In the US this isn't a major issue due to very consumer friendly legislation. This is omitting some details, but effectively you call your card provider and say you didn't make a purchase. Then its effectively up to the merchant to prove you did.

That's not really consumer friendly. We wind up paying higher costs for everything because of this. The lost money doesn't magically disappear - the merchants have to include it in their costs.

Actually fixing the problem - 2FA etc. - would probably be more consumer friendly in the long run.

It really just depends on what you value most when it comes to "friendliness". If you value being able to just swipe your card or enter your details and be done with it, and not have to deal with 2FA prompts, remembering a PIN, digging in an app on your phone, or waiting for a code via SMS, then you might not mind the small price increases around the board to account for fraud.

Not saying that's the case for everyone, but you can't define "customer friendly" in a narrow way that conforms to your personal desires and assume that's that.

Also consider that if banks did have strong authentication around every purchase, there would be less of an incentive for banks or merchants to agree to roll over and eat the cost when there is fraud (and more ammunition for them against laws that require them to). No security/anti-fraud system is perfect, and something will always slip through; I wouldn't want to be a card holder stuck with a big bill because someone managed to clone/swap my SIM (for example) and make transactions using my card if I had no protection from that.

My local Costco still isn't set up to handle chip cards at the gas station. No Apple Pay, either. That's just silly.

Other countries had chip cards and contactless payments in widespread use a decade or more before the US even got support for them.

From what I can tell, most gas stations aren't set up for chip cards. I got gas last weekend at a Shell station in SF and was surprised to see the reader was chip-capable. Seems like it's still pretty rare. It's moderately insane that gas stations have been allowed to drag this out so much, considering that gas pump readers are a huge target for card skimmers.

(Then again, I guess a chip reader doesn't stop people from putting in a skimmer that just reads the card number as usual through the magstripe.)

The pump also had a pad for contactless payments, but I couldn't get it to work with either my phone or the NFC chip on my credit card. Maybe it only works with Shell's own card? Wasn't clear.

(And at the complete other end of the spectrum, I then went to top up my tire pressure, only to find that the air pump wanted quarters, and only quarters. Fortunately the attendant turned it on for me for free. I usually don't carry much cash around with me, and even more rarely have coins.)

> Then again, I guess a chip reader doesn't stop people from putting in a skimmer that just reads the card number as usual through the magstripe.

I'd imagine it would do though, as many chip readers only need you to insert your card far enough to read the chip, which isn't far enough to read the entire magnetic track and thus skim the track (am layman though)

Maybe US issuers were much better at on-line fraud detection and didn’t need the newer system?

Hoping someone from the industry can comment, but I was under the impression that US issuers were eventually forced into EMV, after dragging their heels, because the US became a prime market for cashing out mag stripe data from non-US issuers.

Not because they are better at fraud detection, but because US issuers levy much higher fees from their customers across the board and so can eat more fraud-related losses.

Yep. In US the interchange fee is more than 2% of the transaction. In the EU, interchange fees are capped to 0.3% of the transaction for credit cards and to 0.2% for debit cards. That's why in US they have those cash back options on credit cards, that are just not possible in Europe.

"It's not going away" is not a good reason not to mitigate.

2FA would also have higher costs for consumers, possibly much higher costs due to customer support staff and having to reset that second factor.

Speaking of omitting details. Consumer friendly legislation helps solve a problem that need not exist in the first place and saying this “isn’t a major issue” assumes:

a) the consumer catches it in time

b) the consumer has the time to deal with the bank (try calling Wells Fargo in the midst of COVID)

c) it doesn’t cause the consumer’s rent check to bounce

The US payment card system is not a good solution for the non-cash payments problem.

AFAIK you're talking about 3DS and under 3DS the code is treated like a PIN. So if you want to revert transaction protected by 3DS, you're out of luck, because you acknowledged it yourself. Now if your transaction is not 3DS (or PIN) protected, you can claim that your card was stolen and bank should revert transaction and issue new card.

So it's about who's responsible. Without 3DS or PIN a merchant is responsible. With 3DS or PIN a client is responsible.

Keep in mind that this difference only applies to fraud. You can still dispute transactions for other reasons (missing/wrong goods delivered, etc).

I have never had trouble getting a transaction I legitimately needed reverted to be reverted.

The banks have determined that the cost of preventing fraud is higher than the fraud itself. If you suspect fraud on your account, or if a card is stolen/lost, the fraudulent transaction is quickly reversed and a new card arrives in the mail in 2-3 days.

And it's pretty rare. I've had only once actual instance of electric fraud, and one stolen card in 20 years. That's 20 years of never having to remember or type in a PIN.

2fa has appearantly been found too expensive. Banks do a lot of fraud detection in the background.

I get your decision making but the annoying thing is that using PayPal will most likely reduce your legal protections? Fingers crossed PayPal don't screw you over...

Look up what a "chargeback" is. That's the mechanism (and which has been working well enough in practice to keep the system going, and everyone is happy (except for some merchants of course)) that is preventing the dangers you are thinking about from occuring too often to unsuspecting card holders.

Then it brings with it a whole list of different problems, like being incredibly susceptible to buyer fraud, the cost of which everybody then has to eat.

Meanwhile it causes the payment processors to not want to do business with merchants who get a large number of chargebacks, even if the problem isn't with the merchants but with their customers. In other words, it discriminates against merchants who do business with disadvantaged clientele who are more likely to have payment issues.

A merchant getting excessive numbers of chargebacks is not in and of itself an issue if you have all your ducks in a row.

I mean it's an interesting enough heuristic, but can you provide an example of a processor that would refuse to business with someone because they had excessive chargeback, but also had the information in place to prove the purchases in question?

I mean, if you've got crappy customers, I can understand where you're coming from, but I think your choice of customer base to market to may be more in question then whether the system as a whole is fit to transact in.

I don't have much firsthand experience in it though, so I'd be thrilled if you could share some insight on it.

> I mean it's an interesting enough heuristic, but can you provide an example of a processor that would refuse to business with someone because they had excessive chargeback, but also had the information in place to prove the purchases in question?

The problem in many cases is the difficulty in proving the purchases. For something like digital content, the only proof you'd really have is some server logs showing that it was transferred, which are naturally trivial to fabricate because they're entirely under the control of the seller, and so the payment processor may not give them much weight.

> I mean, if you've got crappy customers, I can understand where you're coming from, but I think your choice of customer base to market to may be more in question then whether the system as a whole is fit to transact in.

But then you run headlong into the efficient market hypothesis, because when everybody else is avoiding that customer base for those reasons there is less competition and thereby greater opportunity.

Also, from the perspective of the customer, just because 30% of similar customers are dirtbags doesn't mean you are or that you don't want to be able to buy your stuff.

I did not say it does not have any problems. The poster said that they don't understand why the whole system even works. I simply explained the mechanism by which it currently works. I did not say it was flawless.