[loceng]

As security practices improves, reducing fraud, does the industry reduce its costs and pass the savings to consumers or is the trend to increase their own profits? I have an assumption as to what the answer is, however I'm wondering if anyone here in the industry may have a solid understanding?

[callmeed]

Based on history and other industries, I'm gonna say they'll take the profits. At the very least, any savings they pass on to consumers won't be proportional to what they experience.

eBooks save money on printing and distribution but often aren't any less expensive than printed books.

eTickets save money on processing but ticket platforms charge a "convenience fee" on top of the ticket price.

When oil/fuel is at record lows, do airlines lower ticket prices in line? No.

Here's an example from finance: when banks save money via online banking and more advanced ATMs (allowing them to employ less people), do they lower their fees? No. https://www.latimes.com/business/lazarus/la-fi-lazarus-price...

[0xffff2]

Is reduced fraud even creating meaningful savings? The simple fact that these changes are driven by government regulation rather than internal efforts makes me think not. I think the main benefit to consumers is that they don't have to deal with identity theft as often.

[scrollaway]

In this case, government regulation makes SCA required; but in Europe most banks already practiced SCA. For free.

Here payment card fees are also far far lower because we don't have a credit card mentality of always seeking that tiny percent cashback, so these are much rarer in Europe. We also have banks themselves competing with Visa and MasterCard, for example in Belgium with bancontact. The banks offer merchants even lower fees for these.

So yes in some worlds the fees are passed down to the consumers. In other worlds, you have the United States.

[TazeTSchnitzel]

What's interesting to me is that, in my experience, it seems that SCA not being used is more of a merchant than a bank problem. My previous bank (NatWest in UK) and my current bank (Nordea in SE) both support it, but a lot of merchants, especially UK ones, don't bother, which undermines the system.

[AnssiH]

Here in Finland essentially all local web merchants have used Verified By Visa and Mastercard SecureCode for at least 10 years now (authentication via bank credentials that use one-time codes or nowadays other 2-factor methods).

But I don't think I've ever seen them used on foreign stores.

Also: Local merchants here tend to use local payment service providers instead of Stripe etc. as the merchants need support for local payment methods, like "bank buttons" which have traditionally been the most common payment method (and much cheaper to merchant than cards).

[wongarsu]

The article mentions "“There was a 25 percent drop in sales overnight when the changes came into effect in India,” he said in an interview. “So we think SCA is a huge deal.".

I highly doubt that 25% is anywhere close to the long-term impact, but any fraud detection that increases friction decreases the number of impulse purchases. If it's not clear that reduced fraud creates a bigger benefit than lost purchases the industry won't implement it. Add the sometimes weird incentives (chargeback fees etc) and something that's beneficial to the consumer might never be implemented willingly by payment providers.

If the friction from better fraud detection reduces impulse purchases it might be detrimental

[ed_balls]

because it was very unreliable in India. In Europe it works really well.

[yani]

Every chargeback from a fraudulent transaction costs ~$25 to businesses.

[bpicolo]

For middlemen it can cost significantly more, as they often have to pay the businesses for the service anyway (e.g. food delivery)

[0xffff2]

I read "industry" as the "payment processing industry" not merchants.

[saas_sam]

Profits equal the difference between what customers are willing to pay for a product/service minus what it costs to provide that product/service. When you find a new way to deliver something valuable at a lower cost -- meaning less time & material resources -- you enjoy profits. Profits are then used to do things like hire people, invest in tech improvements, and acquire companies like Touchtech. Without profits, people would pay for things at cost which sounds great in the short term, but would result in no money left for further improvements much less incentivizing hard work, which is very bad in the medium and long terms.

[clairity]

> "Without profits, people would pay for things at cost which sounds great in the short term, but would result in no money left for further improvements much less incentivizing hard work..."

note that profit (without qualifiers) == net income (as opposed to gross profit or operating profit)

so it's not true that no money is available for further improvement. profit is what's left over after re-investment (and other costs).

it's also not strictly true that it doesn't inventivize hard work. if the owners take money out of the company as salary and benefits, or they derive satisfaction from the quality of their work and/or pride in building an organization, they may be very well incentivized.

to actually answer the original question, you'd need to understand how value gets distributed in a value chain (including customers). it depends on the relative power of the various actors in the chain. if customers have a lot of power, they'll extract most of the value of the value chain (likely in the form of lower prices). if suppliers have the most power, they'll retain most of the excess value in the value chain as profit. based on a quick read in this case, the supplier has lots of power, so stripe will likely retain most of the profits.

[m11a]

Reduced fraud does have benefits to merchants either way by (a) less income lost in chargeback fees, and (b) time saved not having to fight chargebacks.

[arnvald]

There's more to that. Anti-fraud mechanisms that require additional action on user's side, lower the conversion rate.

For example 3DSecure mechanism redirects customer to another site where user has to put a number received in a text message. My phone is in another room upstairs. I cancel the payment and tell myself I'll do it later. Of course I might do it, but I might forget about it or change my mind.

Another example: (in Europe) from time to time, when making a transfer/payment, I have to generate an OTP using a physical device that I received from my bank. I find it extremely irritating, and I don't take this device with me everywhere, so if I'm making a payment and I'm expected to use this device, I cancel the payment.

I've worked in a place where we introduced 3DSecure mechanism for our payments, and in certain countries it dropped conversion rate while in others (where people are used to such mechanisms) it remained the same

[jwr]

The implementations of 3DSecure I've seen were so terrible that I'm not surprised there is a drop in conversion rates. I would consider the user interface and the massive breakage as actively user-hostile. The redirects, terrible UI with blurry crappy bank logos, ugly dialog, and then I have to copy the code from my phone. And incidentally, SMS is a particularly bad method of authentication.

[antaviana]

Especially when the code in the SMS is visible in the notification even if the phone is locked (at least in default phone configurations).

[sdooley]

Worth checking this out. Banks are actively working on improving the customer experience through 3DSv2 https://stripe.com/en-IE/guides/3d-secure-2

[arnvald]

That's true, I've had similar experience. Unfortunately merchants can't do anything about it, since the sites are provided by the banks.

[nickjj]

Yeah 3dsecure is a pretty big hit to conversion rates.

It kind of stinks being a vendor. Stripe charges extra for certain security pre-cautions but it doesn't do a great job at protecting against fraud on its own, where as 3dsecure does do a great job but it kills conversion rates since it's something a consumer will see.

In the end, it's the seller that ends up having to pay the price. Either through fees for disputes (which are very expensive, it's $15 per dispute) or having to pay for extra passive services, or lowering conversion rates with 3dsecure or requesting a ton of info to help reduce fraud (full address, etc.) for a digital product that won't be shipped anywhere. That raises suspicion from the consumer and it's a lot more fields to fill out -- plus it's not a sure fire way to prevent fraud.

[dbbk]

3D Secure v2 should be a lot better in the user experience regard. Most transactions should be frictionless, so the user never has to see it.

[TazeTSchnitzel]

3DSecure can be implemented well, but most banks are not known for their slick online banking experiences sadly.

[ummonk]

Anecdotally, it feels like credit card cash back rewards have gone up a bit over time. 2% cash back was not normal until several years ago.

I'd guess that market competition would drive up rewards as new entrants pass back more of the savings to consumers.

[chrsstrm]

Those "rewards" aren't savings on fees, passed on to the customer, they are increased fees that are absorbed by merchants. Rewards cards carry higher fees the same way corporate cards have higher fees and the same way Amex in general has higher fees. Larger merchants can have a consistent effective rate on processing fees if their business has a good mix of non-rewards and debit cards (lower rates) in their transactions, but many smaller merchants take a bath on fees if too many of their customers use rewards cards. You'll also see many smaller merchants decline to take an Amex because it simply costs them too much. Your 2% on groceries or 3% cash back on gas doesn't materialize out of thin air and it sure as hell isn't coming out of the processor's or issuing bank's pockets, it is being paid for by the merchants you shop at.

[z3t4]

Prices will only go down if competitors also lower their margins. In a competitive market new competitors will enter if margins are high.