If the flagged transactions were immediately rejected it would obviate the need for excuses. What benefit do they get from putting the transaction in limbo for days before they notify the user?
If you give users immediate feedback as to which transactions hit your fraud screen, this allows fraudsters to black box reverse engineer your fraud detection algorithms much, much faster. You very much don't want to do this if you're a financial services business, because if your primary anti-fraud mechanism is an automated system and fraudsters discover the rules to it, you will probably learn about that first when you wake up, run an accounting report, and discover you lost $8 million overnight.
I don't think the average HN user appreciates the risk environment payments companies work in. Imagine if a criminal gang organized enough to have a payroll had ten copies of people who were every bit as good at app security / financial risk management as e.g. Thomas, with two of them whose only marching orders were "Probe payments sites every day, quietly, and tell the team when you find one which is weaker than it could be. We will then conduct several months of quiet R&D on a software product which is more elaborate than that shipped by most YC startups. Our 'launch' will be deployment of that software product against our adversaries at the payments company, and it will blitz them so fast that by the time anyone thinks to pull the plug we'll be millionaires. Then we'll celebrate our good fortune until we do it again next week, to them or another company as circumstances dictate."
(Risk management, which a lot of startups need, is a high-leverage and very fun environment to work in. At present a lot of companies, large and small, custom build systems out of bubblegum and duct tape. If you get good at this you'll have a very rewarding career ahead of you, for many definitions of the word rewarding. I used to want to go into it but got sidetracked by the unexpectedly high amounts of leverage you can get using software to sell software.)
I had that immediate rejection too. A few days ago when they launched instance buy, I was qualified to buy 1 per week. I did it, not only it immediately reduced my quote of buy by 1, but it immediately got cancelled due to high risk. So, there is something to say about this.
I don't think the average HN user appreciates the risk environment payments companies work in. Imagine if a criminal gang organized enough to have a payroll had ten copies of people who were every bit as good at app security / financial risk management as e.g. Thomas, with two of them whose only marching orders were "Probe payments sites every day, quietly, and tell the team when you find one which is weaker than it could be. We will then conduct several months of quiet R&D on a software product which is more elaborate than that shipped by most YC startups. Our 'launch' will be deployment of that software product against our adversaries at the payments company, and it will blitz them so fast that by the time anyone thinks to pull the plug we'll be millionaires. Then we'll celebrate our good fortune until we do it again next week, to them or another company as circumstances dictate."
(Risk management, which a lot of startups need, is a high-leverage and very fun environment to work in. At present a lot of companies, large and small, custom build systems out of bubblegum and duct tape. If you get good at this you'll have a very rewarding career ahead of you, for many definitions of the word rewarding. I used to want to go into it but got sidetracked by the unexpectedly high amounts of leverage you can get using software to sell software.)