| ▲ | krainboltgreene 21 hours ago |
| You can't really do better than stripe. The onboarding overhead is because of fraud and the costs are basically barely above interchange. |
|
| ▲ | hmokiguess 20 hours ago | parent | next [-] |
| Sure, though not every small project needs to worry about that. Perhaps the payment workflow is a tight loop that has KYC through physical memberships (ID + Photo), say a gym membership for example, and the entire system is private just needs a gateway to do transactions. |
| |
| ▲ | krainboltgreene 16 hours ago | parent | next [-] | | Even if that was true literally no payment processor cares about what a small project worries about and they never will. | |
| ▲ | fragmede 17 hours ago | parent | prev [-] | | Stealing someone's identity and pretending to be them and buying a gym membership with a fake id and a stolen credit card might seem far fetched to you, but Stripe doesn't want to be on the hook for that, especially if the scammer signs up for, say, Equinox and it isn't discovered for year+.
(ex-Stripe; didn't work directly on fraud,
however) | | |
| ▲ | hmokiguess 16 hours ago | parent [-] | | Again, scale matters here. I'm talking about small projects, think a local small city gym, run by maybe one person, family business, probably knows all the customers closely, used to run on cash, but wants to get their bookkeeping in order, needs credit card recurring transactions to avoid late payments from some of their members, and doesn't want to increase their pricing because of high fees on a brand new system. Equinox Fitness is a major conglomerate and likely wants and cares about fraud detection software. |
|
|
|
| ▲ | MichaelZuo 21 hours ago | parent | prev [-] |
| Stripe needs all that byzantine fraud prevention, on top of what they had a decade ago, because they are a huge concentrated target. A smaller firm could be way simpler. Because they simply wouldnt have enough money to provide a decent payday for dozens of malicious geniuses going at them 24/7/365. |
| |
| ▲ | woodruffw 20 hours ago | parent | next [-] | | Is this true? I would expect most of Stripe's fraud overhead to be statutory in nature, not something they hire for because they're a concentrated target. (They certainly have more staff because more volume, but the actual regulatory requirements I'd expect to be roughly the same for the service they provide.) | | |
| ▲ | the_bear 20 hours ago | parent [-] | | When we used Stripe, we opted out of all their fraud prevention stuff to save money (not sure if that's still an option). As a b2b SaaS where payment happens after a free trial (not at signup), we're just not a target for fraud, so it was totally fine. I can't speak to why Stripe's fraud protection is so expensive. Is it because they're a target? Or maybe because they realized people will pay for it (it seems valuable for something like ecommerce)? I dunno, but I can confidently say that as of ~5 years ago, it wasn't required by any regulation, and my business was perfectly fine without it. Now we use Paddle, and they also try to sell us a bunch of stuff we don't need at ridiculous prices. We're just using them because we wanted a merchant of record (where they handle taxes and stuff), but no, I'm not going to pay a % of my revenue for basic dunning emails, fraud prevention, vague "optimizations" that "increase conversions" (lol no they don't), etc. | | |
| ▲ | hibikir 18 hours ago | parent | next [-] | | Look at what happened to, say, Cards Against Humanity: You don't have to be a really bit store for some random card tester to ruin you. | | | |
| ▲ | woodruffw 20 hours ago | parent | prev [-] | | Oh, that makes sense. I was thinking fraud as in AML requirements, not fraud as in scammers and card theft. |
|
| |
| ▲ | hibikir 18 hours ago | parent | prev | next [-] | | Stripe was already a big target for basically anyone and anything 10 years ago. Fake merchants, card testers, the works. People were selling guides to defraud Stripe. And we are not even counting just losees due to nonsense like the Fyre festival. You really don't have to be that big a payment processor for dozens of malicious geniuses to decide that they want to fleece you. If anything, the ROI is better in less sophisticated companies. Most ways to trick a payment company are, if anything, standardized. The smaller company can often be attacked by just changing the API calls, but otherwise taking basically the same actions you would to try to defraud a bigger fish. | |
| ▲ | krainboltgreene 16 hours ago | parent | prev [-] | | > Stripe needs all that byzantine fraud prevention, on top of what they had a decade ago, because they are a huge concentrated target. This is not true. Every payment processor needs this effort because as soon as you broadcast that you're a payment processor you're going to get about 3-5 scammers a day. As an aside I really think Mercury bank should audit their onboarding process. |
|
