Is this true? I would expect most of Stripe's fraud overhead to be statutory in nature, not something they hire for because they're a concentrated target.

(They certainly have more staff because more volume, but the actual regulatory requirements I'd expect to be roughly the same for the service they provide.)

When we used Stripe, we opted out of all their fraud prevention stuff to save money (not sure if that's still an option). As a b2b SaaS where payment happens after a free trial (not at signup), we're just not a target for fraud, so it was totally fine.

I can't speak to why Stripe's fraud protection is so expensive. Is it because they're a target? Or maybe because they realized people will pay for it (it seems valuable for something like ecommerce)? I dunno, but I can confidently say that as of ~5 years ago, it wasn't required by any regulation, and my business was perfectly fine without it.

Now we use Paddle, and they also try to sell us a bunch of stuff we don't need at ridiculous prices. We're just using them because we wanted a merchant of record (where they handle taxes and stuff), but no, I'm not going to pay a % of my revenue for basic dunning emails, fraud prevention, vague "optimizations" that "increase conversions" (lol no they don't), etc.