[3dfan]

Is there no service that does CC processing and fraud detection already?

I would think it does not make sense for every ecommerce merchant out there to build their own solution.

Bemmu, you say you use PayPal - isn't PayPal also accepting Credit Cards? Don't they do the fraud detection in this case? I would expect them to have a huge advantage. You only see the IPs and other metadata from a few customers. They see millions and should be able to do way better fraud protection.

[bemmu]

Yep, PayPal is awesome at this. I originally intended to go on a long tirade about how PayPal had dealt with this, but cut it out as the post was starting to get a bit long.

---

Peter Thiel on PayPal: "In mid-2000, we had survived the dot-com crash and we were growing fast, but we faced one huge problem: we were losing upwards of $10 million to credit card fraud every month. Since we were processing hundreds or even thousands of transactions per minute, we couldn't possibly review each one - no human quality control team could work that fast.

So we did what any group of engineers would do: we tried to automate a solution. First, Max Levchin assembled an elite team of mathematicians to study the fraudulent transfers in detail. Then we took what we learned and wrote software to automatically identify and cancel bogus transactions in real time. But it quickly became clear that this approach wouldn't work either: after an hour or two, the thieves would catch on and change their tactics. We were dealing with an adaptive enemy, and our software couldn't adapt in response."

They ended up going with a hybrid approach where their algorithm would flag suspicious transactions, which would then be manually reviewed.

[michaelbuckbee]

I've heard Max Levchin describe Paypal as a "credit card fraud detection system that also accepts payments".

[jandrese]

This is also where the majority of "PayPal sux!" type posts come from. People who get caught up in the hyper vigilant fraud detection stuff and get their account locked.

I have occasionally wondered how many of those foaming at the mouth tirades come from people who were actually scamming people and are angry that their take was locked away.

[comex]

As someone who went through PayPal hell a few years ago, I'd say there is a lot they could do/have done to improve their customer service without impacting their fraud protection capability. I experienced issues like being bounced between different phone representatives offering different explanations for why my account was locked, a slow and duplicative process of uploading scans of identification documents, etc.. Just saying.

[bemmu]

Also this quote from the book Zero to One: 'Max was able to boast, grandiously but truthfully, that he was "the Sherlock Holmes of the Internet Underground"'.

[mrweasel]

Most will sell to fraud detection for you, it's just expensive and typically not very good.

PayPal is an option, unless you have low margins, it's a very expensive way of accepting a credit card. It's also a terrible user experience for people in countries that aren't to familiar with PayPal.

[dboreham]

You can use PayPal as a credit card processor, with the user having no idea they are involved.

[mrweasel]

Really? While still leaving all the input of credit card numbers to PayPal? I mean you'd still have to have some "landing page" with Paypal.

If you happen to have a link handy I would very much like see how they do it.

[dboreham]

I didn't realize "leaving all the input of credit card numbers to PayPal" was a condition here. I don't know how to do that, although it may be possible. I'm thinking of their service where you host your own form but use them to process the payment. cc data flows through your server on its way to theirs, but isn't stored on your systems.

[melvinmt]

https://developer.paypal.com/docs/classic/products/payflow-g...

[hibikir]

I'd be surpised if any online CC processor didn't do at least some fraud detection already. Stripe does, for instance.