S3 bucket somewhere with JPEGs of ID cards. As long as they don't do dumb stuff like trying to MITM TLS, it's progress. The overlap is in the concept where you can use some electronic means to prove who you are to get something done.

If you have an unprotected vector fraudsters will find and exploit it. They're literally paid to do so.

I've seen fraudsters that are ridiculously persistent to make $2,000 in a year. But they just keep poking at it at a certain point you're able to ramp that up to $80,000 in a month I know they're good it was completely worth it to him for several years.

How I've seen people spend hundreds of hours to generate a few hundred dollars worth of in-game currency or on-site reward points.

Well, not until you get hacked.

We might be happy with instant, no-undo transactions until our device gets hacked and our bank account with many thousands of dollars gets drained, through no fault of our own.

Then suddenly, complex fraud detection and transaction reversals seems like an awfully good idea.

Because the issue here isn't about chargebacks where you genuinely made the transaction but the business failed to deliver, and maybe you lose a couple hundred dollars. The issue here is about when you never authorized transactions at all, and you lose all your savings.

And there fees are 1/10 of that of credit cards, as a result of giving up these benefits.

One of the most fundamental basics of trading has always been trust.

And failing the elimination of those issues there will always be some fees. New vendors can pop in and push the fee structure down if they can run a more efficient operation.

There are multiple ways of doing so, two-factor authentication (think 3d secure) is one, an oAuth like system where you log in to your bank on their website and consent to a wire transfer is another. There are variations on these ideas, the system we have here gives you a 6-digit code in your banking app which you can enter on any device, trusted or not, and then accept the transfer via a pop-up on your phone, no personal data involved.

As far as I understand, both US law and US history heavily incentivize the use of credit cards. There's no nice way for landlords, banks, mortgage lenders and other such institutions in the US to do "background checks" on their customers except through credit scores, and that incentivizes credit card use. There's also a regulatory difference in how credit versus debit card chargebacks are handled, making credit a lot more friendly to consumers in cases of actual fraud.

Then there's the historical aspect, in the era where there were no computers, and most vendors could at best call a bank to verify if a card was valid, a debit based system wasn't technically feasible, which is what put the US on the path of credit. A lot of poorer countries had the major cash-to-cards transition a lot later, in the era of chips and dial-up modems, which made debit a lot easier to implement, and so that's what they went with, and debit usually means far lower fees.

Most countries that ARE the US put the burden on the business and the credit card companies, and limit the liability to the credit card holder ($50 max, sometimes $500)

I've known people in other countries that lost money and they were SOL in comparison. Maybe they have cheaper transaction fees.

If you buy with credit you are using the bank's money, with debt your own and you have less protections in the second case.

Trust me, i have meet my fair share of adults who don't own a credit card and if they want to buy something online just charge a prepaid card with the needed amount.

American express is not accepted in a lot of places because it is only credit and the processing fees are double that of debit cards.

Visa and mastercard debit cards are accepted just because you can't only accept debit cards, a lot of vendors fought for the ability to do so.

It's actually difficult to justify Stripe's popularity aside from media monopolization preventing alternatives from gaining mindshare. Everyone knows Stripe but many don't know about the existence of alternatives.

You can negotiate with a bank to get your own rate and then implement your own secure transaction processing. Visa is still required though.

I have worked at companies that bypassed those middlemen. Many companies don’t do it because they are okay with paying higher fees so they don’t have to deal with that extra headache, or because they work at smaller companies that think Stripe, Block, and PayPal invented payment processing when Visa and banks have been around for decades longer.

With 99% of my transactions I don’t care one bit about the ability to do chargebacks.

I just went grocery shopping. VISA was involved and took a few percent. Why??

I got my groceries. I’m not going to do a chargeback because the salad was bad.

Earlier, I bought something on Amazon. Again, VISA took a share. Why? In 15 years of shipping with Amazon they have always hinteres my returns.

EDIT: I see the general problem of origination fraud. But that can be mitigated by imposing limits and requiring extra levels of authentication for bigger payments.

Which are exactly the kinds of things credit cards do, but it can't be perfect so they still suffer losses, so they still have to charge a percentage.

(Of course a lot of the percentage can go to rewards programs, so we're talking about the percentage once those are accounted for.)

However there are both historical and convenience reasons at play here. It was a big transition to move to chips, for example.

So your assertion that they're not making an effort at fraud prevention is just completely untrue.

Fraud is already a big business, with the current security levels. With worse security? Fraud goes up some more.

A modern payment system would require at least touch/Face ID on every transaction.

Higher amounts would require 2FA, pre-authorization, delays, cool-downs etc.

It's fine if you say, yeah I can do without #2, but realistically you cannot do without #1 in any digital payment scheme that will have wide acceptance so a chargeback mechanism is required.

The only settlement methods we have that do without both protections are cash, cashiers checks, and wires. Setting aside cash the other two are a pain in the ass to originate exactly because they are non reversible.

It would be suicide for a shop not to take it, I know many people that don't carry their bank card at all. Only their phone for Apple pay.

Hopefully that contract ends soon, because wow did they shoot themselves in the foot on that one.

Are you saying we should somehow all go back to cash and also use cash online?

As for why you involved them, that is the actual issue at hand, because it's a choice, not something that was forced upon you. But the choice isn't the first one that comes to mind; the choice was between protecting consumers or protecting corporations. And in the US, corporations are better protected than consumers. To level that protection, you (a consumer) have to involve someone else (a corporation) to gain any practical protection.

If that method of protection wasn't needed, you'd be paying using a cheaper (or free) method where you'd be protected differently (i.e. not based on the money going from A to B, but based on the fact that you are a consumer and should thus be protected).

You could also go back to the first choice that might come to mind: protection. If you are not in a society that protects consumers directly, but you also don't want to pay a corporate provider for that protection, you could opt to forgo that protection.

And I think this means there is opportunity for disruption.

If they don't trust you enough to give you credit without a guarantor like Visa or Mastercard, then I don't think there is any way for you to force them.

There are businesses who let you purchase stuff online by bank wire.