New dark pattern just dropped – PayPal payments goes through immediately
Paypal payments goes through immediately and the redirect page is just the "order successful" page instead of the way it used to be (even a couple months ago) where paypal would just authorize the payment and on the redirect back to the website would be the "submit order" or "complete order" button to finish.
19 comments
[ 4.3 ms ] story [ 55.3 ms ] threadIt is a bit of a dark pattern since it's one less opportunity for you to back out, but I don't think PayPal is to blame.
more likly some pm somewhere wanted to "reduce purchase friction".
What would the scenario be where you would use PayPal rather than just purchasing something?
I remember in the 2000's we had to use PayPal because of eBay but since that hasn't been a thing for a long time I not sure why anyone would use it. I can only assume that the US has a slightly different rule with regards to their banking that means that some people can't use their card to make a payment?
Or do you have merchants that only accept payments via PayPal?
TIL PayPal offered a BNPL option, although it is apparently 3 rather than 4 here.
> Another reason might be encapsulating your payment info?
Do CNP transactions not require you to authorise via a second factor in the US? I know that if I buy anything online any debit or credit card would require me to access the bank app to authenticate the transaction to prevent fraud. Encapsulation would reduce the security since I'm relying on PayPal to do this, at best they would match the existing bank verification.
Do we even need to ask this question when cards there are still using signature-only verification (or even sometimes not even asking for signature nor PIN)?
In all seriousness, they're dragging their feet in implementing 3DS2, do not have a rule like PSD2, and from time to time will even accept cards with nearly everything wrong except for card number and expiration. Even Stripe literally has an article titled "Charge succeeded despite CVC or ZIP check mismatch" (https://support.stripe.com/questions/charge-succeeded-despit...) for merchants in other countries because that's how lax US banks are.
Although last time I was in the US I was told by stores that they didn't support contactless payments. I tapped anyway and it went through, after they tried to grab my card out of my hand to swipe it.
Yeah, that's not going to work. Swiping is disabled except on a case by case basis, and grabbing my card out of my hard isn't going to get my custom.
I'm gonna guess since that I don't know the full details, but some merchants' POS and payment terminal are not connected. The swiping is intended for the POS machine to retrieve the card details (like your name and the last 4 digits of your card*) to be printed on your receipt. Good luck on them in the near future when a tourist pays with an European-issued card (which in 2025 will allow banks in Europe to issue cards without the magstripe at all).
* For purposes outside of direct payment processing (like recordkeeping), PCI standards only allow the first six digits (which was the Bank Identification Number/Institution Identification Number, but now BIN/IIN are now at least eight digits long) and the last four digits of PAN (primary account number, formal name of that 16ish-digit card number) while US federal law only allow to store the last five digits of PAN. This results in US merchants (in theory) only storing the last four digits of the PAN.
It is safer because I only give the merchant my PayPal account address. I don't need to put any credit cards on file at every merchant. When I go to checkout, I authenticate with PayPal, and they process the payment on my behalf with very little friction. Usually, with PayPal on file, I don't even need to authenticate again.
It's more convenient, because when I configure the PayPal method, I can tell PayPal which backend to use, and I can keep it or switch it on every checkout. No additional configuration for my merchant.
PayPal also tracks and consolidates my recurring payments in the dashboard. I can easily see, at a glance, who is charging me next month or next year, and one button to cancel.
While it's not a bank, and caveats apply, PayPal has matured into a full-featured financial services company, so payment processing is only the beginning.
in almost all countries you're not liable for transactions on a credit card made without your authorisation
You seem to be saying that being the victim of fraud is OK as long as it's not my fault. I'd rather not be the victim of fraud at all. Do you see how that works?
If I were mugged and beat up on the street, but I got all my cash and ID back and a new replacement phone, would you say that was as good as avoiding the mugging entirely?
I said nothing of the sort
credit card companies want you to use your card without you having a first thought (let alone a second one)
this is one of the main selling points of their product
they don't want you to have to wrap their product in another company's product to make it usable
> If I were mugged and beat up on the street, but I got all my cash and ID back and a new replacement phone, would you say that was as good as avoiding the mugging entirely?
a credit card has strong legal force behind it (because it's not your money)
debit card+paypal has significantly weaker legal protection, at least in the UK (where paypal aren't even a bank)
in case of a dispute I'd rather have the backing of the law rather than being at the mercy of paypal's customer service department
Last time one of my cards was compromised it was hours in the phone getting the fraud case opened then the better part of a day going through and updating everything I could identify that was relying on that card. That handled the monthly stuff but I still occasionally find out what yearly charge has failed when the account/service gets shut down.
The compromised card was cancelled immediately but it took weeks for the new card to get here, which means either I had to transfer everything to a different card which was _supposed_ to be a “never use this” backup card. So now I either go back and spend a day transferring everything back to the original card (but still with the risk that some merchant will have now leaked my backup card…) or, I don’t know, go sign up for another card.
Oh, and I very nearly didn’t actually get the charges reversed because apparently that institution only accepts fraud disputes up to something like “date statement was issued + 14 days”.
“Yeah I don’t try and avoid car accidents, insurance will cover it!”
It’s nice that that’s there as a fallback, but it’s certainly something I’ll try and avoid where I can. Using a more trustworthy intermediary when I’m ordering from random tiny merchants is a really easy and low impact way to reduce my risk and hassle here.
but we're talking about paypal here
I also had a decent chargeback experience, long long ago; I think it was about 17 years ago. It was just an independent band selling tee shirts, and I ordered one, and then they said whoops, we've got none in your size, sorry. But no refund from them, so I pursued it via PayPal, and the situation was easily resolved. Obviously, there was no repeat business for that vendor.
Those same merchants will allow my orders when the only change is that I pay with PayPal rather than my credit card.