Ask HN: Do we need to pay billions in fees to Stripe, Block, PayPal and Visa/MC?
In total these companies have profit in double digit billions! That's all coming from inefficiency and lack of real competition? is it totally necessary? does anyone think it possible to rival them in a decade with enough funding?
375 comments
[ 2.7 ms ] story [ 316 ms ] thread> If you think building a Stripe or Visa replacement is easy, go ahead and try.
The use of easy here dismisses the Q's premise of a well funded decade.
> go build your own "real competition" if you think its that easy.
Another dismissive comment. What inspires these? The Q proposes a significant timetable and suggests adequate funding. I'd agree it's open ended but it sounds like the OP is inviting education on the topic.
Plus the exchange fees for Bitcoin is way higher than what regular payments processors charge.
The problem I have with it, is that the technology is inefficient at solving the problem as compared to a central authority issuing currency. Something using e.g. blind signatures sounds really cool but the tech was ahead of its time (paper stems from 1983) and by now it doesn't sound cool and new anymore. Example implementation: https://en.m.wikipedia.org/wiki/Ecash
But that's not at all why the person you're responding to criticized it!
Common misconception. You basically need currencies tied to countries (more precisely, OCAs or optimal currency areas, characterised by either 1. homogeneity with respect to external shocks (not the case e.g. within Europe), 2. complete factor mobility (not the case e.g. within Europe), or 3. transfer payments (that is, fiscal support)).
In other words: If there were one currency (only), even with the stability of entire countries behind it, it would still fluctuate too much to be very useful. Or, to put it different again: You need FX. One currency is not enough.
Better to use USDC on Base or Ethereum instead. or maybe USDT on Tron like many people around the world do.
Sorry if that sounds unnecessarily harsh. It’s not directed at you, parent commenter. I agree that this is the exact use case crypto was meant to solve. I just think it’s a tragedy how Blockstream and co have crippled bitcoin and its development.
"Visa, Mastercard, Discover, and AmEx also form the PCI Security Standards Council (SSC) alongside Japan’s JCB International. The PCI SSC acts as an authority in the payments industry, regulating and enforcing the PCI Data Security Standard (DSS) to protect cardholder information. The rules set by this consortium are not guidelines, but the ground-rules participants must abide by in order to participate in card-payments."
Highlighting because it's important. We recently got a totally free and open payments system, probably hundreds of them in fact, and they're a disaster. All the inequity and risk that any money system inherently possesses, with zero protections for anyone involved and zero recourse if you're robbed blind, unless of course you're wealthy in which case the people actually in charge who insist they aren't in charge will write a whole bunch more code to give you you're money back even though that's not how this works for anyone else. And that's not even getting into the fact that every seven transactions used as much electricity as Visa uses per minute to handle hundreds of thousands.
Man. That whole turn-of-the-2020s, peak-COVID period seems like such a collective fever dream in retrospect.
And I mean, I'd agree if there weren't still a substantial community of people swearing up and down that it was the future, despite all evidence to the contrary.
PayPal provided a way to pay people and vendors without giving away your credit card number.
Square made it easy to accept payment in person on a phone, without an extensive upfront underwriting experience and without expensive fixed monthly fees.
Stripe did the same as Square, but for accepting online payments.
Fraud and Risk come in many forms, and these providers, even with their UX innovations, sit on top of those same rails to reduce fraud. Without those rails, buyers can’t trust sellers and sellers can’t trust buyers.
In my opinion, you need to find a way to solve that problem before you can eliminate the fees being captured by these providers.
And failing the elimination of those issues there will always be some fees. New vendors can pop in and push the fee structure down if they can run a more efficient operation.
For a 3% discount, would customers agree to use something that worked just like cash, where the transfer was instant and couldn't be undone? Then you don't have to worry about fraud, chargebacks, etc.
It is fantasy to think they'd get a 3% discount. The goods in stores that take only cash do not tend to be cheaper than those that do.
They know what people are willing to pay and will charge the price. If they see people are willing to pay $99 with a credit card, then they'll be willing to pay that with cash.
In NYC they most definitely do. A lot of the corner stores will change you less with cash. I'm not sure it is a the card payment or that they are keeping the sale off the books, but something that might cost me $18.50, I'll pay $18 for.
The reality is except for a few of the really major cities those types of stores are usually more expensive than their larger counterparts in virtually all other cities in the US.
In my city I'm not going to get cheaper groceries by going to the smaller stores. They are more expensive regardless of whether they support credit cards or not. They may be superior and certain other aspects but price is not one of them.
My guess is the opposite may be true only in places where owning a car is expensive or inconvenient.
Everyone pays their own credit card fee as a line item on the receipt, merchants are required to print it on the receipt. If customers actually had to pay their own fee's on each swipe you'd see a lot less people reaching for the Platinum card and instead for the no frills local bank credit card. You'd also see immense downward market pressure on swipe fees as now card issuers have to compete against each other.
The reason merchants might not pass it all to you if that they get a lot more sales volume when they support credit cards, so they can still be more profitable while paying for some of those fees.
I know I'm going to get hated for saying this, but the businesses that charge extra for credit card use under $10 are trying to extract as much out of you - they're aiming to get the best of both worlds. The price of their goods are still such that they're assuming you'll pay with a card.
At the end of the day a business has several costs. Rent, cost of shipping, utilities, etc. When these go up so do the costs of goods. Credit card fees are no different in that regard. If they hated it that much they wouldn't support credit card payments. They do support it because then know it'll bring in more revenue than without - and will easily pay for itself and more.
Some cards cost merchants much more than others, but they are contractually forbidden from differentiating their prices based on that. It's anticompetitive. Lots of "buy now pay later" schemes work similarly, when afterpay was (or is) a big thing they charge 7% and forbid the merchant from including that cost in their prices.
If the consumer had to bear the cost of their payment choice, no problem, but the reality is consumers with low fee payments are paying slightly more than they should for everything and those with high fee payments pay less than they should for everything.
I didn't see this anywhere else though. It probably made sense for computer shops because most transactions one would do there would be sporadic, big, and planned.
(Since then, the Mastercard/Visa fees went down to 0.2-0.3% due to EU rules, so probably those discounts are less popular now).
In the US offering different prices when paying by cash vs card was a violation of the agreement with Visa, as is putting a minimum price threshold for card usage.
It's still fairly widespread though, and occasionally makes the news. Might explain why you didn't see it often.
In the US, not only does Visa now allow cash discounts and minimum price thresholds up to US$10, but they also allow, in most states, credit card surcharges (sometimes subject to specific state-law legal requirements).
Visa still officially disallows minimum price thresholds outside the US and certain related territories like Guam, and credit card surcharges outside the US - but I nevertheless see them plenty often here in Germany in small shops. I think the permission to offer cash discounts is global.
Yes, being able to illegally evade taxes is an easy way for businesses to lower prices slightly.
I'm not sure subjecting everyone to poorly regulated (even in the EU it's fair from ideal) monopolies/oligopolies that are legally entitled to literally tax every single transaction in the economy (in addition to the complete loss anonymity and all the implications of that) is not a too high price to pay for some reduction in tax fraud...
In many jurisdictions, cash payments can allow the retailer to avoid on-paying sales tax or VAT, as well as mark stock shrinkage as a loss for their own tax purposes.
Countering this would require very careful auditing of electronic toll records and paper receipt processes, which are in most cases trivial to evade if well-prepared.
And you can’t always be sure that the shrinkage - without the cash - is reported to the manager of the retailer by the person on the till, especially if an unofficial handwritten receipt is provided by the cashier.
I recall seeing a situation involving a very large champagne purchase on New Year’s Eve in cash for 25% off and a “till receipt problem”.
Obviously any electronic payment system needs to be secure internally but society lasted a long time and made fine progress when having your wallet stolen meant losing your money.
It would be fine to require a person to charge their debit card with a finite amount rather than have it be funded up to the limit of the supporting account and that would solve the last problem compared to cash.
The key difference from cash, in the US, is the ability to abuse cards at a later date without the physical card. For someone to steal your wallet, they have to be colocated with you and can only steal as much as you're walking around with.
As long as debit cards have a magnetic stripe and have their full number printed on them, and that information is useful, this problem remains.
Which the EEA/UK has also (partially) solved by enforcing Strong Customer Authentication (SCA) that mandates that (most) transactions require MFA.
It's not a difficult technological problem to solve. A card's chip should be able to guarantee that the card is physically present for any transaction.
Obviously online payments would pose a problem, people would need to either own USB card chip readers or banks would need to do something new and special.
The physical card can communicate via NFC, and there's a smartphone app you can use with it. For PCs, you can buy some fancy NFC interface if you want, but you can also have your phone act as a reader, the PC connects to it over the local network.
Maybe something similiar could work for banking cards. They all have NFC anyways.
On the other hand, you might as well just have an app that is registered with the bank on your computer/phone (like how it works for smartphone NFC payments) and skip the card.
An older example was getting transaction authorisation numbers. You would either get a long indexed list on paper, or you could receive then over the phone (voice or text). This was then mostly replaced (about 10 years ago) with hardware (H/T)OTP type tokens that required your card to be inserted in the token and PIN authenticated. Later on that too was replaced by a cardless version, and that one then was replaced (for consumers) with mobile apps.
The combination of minimum software versions, online authentication, transaction limits, daily limits, and time-locked temporary limit increases (so you can buy a car with your phone, but you have to up the limit a couple of hours ahead of time for it to take effect) make it pretty safe with acceptable risk for the bank. And then there's of course the standard fraud detection and prevention departments, so if you do something unusual that also involves a lot of money, you're likely going to get a call.
For business use, there are other systems, generally two types like EU-wide smartcards or bank-specific smartcards that can be used to authenticate and authorise. You'd use an USB or NFC connected method for that. Sometimes that involves entering a PIN on the device itself before the computer can talk to it, but that does make the OTP exchange very fast. You'd still have limits or multiparty authorisation setup in your organisation so you don't end up with one person just moving a couple of 100K around on their own.
And then there's some overlapping systems, apparently this one is going EU-wide: hhttps://en.wikipedia.org/wiki/EIDAS and apparently some implementations include useful things: https://www.idin.nl/en/businesses/ like age confirmation where the business doesn't need to know who, what or where you are just if you're of age (and not even a specific age). Granted, nothing is perfect, but it's a whole lot better than finding some S3 bucket somewhere with JPEGs of ID cards. As long as they don't do dumb stuff like trying to MITM TLS, it's progress. The overlap is in the concept where you can use some electronic means to prove who you are to get something done.
When adding a card to a taxi app for example I get SCA prompt for a zero amount, but then they can charge me for any amount without subsequent SCA flows.
Presumably those subsequent transactions wouldn’t have a liability shift to the issuer but it still means that they can at least temporarily steal all your money until your chargeback claim goes through.
The whole concept of “card number” is rotten. What’s needed is an oAuth2-type system where every payment needs to redirect to the bank (actual redirect, no stupid hacky iframe like SCA/3DSecure is) and where you can see the merchant and set the max amount (and whether one-off or recurring) and the bank records that and keeps a list of authorized merchants so you can revoke them at any time. The merchant then must use this token to pull money, and can't pull more than what the token allows - just like your usual oAuth2 scopes.
What I suspect is that the "mandatory" bit is by law (and the law has flexibility, which covers this taxi app scenario) but there is no technical solution to make it mandatory, thus a non-compliant merchant can still drain your account until your chargeback claim goes through.
https://www.checkout.com/blog/exemptions-to-sca
> If you attempt an exemption and the bank returns a decline code indicating that the payment failed due to missing authentication, you’ll have to reattempt the payment with your customer but this time utilizing SCA.
Fraud is an industrial level enterprise. You absolutely need fraud detection if you're accepting payment that isn't cash.
And there fees are 1/10 of that of credit cards, as a result of giving up these benefits.
So it's not that I get 3% off by not supporting chargebacks, but whether I want to have a dollar under a payment system that supports someone emptying me out without recourse.... and the answer is often no.
Well, not until you get hacked.
We might be happy with instant, no-undo transactions until our device gets hacked and our bank account with many thousands of dollars gets drained, through no fault of our own.
Then suddenly, complex fraud detection and transaction reversals seems like an awfully good idea.
Because the issue here isn't about chargebacks where you genuinely made the transaction but the business failed to deliver, and maybe you lose a couple hundred dollars. The issue here is about when you never authorized transactions at all, and you lose all your savings.
One of the most fundamental basics of trading has always been trust.
If you have an unprotected vector fraudsters will find and exploit it. They're literally paid to do so.
I've seen fraudsters that are ridiculously persistent to make $2,000 in a year. But they just keep poking at it at a certain point you're able to ramp that up to $80,000 in a month I know they're good it was completely worth it to him for several years.
How I've seen people spend hundreds of hours to generate a few hundred dollars worth of in-game currency or on-site reward points.
With 99% of my transactions I don’t care one bit about the ability to do chargebacks.
I just went grocery shopping. VISA was involved and took a few percent. Why??
I got my groceries. I’m not going to do a chargeback because the salad was bad.
Earlier, I bought something on Amazon. Again, VISA took a share. Why? In 15 years of shipping with Amazon they have always hinteres my returns.
Edit: Tap pay is ubiquitous in the EU
Hopefully that contract ends soon, because wow did they shoot themselves in the foot on that one.
It would be suicide for a shop not to take it, I know many people that don't carry their bank card at all. Only their phone for Apple pay.
EDIT: I see the general problem of origination fraud. But that can be mitigated by imposing limits and requiring extra levels of authentication for bigger payments.
It's fine if you say, yeah I can do without #2, but realistically you cannot do without #1 in any digital payment scheme that will have wide acceptance so a chargeback mechanism is required.
The only settlement methods we have that do without both protections are cash, cashiers checks, and wires. Setting aside cash the other two are a pain in the ass to originate exactly because they are non reversible.
Fraud is already a big business, with the current security levels. With worse security? Fraud goes up some more.
A modern payment system would require at least touch/Face ID on every transaction.
Higher amounts would require 2FA, pre-authorization, delays, cool-downs etc.
Which are exactly the kinds of things credit cards do, but it can't be perfect so they still suffer losses, so they still have to charge a percentage.
(Of course a lot of the percentage can go to rewards programs, so we're talking about the percentage once those are accounted for.)
However there are both historical and convenience reasons at play here. It was a big transition to move to chips, for example.
So your assertion that they're not making an effort at fraud prevention is just completely untrue.
Because you paid with a VISA card instead of paying by cash. Hint: it says Visa on the card.
Are you saying we should somehow all go back to cash and also use cash online?
As for why you involved them, that is the actual issue at hand, because it's a choice, not something that was forced upon you. But the choice isn't the first one that comes to mind; the choice was between protecting consumers or protecting corporations. And in the US, corporations are better protected than consumers. To level that protection, you (a consumer) have to involve someone else (a corporation) to gain any practical protection.
If that method of protection wasn't needed, you'd be paying using a cheaper (or free) method where you'd be protected differently (i.e. not based on the money going from A to B, but based on the fact that you are a consumer and should thus be protected).
You could also go back to the first choice that might come to mind: protection. If you are not in a society that protects consumers directly, but you also don't want to pay a corporate provider for that protection, you could opt to forgo that protection.
And I think this means there is opportunity for disruption.
If they don't trust you enough to give you credit without a guarantor like Visa or Mastercard, then I don't think there is any way for you to force them.
There are businesses who let you purchase stuff online by bank wire.
Visa or MC could do the same, without additional parties. But no.
Can you elaborate? (Am new to the topic, so your perspective would be appreciated).
For example, transfers between accounts are instantaneous, not 2-5 days for ACH (Wire transfers are same-day, but expensive).
Electronic menus/payments in cafes are default for at least 3 years now (US has toasttab.com but it's far from being default).
If you have a small business account, taxes are paid in one click (app shows you tax to be paid with Confirm button).
PS: These features are available in many other countries besides Ukraine, of course. Only in government id/functions Ukraine excels (#2 in the world, after Estonia only).
And if I want to write a petition in this case, I log into the web portal, write it down, click send and blink into the app twice to Electronically sign it.
Which produces your normal CMS ( pkcs#7 ) signature on a pdf file.
It’s also not a special court app for a specific locality, but a nation wide government app.
Wr also don’t write damn cheques and never did, as it’s bullshit. You want to somebody —- you get their card number, open the bank app and tap send.
That's certainly an interesting use case. And yes, difficult to see being pulled off anywhere in the US, the way it tumbles along with such things.
Re: paper checks: they're far from bullshit -- being time-tested, perfectly easy to use, and best of all, not requiring a device of any kind. Provided, as concerns ease of use, one has spent enough time in an environment where their use is ubiquitous. So I can certainly see they might appear as a nuisance or just weird at first, for the rest of the world).
The main downside of iDeal for consumers is that it's irreversible. If you pay and then never receive the product, you can't get your money back. While PayPal and credit cards do offer that extra protection to consumers.
So iDeal is really only good for the merchants due to the very low transaction costs.
Most merchants have a BLIK button... you click it, enter a 6 digit code created on your banking app. Purchase complete. Takes a few seconds. No card numbers, CCV etc..
You could eliminate a lot of the fraud by moving off a mostly-static identifier to merchant, amount and time-limited tokens the user generates with their bank (or the merchant redirects them there). This would address a lot of the issues - the tokens are useless when leaked (as they only work against the merchant's own account) and can't be misused even by the merchant to go beyond the agreed amount or time limit.
This means with such a system you’d immediately eliminate a whole category of fraud, with the only thing remaining being merchant-level disputes like goods not as described/etc, which can easily be made optional and the user can choose to opt-in for the extra fee. Then you would actually have a good case for lower/no mandatory fees at all.
One problem you need to keep in mind is that fraud mitigation is a big industry in an of itself (some of it is real, some complete snake oil but relies on the underlying problem being real to sell itself) and wouldn't be in favor of a system that is inherently immune to (at least some types of) fraud.
You'll still get a lot of chargebacks by the way. With a lot of ecomm I've been involved with the fraud you are talking about is actually a small part of chargeback volume. Most is unhappy or demanding customers, or another type of low level fraud, claiming goods didn't arrive despite a photo of the person literally accepting them from the delivery company. This is absolutely rampant in b2c with smaller merchants (I am aware you mentioned this but not sure if you are aware of the scale of it).
This would open the door to cheap or even completely fee-free transactions if the user doesn't want to opt-in to additional protection, which they reasonably may not want when the stakes are low enough (you weren't gonna chargeback a lunch anyway).
But for this to be viable, the risk of unauthorized transactions/origination fraud needs to be eliminated completely at a technical level, something I believe an oAuth-style system would do, and currently none of the many of hacks on top of the legacy system address. Otherwise, you'd still need to take some fees to refund unauthorized transactions, separate of customer-merchant conflicts.
It already works like that here (eu) for debit cards (which most people have; very few have credit cards although they don't know the difference). Double charges from taxi drivers is not possible as it's tapping or dipping your card and you are there for that (we are assuming some system that prevents someone stealing your card like biometrics or whatnot); products not as delivered is responsibility for the seller to refund/replace and in other cases you go through a process of mediation. I had it once in my life, which is now 50 years. It sounds like Americans willy-nilly chargeback whatever because they can (fries were not hot or cold enough): seems not very good for the fees. Most people who travel have creditcards here and the most ones I know have no idea they can chargeback or ever needed it.
You'd be surprised - at least in the public transit context with iOS Express Mode, double Apple Pay taps by transit systems have absolutely been recorded plenty of times. I admit I haven't heard about this in the taxi situation, but unless the technical problem is specific to Express Mode and not general to tap-to-pay, I don't know why it wouldn't ever happen.
> products not as delivered is responsibility for the seller to refund/replace and in other cases you go through a process of mediation.
This assumes the seller is willing to do their job or go through the process of mediation, and/or that the buyer has sufficient legal insurance or available cash to cover the up-front cost of lawyers plus any related expenses plus the possible attorney's fees of the other side if the court decides against them.
Even in the EU, this is far from always true, especially for low-price purchases or when dealing with foreign online merchants who are more likely to ignore EU lawsuits or mediation attempts than to cooperate.
Of course, trying to resolve things with the seller is always the right first step, and that's the usual approach even in the US. It's just great to be able to have the leverage of the chargeback option as extra incentive for the merchant to be reasonable. (By the way - the chargeback right is not unconditional even when the reason claimed is one of the allowed reasons. The merchant can dispute it and can sometimes win depending on the circumstances, the evidence, and the bank.)
> It sounds like Americans willy-nilly chargeback whatever because they can (fries were not hot or cold enough)
To be honest, no, the idea that chargebacks are something Americans rush to do is a stereotype and not true. They're pretty rare when neither the buyer nor the seller is doing something shady, but having the option to charge back is pretty important in order to make US single-factor (no-pin / no app-based verification / no meaningful signature verification) credit cards secure enough for customers to rely on, especially for online purchases from random small merchants who can't be relied upon.
And "fries were not hot or cold enough" would pretty much never be a valid reason for a chargeback, since usually a specific temperature isn't promised before purchase.
> seems not very good for the fees
It definitely affects the fees, but honestly, a bigger impact is that the US does not cap what fees credit card issuers can charge the merchants, so the fees are much higher than the typical EU consumer card regardless of chargebacks. Some of that is of course kept by the banks as profit, but much of it is returned to customers as reward points, cash back, or other perks. It's among the reasons why I continue to use my US credit card as my primary form of payment even here in Germany. Zero foreign transaction or currency conversion fees, great perks. (This card does require a decent US credit history and has an annual transaction fee, but I get enough value out of it to outweigh that fee.)
How many chargebacks have I done in my entire life for a reason other than actual fraudulent / unauthorized transactions? Probably under 5, maybe 1-2 at most. Plus most of the fraudulent transactions were noticed proactively by the bank rather than me having to bring it up to them. Because it's a true credit card and not a debit card, I never had to pay for those fraudulent transactions.
The thing is, even here on HN (where I expect, maybe not warranted, the level to be higher), people seem to absolutely proud and entitled to chargeback whatever for whatever reason. Those are almost 100% Americans (I check) and that is where I got the idea; this sentiment is much higher on tiktok, youtube, reddit etc. I even saw some shorts of people screwing merchants with chargeback like it is some batch of honour.
I'm sure chargeback abuse is a thing, but in aggregate, I'd argue people are still not doing enough chargebacks, because businesses are still engaging in unethical (& potentially illegal) practices of billing customers for services not rendered, or unclear pricing, or dark patterns.
Dark patterns with regards to payment should be a big no-no, and the fact they're still around suggests this behavior isn't being punished enough. So we should in fact have more chargebacks, until the situation becomes that it's more profitable to play fair and legal than try dirty tricks.
Unlimited, no-confirmation access to pull money just based on a static card number is a bug to begin with - ideally every money movement would be authorized on the spot or preauthorized in advance up to a limit.
But assuming we do have this bug, it seems like merchants are happily abusing it - "free" trials that are impossible to cancel, unexpected charges buried in 50 pages of T&C, etc. Chargeback is a completely normal reaction to this and I recommend it to everyone.
The heuristic I use is simple: did I expect this charge, and would I have agreed to pay for it had I been asked for upfront? If not, the merchant gets a quick email, and if they're not cooperating, taking unreasonable time to action it or are outright unreachable they're eating a chargeback and it'll be up to them & their processor to argue it further. They are welcome to put their processor/acquirer person on hold for hours (like they would do me if I were to play their game) and see how that works out for them.
But it only adds fees aka an extra tax; you are paying for it. Merchants just up the prices, banks up fees, conversion rates, etc etc. Someone is paying for it and it's always most likely you. The strange idea people have that 'this is free because it is law' is interesting. It is VCs (in neo banks), it is you in established banks. I rather do not pay for any of your chargeback behaviour really.
Ideally, we’d have technical means to prevent people from getting stuffed (the oAuth-style token system I’ve described in other comments on this thread), combined with legal means to ensure businesses are discouraged from doing the stuffing in the first place (and those who do are promptly sued out of existence).
Until this happens, consumers (including me) will keep using chargebacks as their only way to defend their interests.
Also, if we were to magically rewrite the system tomorrow and eliminate card fees and the potential for chargebacks, do you really think businesses worldwide will suddenly lower their prices as a result? The market already demonstrated it is willing to pay the current prices, so the savings from lack of fees/chargebacks will end up in executives’ yachts instead or pissed away in more advertising.
I'm not American (I'm from the UK), but filing a chargeback is an incredibly satisfying weapon for a consumer.
So many companies try to weasel out of their legal obligations under consumer protection law, so why not hit them with a chargeback when they won't do what they're required to?
After being burned by PayPal protection not working out, I will now buy anything I can directly on a Credit Card, as you just get so much more protection in the UK - both contractually and legally.
That's an example of selection bias and other confounding factors: HN users are disproportionately American, Americans are more likely to know of chargeback rights than people from other countries, Americans are more likely to have credit cards than people from other countries, American statutory rights in this area (especially for credit rather than debit cards) are stronger than in most other countries, people who abuse chargebacks are more likely to be American than from other countries for all of the foregoing reasons, Americans are more likely to boast than people from most other countries, Reddit has disproportionately many Americans, and people who make shorts about chargebacks are more likely to do chargebacks than people who don't.
Consider statistical rather than anecdotal evidence in this area. According to one payments processing company, Clearly Payments, the USA has slightly below average chargeback rates, at 0.47%, behind the UK, Belgium, Germany, and France:
https://www.clearlypayments.com/blog/chargeback-rate-by-coun...
Where? I heard it many years ago a few times but not for a very long time? Maybe it was a bug which got fixed?
If the cardholder doesn't opt-in then the payment is as good as cash (with the same recourse available as if you paid cash).
This could allow low/no-fee transactions for low-stakes situations where the chargeback protection wasn't going to be used anyway.
If chargebacks go away and aren't replaced by something at least as effective, that means that we're losing one of the most significant advantages intrinsic to the payment mechanism: peace of mind.
Pay with cash. No risk of recurring charges, charging more than what you hand over, etc.
When the merchant fails to deliver or underdelivers -- "my fries were cold" -- appropriate customer service should be meeting the customer at that point and addressing it directly.
Modern systems of unempowered on-the-ground employees and endless loop self-service support stand in the way of that. Consumers naturally respond by pulling the levers that remain, which is invoking the wrath of American Express.
- SEPA instant transfers (exist, but cost extra)
- A consistent (across all banks) API to poll for received payments for the merchant
- A consistent API (e.g. an URL schema that browsers do support) to quickly fill in payment details with your bank's transfer form.
Last time I checked instant sepa (which was today) it was free as in zero commissions on either side and was actually instant.
But yes, instant SEPA is often free and often available and very nice when both of those are true.
- Keep the money in the bank (and earn interest on it) for another month or so
- Contest fraudulent charges or payments for goods or services that are never delivered
- Earn travel rewards (I know, those have systemic downsides)
- Pay any business in essentially any country in any currency with no fee for you and a low fee for the business
1. Banks are also allowed to charge fees for SEPA transfers, with some limitations.
2. It does care about currencies, in that it only supports one: the E stands for Euro, and all SEPA transfers, in the four rails it provides, are in Euros, including transfers from and to countries that are not in the euro zone.
3. And SEPA isn't limited to the European Union, as it has 36 states participating in the scheme, more than the EU's 27.
I want to buy a CD from Amazon for 19.99. I click on my bank application (or maybe some QR code on Amazons site) And that tells my bank app on my phone to authenticate my phone agains the bank And ask for a 16 digit number that is solely for amazon, 19.99 and 20240812
Browser-based flow, where you're already logged into the bank in an existing browser tab:
* Amazon redirects you to oauth-proxy.visa.com where you select your bank (if you've done it already once, it remembers and redirects straight to your bank)
* Visa redirects you to your bank - if you're not logged in, you do a login - this is up to your bank on how to do that - authorize with an existing phone, WebAuthn, etc. On OSes supporting it, this URL can be hooked and handled directly by a native app which may use the device's secure element to store its auth credentials for the bank
* Bank displays you the payment request details (which include your Amazon account email, order ID, etc - all info you need to confirm it's indeed your payment request and not someone else's) and allows you to change them (maybe you want to authorize more or less, or make it one-time/recurring with a daily/weekly/monthly/yearly cap, or set an expiry after which the authorization is no longer valid)
* In the background, Amazon gets a success webhook from Visa (or their processor) saying that this authorization request has been granted, or they can poll an endpoint - this eliminates the need for a final redirect back to them like in normal oAuth
* If this is a recurring charge scenario, Amazon can store this payment request token against your account and use it multiple times, as long as the charges fall within the policy set during initial payment request establishment (if you set a max of $20, they can do as many transactions as they want up to a total of $20).
Device-based flow, where you aren't/don't want to login in to the bank the same browser:
* Amazon redirects to oauth.visa.com as above
* Instead of clicking on your bank directly, you say "authorize via phone", it just encodes the URL of the current page in a QR code so you can scan it on the phone - you then do the above flow there. Because the success/failure of a payment request is already communicated directly between the merchant and Visa, there is no need for your phone to pass any data back to the browser, so no need for a "reverse channel" to be set up.
* On your phone, you may have your banking app installed, so it takes over the domain name of your bank and automatically opens the payment request authorization there, using your existing session within the app.
Point is, not only is there no longer a concept of a card number that can be copied, stolen, or leaked, but the user also remains in control - they can control whether the payment is one-time or recurring, set limits on recurring payments, and be able to cancel these authorizations at any time, after which they're guaranteed that nobody can take more money without going through this auth process again. This eliminates many reasons for chargebacks, and reduces fraud risks for merchants too (merchants are no longer vulnerable since the auth to authorize a new payment request is between the user and their bank directly), so things like behavioral fraud detection or captchas on payment pages are no longer needed.
Downside (for scammers): business models based on a free trial that rely on the user forgetting to cancel, or those who intentionally make cancellation annoying or impossible wouldn't work, because payment requests should list upfront the max amount they can take, and the user can adjust that and make sure the unwanted charge just won't go through even if they tried.
It doesn’t cover credit risk-even on a debit card, there can be a “hold” period of an arbitrary amount before the final transaction clears. When you swipe a card at a gas station, they often run a $50 authorization hold on your account.
It also doesn’t cover merchant fraud—- Visa/MC covers you if the merchant doesn’t ship the product because they’re a fake company.
Then there are value-added warranty services that higher end cards offer. These are easily worth the 1%+ fee.
Safeway gas stations upgraded their pumps to have tap-to-pay.
But with increasing gas prices (and not getting into that), they upped the auth hold to up to $125.
Except many card issuers limit contactless payments to $100... rendering tap to pay useless on the pump because it'll deny the preauth and require chip insertion.
I’ve noticed lately that contactless payments that go over the limit don’t require chip insertion, the reader just asks for the PIN to proceed. Maybe there’s been some updates to the standards?
My risk to my credit number being stolen is honestly low. The risk is the merchant providing a substandard service 99% of the time, and an OAuth style payment flow does nothing for that.
Someone like Amazon who is a trusted merchant already negotiates fees with their banks and they likely already have an extremely low fee rate.
What Stripe, Square and PayPal provide is a service for integrators who don’t want to spend money talking to a bank, negotiating a rate, and then implementing the required security to execute their own transactions.
Merchants would love to reject all cards that are a Visa Signature and above, leaving only the very low cost cards as accepted. The Card Networks have engineered via branding and contracts that this does not occur though.
This almost sounds like a subtle recommendation for the Lightning Network. It's based on single-use invoices that are locked to a specific recipient and is usually limited to specific amounts.
Good luck convincing J. Random User that your cryptocurrency is none of these things.
The fact that invoices are temporary in LN is a weakness of the design, not an intentional choice. The lightning network represents a regression from the typical use-case of cryptocurrency because both sender and receiver need to be online to make a payment.
Sweden thought going cashless would reduce crime. Nope, crime increased.
Paypal etc basically exist to deal with the backward underinvested USA payment systems.
Now I'm confused. There's a better way, and other 1st world countries have already adopted it?
The Netherlands had a similar system where they used physical totp (I believe) terminals which generated them from your bank card + pin, completely offline. Nowadays everyone uses iDEAL identically to what you describe.
The product in that case is not "payments as a service" to the consumer but in fact "payer as a service" to the business. If consumers didn't represent an unbounded ability to generate recurring revenue there are lots of profitable businesses that would go under overnight.
This can be generally be accommodated in my suggested model, they just have to specify upfront how much & how often they'd want to charge. If the gym membership is 50 bucks a month, then the token has a monthly limit of 50 (or maybe a bit more, to account for potential extras). The token lifetime could be set for the membership duration.
> car rentals
Get 1 token with your rental fee + a separate token (scoped until car return date + some time to inspect/discover any damage) for the deposit amount?
There are multiple ways of doing so, two-factor authentication (think 3d secure) is one, an oAuth like system where you log in to your bank on their website and consent to a wire transfer is another. There are variations on these ideas, the system we have here gives you a 6-digit code in your banking app which you can enter on any device, trusted or not, and then accept the transfer via a pop-up on your phone, no personal data involved.
As far as I understand, both US law and US history heavily incentivize the use of credit cards. There's no nice way for landlords, banks, mortgage lenders and other such institutions in the US to do "background checks" on their customers except through credit scores, and that incentivizes credit card use. There's also a regulatory difference in how credit versus debit card chargebacks are handled, making credit a lot more friendly to consumers in cases of actual fraud.
Then there's the historical aspect, in the era where there were no computers, and most vendors could at best call a bank to verify if a card was valid, a debit based system wasn't technically feasible, which is what put the US on the path of credit. A lot of poorer countries had the major cash-to-cards transition a lot later, in the era of chips and dial-up modems, which made debit a lot easier to implement, and so that's what they went with, and debit usually means far lower fees.
Most countries that ARE the US put the burden on the business and the credit card companies, and limit the liability to the credit card holder ($50 max, sometimes $500)
I've known people in other countries that lost money and they were SOL in comparison. Maybe they have cheaper transaction fees.
If you buy with credit you are using the bank's money, with debt your own and you have less protections in the second case.
Trust me, i have meet my fair share of adults who don't own a credit card and if they want to buy something online just charge a prepaid card with the needed amount.
American express is not accepted in a lot of places because it is only credit and the processing fees are double that of debit cards.
Visa and mastercard debit cards are accepted just because you can't only accept debit cards, a lot of vendors fought for the ability to do so.
You can negotiate with a bank to get your own rate and then implement your own secure transaction processing. Visa is still required though.
I have worked at companies that bypassed those middlemen. Many companies don’t do it because they are okay with paying higher fees so they don’t have to deal with that extra headache, or because they work at smaller companies that think Stripe, Block, and PayPal invented payment processing when Visa and banks have been around for decades longer.
It's actually difficult to justify Stripe's popularity aside from media monopolization preventing alternatives from gaining mindshare. Everyone knows Stripe but many don't know about the existence of alternatives.
I’m reminded of the old joke about the tech who thumps a machine to fix it, then sends a $5000 bill. $5 for coming out and thumping, $4995 for knowing where to thump.
Maybe instead of “3% to update some tables in a money database,” it’s more properly “.001% for the database update, 2.999% for being trustworthy enough that everyone is willing to trade goods and services on the strength of our promise that they’ll get paid”
From my point of view it isn’t really about partner banks. It’s about the rails, nearly 100% about the rails (IE the network). You’d only need one partner bank to move funds, which is how CashApp does it for example, but payment networks (the rails) is a different beast all together and I’ll do my best to outline this.
The bigger problem is going to be the rails. Visa and Mastercard as a model wouldn’t make as much sense for a new system to start with, rather you would want to be a closed loop system like American Express and Discover, because it’s extremely unlikely you’re going to be lowering any fees if you have to transit on Mastercard or Visa, but this means you have to control the entire on ramp, from issuing cards to operating the network. This as time has gone on has gotten very complicated from a regulatory standpoint and much of it for good reason, not to mention the high entry cost and long tail time it will take to see adoption. In fact you would likely run up against the reason why fees are so high, which I will get into in a minute. This is all the reasons why Capital One is trying to buy Discover, because they want to lower their fees for their cards so they can net more profit per transaction with lower per transaction costs, but this won’t translate into anything being cheaper for merchants (which is what we are really talking about) because of one really big draw of credit cards: Rewards[0]
The biggest driver of higher over time transaction costs isn’t the operation of the network. Which does cost money and it is unlikely operating any network would be zero cost or near zero cost, but rewards balloon the cost to merchants because of how things are structured and incentivized.
In a very simplistic breakdown it goes like this: if I am a card issuer like a bank, American Express or Discover and offer rewards, someone has to pay for that. Now you think the sky high interest rates would be enough but, while they in part cover the costs of the bank and they make lots of money on this, the truth is rewards are funded in large part (and sometimes solely) by kick backs on fees paid by merchants to the network operators, e.g. Visa, who may charge 3% they may only keep 0.50% of that and pass the rest back to the issuer as a kick back. This is negotiated by a number of means and the percentages are all different based on a bunch of factors but this is essentially how it works. This in part is done to incentive more transactions over the card network, particularly as a credit transaction which isn’t fee regulated, where as debit cards have a legal limit, which averages out to ~7 cents per transaction, significantly lower than credit cards.
Now this has created a system of kickbacks and rewards. This benefits three parties: Banks, who get tons of profits off of the high interest on credit cards plus the kickbacks fund rewards. Savvy (and usually wealthy) consumers, who can effectively get the “tax” in higher prices this has observed to cause over time as fees rise paid back to them as rewards at no cost (full paid monthly balances) and the network operators.
This leaves merchants to bare the real burden, as well as consumers who haven’t or otherwise unable to take advantage of reward programs to offset costs, namely the poor and lower middle class folks.
Now knowing this, how would you build up a 3 sided network (the operator, the consumer and a bank) that upends this model, which lowers fees for merchants? Assuming you go with a closed loop model (likely the best move) you are left with a few options: lower rewards (or have none, realistically) and you won’t gain consumers. Lower the operator take which has risks the ability for operations to be profitable and regulatory compliant, or you need to fund in large part by merchant fees greater than 1%, which will inch you close to what you see today...
And in the EU if you’re buying new physical goods online the merchant is required to give you a week or two to return it for free.
I believe the argument is that as long as they can ensure all transactions are secure and can only be initialized by those with access to the bank account, there shouldn't be a need for charge backs.
[1] https://www.mollie.com/growth/how-ideal-payment-method-works
When I wasn't happy with a product, I either used the warranty or (mandatory) 14-day return option depending on the reason why the product wasn't conforming expectations
Perhaps warranty extras are more relevant outside of the EU where warranty laws may be less strict? How even does a payment system do warranty, it knows nothing of the product?
And what is price protection, it sounds like merchants would draw more from the account than you authorised? How would that even work? With iDeal at least, you approve a certain amount for a certain merchant (displayed on a second-factor device so it's not impacted by phishing) and they cannot later charge you more
These protections don’t really exist in the US. The only thing American consumers can really use as leverage to get a return is the threat of a charge back. Even a small amount of chargebacks (merchants call it friendly fraud) can land you in serious trouble with Visa or MasterCard. If you lose the ability to process cards, your business is basically poof — gone.
They also have much better protections against fraud (if someone steals your credit card and buys something with it, you're not liable... the bank will pay you back).
If you get scammed with a cash-equivalent (like our Zelle or Cash App or Venmo), too bad, there's no way to get your money back. I know people who've lost thousands of dollars that way, and nobody will protect you from that.
Credit cards here obviously charge high interests (and charge the merchants too) but they offer a lot of protections you otherwise wouldn't get.
> If you get scammed with a cash-equivalent (like our Zelle
Fun fact: shifting a significant chunk of liability for fraud away from banks and onto consumers was in fact one of the design goals of Zelle for the banks.
With a signature the merchant is responsible for fraud. They are supposed to check the buyers signature against the one written on the back of the credit/debit card or cheque book. If the signatures don't match the merchant should decline the sale.
With Chip & PIN - a code only the card owner should know - the responsibility has been shifted away from the seller over to the buyer. The banks always say "NEVER share your PIN code with anybody. It's for you only"
Claiming a charge-back is much harder if YOU are the one who authorised the transaction by entering a code only YOU should know.
Or maybe it's just me but I greatly prefer the non-algorithmic non-pay-on-credit mechanism where I simply pay for my purchase and the other party has no reason not to take my money (and the bank no reason not to issue the payment method to everyone: as an EU foreigner in Germany without pre-existing German credit score, getting a card at all was a pain, no matter if I could guarantee it with some insane deposit amount... I have the money, they just didn't want to issue a number to pay with because of algorithm magic). Now that I got that card number by co-guaranteeing with a German, purchases often fail like when I use mobile data which is from a Dutch phone number and so it looks foreign and I guess smells like non-standard situation → must be fraud, let's deny the purchase
Digital replacements for cash, like the aforementioned iDeal system, just always works and is available to everyone with a bank account in the Netherlands (iirc they're looking to start using it EU-wide because the costs are so low). No need to pre-pay either (like with paypal credit) because it just draws from your regular account. Another advantage is that it is owned by the banks collectively so you're not giving a ton of information to a third party, like most German-native payment options requiring to verify a phone number before you're allowed to pay the merchant for absolutely no reason other than tracking
Basically we have very few consumer protection laws compared to the EU, and it's very much a "buyer beware" culture here. If you get screwed by a merchant, most of the time it's just too bad for you, unless the merchant has a good return policy (most big box stores do, most small places don't). We don't have the regulatory protections that EU has.
So credit cards have sprung up to offer not just buy on borrowed money, but also purchase protections that live outside the legal/regulatory frameworks. When you buy something with a credit card, you get charged interest by the bank and the merchant also pays a fee. Some tiny part of those fees get pooled into these protection (and other) services that the card offers its members.
For example, depending on your credit card, some will automatically extend the warranty of things you buy by another year or two. Or price protection is that if the thing you buy goes on sale within 30 days and you find it for a cheaper price, the credit card provider (not the merchant) will issue you a partial refund. The chargeback system is often used for disputing issues (maybe you bought something from an overseas vendor who never delivered and never bothered to answer your emails, or maybe they lied about their return, or maybe provided some terrible product). You file a claim with the credit card company, not the government or the merchant, and the card issuer will mediate on your behalf. If the amount is low enough, they'll often just refund you without a full investigation (it's not worth their time). But it also serves as a sort of review & punishment system for merchants... those who get too high a volume of chargebacks will incur higher fees or be blocked altogether by the credit card issuers, meaning merchants are incentivized to fix customer issues.
Merchants not accepting credit cards here do exist, but they're relatively rare, because so much of the population uses credit cards instead of anything else. Even debit cards (that draw from your bank balance and typically have fewer protections) still have a partnership with Visa or Mastercard to allow you to pay as though it were one of their credit cards (just with a preset balance).
Of course all of this means it sucks for the merchants, but it's way better for the buyers than paying with cash (which leaves you almost always without recourse if anything happens). Our government is so captured and so weak that basically no state or federal agency will be able to help you in most consumer issues. We do have something called the "BBB" (Better Business Bureau), but it's not a government agency, just a fake third party middleman who pretends to do that function (but doesn't actually do anything)... it's basically just an old-fashioned Yelp.
So as a buyer, if you want any protections at all, it's a credit card or nothing.
> paying with cash (which leaves you almost always without recourse if anything happens)
One remark about this though: you always have recourse in court. We often hear the USA is incredibly litigious, but it's not like we'd not (threaten to) bring action against a merchant not acting honestly
The main situation where I see chargebacks being useful is when you fell for a scam and the perpetrator cannot be located for enforcement. Which is a legitimate concern for sure, but there's more ways of dealing with that than giving everyone the option to chargeback anything on a whim with no repercussions for them
Courts could be a useful substitute if the actual penalties were high enough that no merchant would dare even try a scam (then it doesn't matter if legal action is hard work, because the mere deterrent effect means you will never actually have to do it), but that's not the case.
It is, however, like we (in the US) wouldn't bring action in court. Ordinary consumers don't want to have to go to court to resolve a dispute with a merchant. Unless you have a substantial amount riding on the outcome, you're just going to lose, even if you win. It costs time and money to go to court. While you may legally have recourse with litigation, in practice, it doesn't usually work that way.
But you probably won't do it in a week, and you'll spend weeks each year maintaining it. I'd make an educated guess that for the vast majority of companies, it would be cheaper to process your first half million on Stripe than it would be to learn how to build a payments processor, build it, run it, and maintain it. You're saving peanuts for the principle of the matter.
But we do, because capitalism both needs flexibility in separation of concerns and people need jobs and greed is its own fiefdom genersting maxhine.
Think of it like evolution and social diversity. Studies in squirrels have shown that larger social groups create a need for greater phenotypical visual diversity, if only for identificTion
If you think about it.
Stripe, Block, PayPal only exist because of credit card networks (Visa, Mastercard, American Express, JCB, Discover) and issuing banks (JPM, WF, BoA, foreign banks). Those last two groups of entities have such terrible integrations/interfaces and fail to improve due to their oligopoly on the entire process of facilitating buyer and seller payment processing.
Stripe, Block, PayPal are just mere parasites living off of other parasites (the 3-7% transaction/network/issuing bank fees).
A “rival” is a complete dissolution of these parasitic entities. Cash used to be a good alternative, but comes with its own set of setbacks that do not meet our modern era (ie, can’t pay for items with cash in e-commerce, pains of handling high amounts of cash IRL)
You could write personal checks, but not every business accepted them and if you were a business there was a period of days, sometimes weeks where you didn't know if a payment was good. I did pizza delivery in the 1980s, we accepted cash or check and I would guess about 1 in 10 checks were no good. That's a huge loss to absorb. And drivers would make occasional mistakes handling cash.
I remember when Visa and Mastercard started to get popular and widely accepted. Before that you had store credit cards, gas station credit cards, you were carrying around maybe half a dozen different cards just to do your normal purchases, or you were writing checks everywhere. e-commerce didn't exist yet but it would never have been possible paying by cash or check.
Visa/MC and later Paypal, Stripe, etc. solved real problems and provided real conveniences. That's worth something.
As a result, the American Express API is actually decent[0].
[0]: https://gateway-na.americanexpress.com/api/documentation/int...
If you live anywhere else, all these companies are offering services that banks don't, or charge much more for. Or these days, don't even offer themselves, they literally outsource it (e.g. sending money from one bank to another is now a built-in-third-party-service in the form of agreements with Interac to handle low value EFTs).
So can you rival them? Probably. Will you fail? More likely than not. Is there lack of real competition? Depends on where you live, but yeah the whole reason they got this big is because they found a real problem and solved it, charging just enough for people to go "well that's still worth it for me".
Even if it was, there are better uses for a "decade with enough funding" unless you have some competitive advantage, like you're the CEO of Chase Bank or something. If you want to know how possible it is, consider that Bitcoin was released in 2009 and cryptocurrency's success at being used for payments - in the history of the world - it has been used for payments between people for something other than crimes, but adoption is way behind visa. Like, that alternative system exists (albeit not for free either) and there's no adoption. So the "billions" aren't exactly a market inefficiency. They make billions, but out of your life, how much do you pay to them. And then, do they perform a valuable service and charge money for that? Would you rather go to a bank and get cash and drive it to Amazon's local office, or mail them a cheque? For a fee, there are companies out there that will make it easier and faster and more convenient than that.
For those not wishing to visit another site to learn new vocabulary first:
blue-ocean market = entering into a new markt, red = entering into an existing market
Interestingly, I never heard this term before but now twice in one week someone referred to it (linking an article from 2012 iirc). At least the other one provided a link, albeit to a 5600-word documentary that I'm sure everyone was thrilled to dig into when there are perfectly normal words for it as well (sounds less fancy if everyone is already familiar, though)
The fees are insane and nearly all merchants require multiple confirmations which can take over an hour.
It takes thousands of people who know what they are doing to get a big SaaS platform in any industry to work -- and to keep it working through endless regulatory changes, hacks, user demands, tech limitations, and bugs.
Once you have built something of this scale you're likely to charge as much as competition or perhaps even more -- not only to recoup your enormous costs but to return the expected profits to your capital backers.
I don't see why they should get to shave a slice off of every transaction. It takes relatively little upkeep and they rake in huge profits.
The fees nudge businesses to use cash (well, to avoid tax too, sometimes.) or set a minimum transaction amount, which can mean fewer customers through the door.
I think a new, public infrastructure competitor could be healthy for economies worldwide.
Not only do you have to pay to deposit, you have to store it, count it, secure it and transport it.
It's the same problem all cryptocurrency projects face. They allowed Bitcoin because Bitcoin is basically useless for payments, it's too slow and fees are way too expensive. Though Ethereum recently slipping through the cracks may disrupt the payments industry in a big way. Coinbase and Circle are already working on bringing direct stablecoin payment options to customers/merchants with USDC and other tokens afaik. Which would also be more decentralized than Facebook's Diem. Not sure how many people would trust corporate money, an open public ledger is preferable of course.
https://www.ft.com/content/a88fb591-72d5-4b6b-bb5d-223adfb89...
https://www.dw.com/en/facebook-backed-cryptocurrency-sold-am...
Or authorities "allowed" Bitcoin because, given its lack of head to cut off, they had no choice.
Contrast with Ethereum's demonstrable central authority over its blockchain: When the developers were robbed of their coin by a hacker, they "reorganized" the Ethereum blockchain to undo the transactions associated with the theft.[0]
I regard Ethereum less as "slipping through the cracks" and more as a poison suppository greased and inserted by the powers that be.
[0] https://en.wikipedia.org/wiki/Ethereum_Classic#The_DAO_bailo...
The volume is also misleading because it does not differentiate on source, fee structure etc. it’s a gross (as in financial gross) number that says very little about how it was moved and what it cost to move it. Digital payments is a huge category
I wish more companies used Zaprite https://zaprite.com/