[dylan604]

I can some what sympathize with part of what it sounds like here getting crushed by people committing credit card fraud. I had a small little company online in the early day's of the interweb's online payments. We had a very niche retail site, and for a few months we were increasing sales month-to-month. We'd get sales, the merchant company would approve them, and we'd ship out the product. Right up until the point where we got hit with enough fraudulent sales in what had to have been a coordinated effort that it killed us. The card numbers used were stolen, and we got hit with a massive amount of charge backs. Except, now we're out the inventory and no money to restock. It was the end of the retail side of us. To this day, I still have some sort of PTSD from that experience. I have a new site being worked on integrating with a popular modern card processing company. I am terrified to let the site go live and get hit with fraudulent charges again. I am on the fence of not even allowing for sales through the website.

[nrp]

We’ve had good experience using Stripe with extremely aggressive Stripe Radar settings, and using a manual review queue to avoid false positives. We also don’t enable payment methods that automatically accept disputes (e.g. SEPA Direct Debit).

[dylan604]

Stripe is who I'm playing with now, but I just do not like having to include their JS library on every page just to use their fraud detection.

[bpicolo]

The signals they get from you including that library are a big part of what makes the fraud detection effective

[dylan604]

It doesn't mean I have to like it. There's a lot of things in the "include our JS file, and get X benefit" in the world that I don't like. I don't have the time nor the desire to attempt to reverse all of the data that is being sent back to the mothership for some "benefit". I take pride in knowing that I'm not collecting data about my users to be stored for later use. I can't say that when I include 3rd party libraries.

[sneak]

If only there were some good and fast internet payment mechanism without middlemen or gatekeepers, where the person getting paid could be immediately 100% sure that they were in possession of the money.

Maybe someone will invent it one day.

[vanviegen]

In the Netherlands we have such a system called iDEAL. People use the app/site from their own bank to authorize the payment and the money arrives on the receiver's bank account instantly and irrevocably (without a judge stepping in). It's also very cheap (like 25 cents fixed).

Merchant fraud doesn't appear to be a big problem. Probably because the merchant requires a Dutch bank account, which requires a lot of identifying paperwork

It's pretty awesome.

Many other European companies have a similar system, and I believe there are plans to join them into one system. Let's hope the credit card lobbyist don't manage to mess it up.

[sneak]

I’m not knocking it for Dutch people, but the internet needs a trustworthy global payments system that works for more than the 20 million in .nl.

It also sucks that you have to provide strong identity to the payer or payee, sending or receiving payments should not require disclosing identity. That’s a bug, not a feature.

[mcherm]

> It also sucks that you have to provide strong identity to the payer or payee, [...] That’s a bug, not a feature.

No, it is a feature, just not a feature for the customer. It's also not a feature for the bank or fintech. The strict identity requirements are a feature for the GOVERNMENT, and if you want to avoid them you probably need to start your own government (which is notoriously difficult).

[DonHopkins]

Your need to buy illegal drugs and launder money anonymously and perpetrate fraudulent rug pulls and shill get-rich-quick pyramid schemes should not trump the needs of most other people who simply require a fast, reliable way to make legal secure business transactions without fees and middlemen. Anyway, the Netherlands and rest of the world already has a fully functioning illegal drug trading and money laundering network, without any need for your cryptocurrency bullshit: that's just a solution looking for problems, which it turns out were solved much better, a long time ago.

[semi]

you're making a lot of assumptions in bad faith. why?

Maybe they just don't want all of their personal information to be stored in yet another database waiting to be leaked.

[DonHopkins]

The blockchain is a public database that's leaked by definition.

Maybe they shouldn't spend their time evangelizing and shilling cryptocurrencies online just because their own financial security depends on tricking as many new suckers as possible into investing all of their money into the same get-rich-quick pyramid schemes they put their own money into, so they can pump and dump and pull the rug on them the way somebody else did to them.

[autoexec]

I still hope for some solution to the problem that doesn't depend on imaginary internet money the value of which fluctuates wildly by the minute. We can keep using cash for anonymous transactions, but there are so many limitations to cash transactions that money transfers via internet don't have.

[kolinko]

Hear hear. We have the same thing in Poland.

[CJefferson]

The problem is that would have the opposite problem, that purchases made with stolen cards were 100% unrecoverable. While im sure we can improve things, the fact that the current system favors individual people, rather than businesses, is intentional, not an accident.

[kolinko]

Having a 2FA for credit card / wire transfer payments solves this issue and it's a de facto standard now in many European countries.

[happymellon]

How are people using stolen cards?

Do your banks not have 2 factor enabled?

Using the card not present should require a second factor, Visa Secure type of thing and in person should require your pin for non-frivolous amounts.

[dylan604]

In the late '90s when it happened to me, this wasn't even invented yet. In the US today, 2nd-factor is not widely used at all. Not once I have I been challenged by a 2nd-factor, and if I were to be, I'd have no idea what to do with it.

[happymellon]

If you were purchasing online then it will tell you to refer to your banking app. If it's in perso , them asking for a pin is pretty straightforward.

So who is pushing back against this? The networks already have it in place everywhere else, and since it's part of the transaction process there isn't a lot for stores or websites to do.

[zdragnar]

In the US, entering a PIN at the terminal is only prompted for debit cards, not credit, and even then you can usually opt to run the debit card as if it were a credit card and just scribble a fake signature.

[happymellon]

But that's a low hurdle to resolve.

The Fed should be able to phase in requirements. They've had decades so far.

[Dylan16807]

I assume you're implying some kind of cryptocurrency, but it's impractical to use those without middlemen and you forgot to say "without huge fees".

Also instant 100% certainty is a bit too much in the face of fraud.

[sneak]

> but it's impractical to use those without middlemen and you forgot to say "without huge fees".

It seems your information is quite a bit out of date. These hasn’t been true for a long time.

[Dylan16807]

I didn't say that the huge fees are unavoidable, but they're the norm.

And okay, tell me about how I get some cryptocurrency in a practical way without big middlemen.

[sneak]

The lightning network works great, as does Ethereum.

The incumbents successfully lobbied to get easy on-ramps to this competing system regulated basically out of existence. It’s a tragic story.

[camgunz]

You can't really use lightning/Ethereum without using an exchange (a big middleman) to convert your fiat to BTC/ETH, because doing it without KYC etc. is money laundering. I don't really think this is incumbents lobbying, I think it's law enforcement saying, "the way we track organized crime is through money, so you can't do this". Crypto advocates know this, because a big selling point they always bring up is "spend money freely without regulation", which phrased another way is "buy/sell things your government doesn't want you to" which is the definition of organized crime--the only difference here is scale.

[DonHopkins]

Yeah, I'm sure that's how SBF feels too, but now he's in jail where he belongs. But that's just good government regulation and law enforcement working the way they're supposed to, and I wouldn't exactly call his lobbying "successful". It's SUPPOSED to feel tragic for the people who tried to do it, and got caught.

[crosa]

In Brazil the central bank has such system for free, it's called PIX and is so good and simple to use that some fintechs lost a good chunk of their market share. You only need your National ID or an email. It became even an expression "send me a pix"