WingNews logo WingNews
top | item 47140558

(no title)

MichaelZuo | 7 days ago

Stripe needs all that byzantine fraud prevention, on top of what they had a decade ago, because they are a huge concentrated target.

A smaller firm could be way simpler. Because they simply wouldnt have enough money to provide a decent payday for dozens of malicious geniuses going at them 24/7/365.

discuss

order

woodruffw|7 days ago

Is this true? I would expect most of Stripe's fraud overhead to be statutory in nature, not something they hire for because they're a concentrated target.

(They certainly have more staff because more volume, but the actual regulatory requirements I'd expect to be roughly the same for the service they provide.)

the_bear|6 days ago

When we used Stripe, we opted out of all their fraud prevention stuff to save money (not sure if that's still an option). As a b2b SaaS where payment happens after a free trial (not at signup), we're just not a target for fraud, so it was totally fine.

I can't speak to why Stripe's fraud protection is so expensive. Is it because they're a target? Or maybe because they realized people will pay for it (it seems valuable for something like ecommerce)? I dunno, but I can confidently say that as of ~5 years ago, it wasn't required by any regulation, and my business was perfectly fine without it.

Now we use Paddle, and they also try to sell us a bunch of stuff we don't need at ridiculous prices. We're just using them because we wanted a merchant of record (where they handle taxes and stuff), but no, I'm not going to pay a % of my revenue for basic dunning emails, fraud prevention, vague "optimizations" that "increase conversions" (lol no they don't), etc.

hibikir|6 days ago

Stripe was already a big target for basically anyone and anything 10 years ago. Fake merchants, card testers, the works. People were selling guides to defraud Stripe. And we are not even counting just losees due to nonsense like the Fyre festival.

You really don't have to be that big a payment processor for dozens of malicious geniuses to decide that they want to fleece you. If anything, the ROI is better in less sophisticated companies. Most ways to trick a payment company are, if anything, standardized. The smaller company can often be attacked by just changing the API calls, but otherwise taking basically the same actions you would to try to defraud a bigger fish.

MichaelZuo|6 days ago

I meant geniuses in the real sense, not colloquial sense.

If someone could reasonably expect a cushy 40 hour/week seven figure job, even a malicious personality wouldn’t risk criminal fraud without a much much bigger payout.

And to have dozens focusing on one company…

So anyone handling under a few hundred million per day are safe from that kind of coordinated attack.

krainboltgreene|6 days ago

> Stripe needs all that byzantine fraud prevention, on top of what they had a decade ago, because they are a huge concentrated target.

This is not true. Every payment processor needs this effort because as soon as you broadcast that you're a payment processor you're going to get about 3-5 scammers a day.

As an aside I really think Mercury bank should audit their onboarding process.