Reduced fraud does have benefits to merchants either way by (a) less income lost in chargeback fees, and (b) time saved not having to fight chargebacks.
There's more to that. Anti-fraud mechanisms that require additional action on user's side, lower the conversion rate.
For example 3DSecure mechanism redirects customer to another site where user has to put a number received in a text message. My phone is in another room upstairs. I cancel the payment and tell myself I'll do it later. Of course I might do it, but I might forget about it or change my mind.
Another example: (in Europe) from time to time, when making a transfer/payment, I have to generate an OTP using a physical device that I received from my bank. I find it extremely irritating, and I don't take this device with me everywhere, so if I'm making a payment and I'm expected to use this device, I cancel the payment.
I've worked in a place where we introduced 3DSecure mechanism for our payments, and in certain countries it dropped conversion rate while in others (where people are used to such mechanisms) it remained the same
The implementations of 3DSecure I've seen were so terrible that I'm not surprised there is a drop in conversion rates. I would consider the user interface and the massive breakage as actively user-hostile. The redirects, terrible UI with blurry crappy bank logos, ugly dialog, and then I have to copy the code from my phone. And incidentally, SMS is a particularly bad method of authentication.
Yeah 3dsecure is a pretty big hit to conversion rates.
It kind of stinks being a vendor. Stripe charges extra for certain security pre-cautions but it doesn't do a great job at protecting against fraud on its own, where as 3dsecure does do a great job but it kills conversion rates since it's something a consumer will see.
In the end, it's the seller that ends up having to pay the price. Either through fees for disputes (which are very expensive, it's $15 per dispute) or having to pay for extra passive services, or lowering conversion rates with 3dsecure or requesting a ton of info to help reduce fraud (full address, etc.) for a digital product that won't be shipped anywhere. That raises suspicion from the consumer and it's a lot more fields to fill out -- plus it's not a sure fire way to prevent fraud.
For example 3DSecure mechanism redirects customer to another site where user has to put a number received in a text message. My phone is in another room upstairs. I cancel the payment and tell myself I'll do it later. Of course I might do it, but I might forget about it or change my mind.
Another example: (in Europe) from time to time, when making a transfer/payment, I have to generate an OTP using a physical device that I received from my bank. I find it extremely irritating, and I don't take this device with me everywhere, so if I'm making a payment and I'm expected to use this device, I cancel the payment.
I've worked in a place where we introduced 3DSecure mechanism for our payments, and in certain countries it dropped conversion rate while in others (where people are used to such mechanisms) it remained the same