Anti-fraud departments have apparently not gotten the memo, and the whole situation has gotten obscene in the last few years.
I regularly travel for work and it's impossible for me to make any purchases on major sites like Walmart, Best Buy, Target, Costco, etc. They all will accept an order, charge my card, and then randomly cancel the order some hours to days later, and refund me.
Similarly when traveling internationally, Schwab bank decided they didn't like one of my debit charges and blocked the card. I called Schwab and they gave me some "publicly sourced" 3 question quiz about myself that I apparently failed and they locked my entire account until I can fly back to the states and come into a branch.
Luckily I have a 2nd bank account and was able to change my payroll. But it's just insane to me that some random debit charge has resulted in my inability to access most of my money or my brokerage positions.
I hear similar issues and horror stories from all my coworkers and friends that travel.
Ditto to this. My experience has been very similar to yours.
The amount of incompetence involved with payment processing and banking is just mind boggling. KYC/AML is very quickly turning into bizarro big brother. But not an all-knowing AI big brother. A stupid 2005-era IP address detecting one. You do a little too much traveling? Poof. There goes a month of your life to banking jail.
A simple two-factor mechanism like passkeys or authy (that isn’t based on SMS to unreliable US phone carriers) would solve about 99.999% of this.
Banking regulations and poorly understood rules by lawyers transform into monstrous implementations of security for banks.
For example, my banking app requires Face ID to unlock it and to approve payments. But for certain types of payments, such as more than 3k USD, instead of using Face ID to process the payment it requires and SMS OTP entered into the app. Which tends to suck when I'm using another SIM or if the SMS does not arrive in time if I'm traveling internationally. How on earth do they think SMS is more secure than biometrics beats me.
out of curiosity, are you "privacy conscious", as in minimize sharing your location, personal information, etc?
I have a pet hypothesis that a lot of the security heuristics they use are based on being able to spy on you everywhere you go, and the trail of digital litter you leave behind "confirms" it's you where you are.
It's difficult to draw conclusions from my own experience because the security landscape changes and I don't know what other people encounter. I do know people who spend their lives online on the phone and they don't complain about having problems blowing their whole paycheck every week; like for instance my assistant who doesn't either have trouble purchasing things for me.
I happen to share a name with somebody in my family, and these risk-reduction facets literally cannot tell us apart. I've been told "wrong answer" when giving the right answer to questions about myself, but they're asking me questions about a different person, because again, having the same name is sufficient to get mixed up, apparently.
> I regularly travel for work and it's impossible for me to make any purchases on major sites like Walmart, Best Buy, Target, Costco, etc. They all will accept an order, charge my card, and then randomly cancel the order some hours to days later, and refund me.
These sites are not cancelling your orders. The card-issuing bank is.
Disagreed, the banks aren't cancelling it - they wouldn't authorize the transaction in the first place. Chances are, the banks are correctly returning an address verification mismatch if you didn't use your true billing address.
Most likely the stores are cancelling the orders because of billing/delivery address mismatch or (if you didn't set a different billing address) that it doesn't verify against your card.
Same here. While in a Nike Store in London, I could not use my Barclaycard for a 50 EUR purchase. So unheard of to use a Mastercard for purchasing something while on vacation. Used a different card which worked fine.
No SMS or notification on my phone to verify myself either.
Wrote them a mail to ask what this was about and why I cannot use my card, but they only wrote back that the card was not blocked and everything was fine, but sometimes they are afraid of fraud etc.
I’m a little confused, a 50EUR purchase in London, UK? Also which country was the Barclaycard issued in?
You’ll probably also find that banks are much twitcher around merchants like Nike and Apple because their products hold value really well, and are easy to sell on the second hand market. Makes those products a really great way to exfiltrate stolen funds because the products are almost as liquid as actual cash.
It's probably on transactions that are requested solely based on the card number, and no PIN.
I got hit by these blocks with a EU card a long time ago, as the shop was trying to pass the charge with the magnetic strip. Had to phone to the VISA center to let the charge pass through on next retry.
Nowadays I'd assume any "card in the machine" transaction done with a PIN would go through no questions asked, even if you're located in Antarctica on their database.
I think so, not an American citizen but travel often to many places and remember Dell cancelling my notebook purchases ~5 times in a day (in two different years) until I call to a sales representative. I share the same experience in Dell with American citizens.
No. My (UK) bank will decline purchases if they look suspicious and send me an SMS with the information and ask me to yay/nay them. (For 4 years running, they did this for my early September purchase to Apple. Most annoying.)
No, I had fun times with UK Citibank blocking my card when I tried to pay for a hotel in US as well. Nothing better than not being able to pay for a reserved room after 13 hours of travelling.
I have been traveling internationally continuously for 6 years and haven’t had any of these issues. I use Schwab, Capital One, and Chase for banks and credit cards. I don’t stay any one place longer than 6 months; usually just 3months in a country.
When my bank card expired Schwab even overnighted a new card to Peru for me. I order from Amazon a fair amount and don’t have any issues.
Maybe you are in this weird algorithmic grey zone where you don’t travel enough so everything gets flagged. Where for me I have been traveling for so long that nothing gets flagged.
I've been traveling issue free for a long long time before these things started happening. It's really only in the last couple of years it's become a problem.
Also I don't have issues with classic eCommerce stores like Amazon, Newegg, B&H, ebay. It's only the new wave of eCommerce stores trying to enter the market this decade, like all the big box stores. It's like they all got sold the same crap anti-fraud software/service.
Just like everything. The optimal amount of crime, unemployment, accidents, deaths, etc... is not zero.
For example, when building a road, there is a certain chance that an accident will happen, that some people will die, and that could have been prevented. For example, by installing a guard rail, enforcing speed limits, or by taking a different path.
But installing that guard rail for a one in a million chance that something bad happens is money better spent elsewhere, like improving safety where it matters more, and people tend to dislike the resulting taxes. Enforcing speed limits have a cost too, that can be recovered from the fines that result from it. But the goal is not to bankrupt your citizens with fines, and constant surveillance is not very popular. And the different path you are planning may go though people homes, relocating people is also expensive, and usually not very popular for the people in question.
So, we tolerate a few accidents and deaths over a dystopian society.
> But installing that guard rail for a one in a million chance that something bad happens is money better spent elsewhere
Just for clarity -- guard rails, where we choose to place them, probably cost $500k to $2M per life saved over their lifetime, while the value of a statistical life in the US is >$10M. This comparison ignores costs of non-fatal outcomes (injuries, disability).
It seems like we should be deploying more guardrails, even though their marginal return would be less than our current average.
The problem the article poses is actually not one of diverting costs, despite how GP's metaphor would indicate... It's that with fraud, only the most draconian systems can be effective at stopping all fraud.
In the above metaphor, it's more like guard rails are already in place, the speed limit is 1/10th a reasonably safe velocity, and the only way you can stop the remaining death-every-decade is to make everyone walk the road instead of driving it, and guarded so that you don't encounter any strangers along the way either. Very safe. But now nobody even wants to take this road. But it's so safe! Zero deaths, no injuries, ever.
Sure, the expenses/value argument can be made, too, but that's not ultimately what makes it nonzero. Even if you had limitless resources to apply to the anti-fraud, the only way you're getting nonzero fraud is if a large amount of legitimate customers are inconvenienced or outright denied as well. This is due to how easily fraudsters can still find processes and marks to make it worth their time, and regulations + policies are ever evolving to keep up, but a lot of it comes down to a cost/benefit analysis by the business. The internet just scales this up by several orders of magnitude too.
I would like to emphasise that the parent has said "where we choose to place them", so they're not contradicting the grandparents metaphor, just giving an interesting FYI.
> The optimal amount of [...] deaths [...] is not zero.
That's not true. It assumes that there is an objective, known price for a life. Since you can't have e.g. 0.1 deaths, there's no guarantee that the optimal amount is at least 1. It's more that it's the outcome of haggling, politics, and the willingness to turn a blind eye to the consequences of stupidity.
True, but you can have 0.1 deaths per year, by having 1 death per 10 years.
Of course, I agree there are some things that don't work well for that - nobody's going to be happy accepting "1 nuclear meltdown per 30 years" even if statistically it'd mean fewer deaths than coal.
There's a price for life in a given society though. Due to resources being finite and wellbeing mattering. In the UK I believe NICE uses £30k/QALY as the price.
Maybe that's a poor way of stating the problem. In a zero tradeoff world, 0 deaths would be optimal. We don't live in that world though. For example, flying is supposedly safer than driving. Airplane crashes happen. We could demand zero deaths from the planes which would drive the costs up, causing more people to choose to drive, causing more deaths.
So, in relation to airplanes, we can't choose zero deaths in the real world. We have to choose some imperfect trade off, otherwise we'll cause more deaths.
End-to-end principle in action. You could try to make every stage super-reliable and fraudproof... but that yields a terrible overall system compared to a much lighter touch and going after complete transactions which turn out bad.
> GPS based speed limiters are cheap, effective [...]
While this is technically true (the devices themselves are cheap and effective), the data required for them to work well doesn't exist. If the data exists at all, it is usually horribly out of date. So in practice there will be many cases where these devices limit you to the 30mph from last year's big construction project. Then you get rear-ended because nobody expects you to slow down 50mph for no reason at all.
You could totally avoid that accident by not building the road in the first place, which typically is the first level of paralysis we need to overcome.
To summarize: there is a trade-off between amount of fraud and ease of doing business. Zero fraud means doing legitimate business becomes too cumbersome.
Seems like the same point we have with security in computer systems and ease of use.
Important corollary: it may well be possible to reduce fraud much closer to zero (then the currently accepted rate) without negative effects on legitimate business.
For example, the USA's lack of a national ID (and the resulting adoption of realldy ba substitues like SSNs, driver's licenses and "two photo IDs") has made a plethora of fraud techniques ridiculously easy. In many other countries, "identity theft" so rare there is not even an established term for it.
Passkeys will hopefully turn into a similar case regarding computer security.
To be a bit more general about this, I have found that the returns to combatting fraud are highly nonlinear.
Having a better national ID than SSNs would have effectively no negative impact while being a huge benefit for security and fraud prevention. It would also, if implemented well, be hugely beneficial for privacy. For instance things like Signal could move from requiring phone numbers to a ZKP using a national ID.
I lived in Spain and never understood how the DNI/NIE's weren't an easy vector for identity theft. You need to give the number to do the simplest things, and many people wanted to see the card (and possibly make a copy). As far as I know the smart chip on my card wasn't used once in 2.5 years. I suspect the digital certificates you could get from the government likely aren't as well protected by the general (non-technical) populace as they should be. What makes it harder for someone to steal identity via a DNI/NIE in Spain than someone could use a drivers license + SSN in the US?
(For what it's worth, I actually liked the national identity card, and didn't hear too much about identity theft - I'm just curious).
In Australia, drivers licenses and passports are defacto national IDs. And we felt the sting of that when Optus (2nd largest telecom provider) leaked half of the population's IDs.
Not to mention before this there was almost no way to get a new drivers license number, so if it got stolen good luck, a new license is issued under the same number.
> For example, the USA's lack of a national ID (and the resulting adoption of realldy ba substitues like SSNs, driver's licenses and "two photo IDs") has made a plethora of fraud techniques ridiculously easy. I
US federal government provides passports with passport numbers. All the infrastructure is already in place, it’s just a question of political will to implement an API to use this for identity verification.
Working with partners who have integrity is a massive boost to everything you do. People with high integrity attract more people with high integrity, compounding that effect.
> This is counterintuitive and sounds like it is trying a bit too hard to be clever. You should believe it.
Yes, you're
> you should welcome greater than zero fraud. You can think of it as a necessary expense, just like rent or salary or advertising is.
You don't WELCOME costs just because they're necessary. Similarly, you wouldn't welcome fraud just because it's too costly to get rid of it.
And if you add a tiny bit of morality into the mix, your too clever "fraud welcome!" message becomes even more invisible
(also, it could very well be that some fraud types can be reduced to literal 0 without bringing the whole system down, but then the parts of the system that can make it happen aren't incentivized to do so because they've passed all the costs to other parts of the system)
The argument seems to be a little different than what you’ve taken from it.
My interpretation was something like and efficient frontier model between multiple variables where “zero fraud” isn’t actually a position on that frontier. So, if you find a place with zero fraud, you can possibly increase the total utility of the system by aiming for slightly less than perfect but being back on the efficient frontier.
Arguably zero of anything is a great ideal but not maximally efficient.
Morally, the situation is more in favour of getting to zero.
I don't think you can even make a moral argument in favour of zero fraud, because that implies choosing to harm genuine users. There's always a trade-off between fraud prevention and genuine use. This is extremely important in social benefit systems, where people can literally die if the system incorrectly thinks they are trying to defraud it and cuts them off.
Non-zero fraud is useful for political point-scoring, but zero fraud is a terrible goal on its own. You also need to be measuring false positive cost, and drive that to zero too. The moral argument has to be for the efficiency frontier itself, I can't see any other way this works.
You can find a place with zero fraud by denying all transactions. This is of course, maximally inefficient and totally useless.
It's less about "allowing fraud" and more about managing false positives in the fraud detection subsystem: it should ideally detect fraud, and only fraud. The false positives need to be low enough for the system to work, without also having so much fraud that the system stops working. Ideally there are no false positives at all, but at some point the effort to reduce this further exceeds the returns. Like with fraud.
Efficiency frontiers are a game of fantasy (reality is never at the frontier), so it's not relevant whether there is a "zero fraud" point, but also for the same reason a tough argument to make that there are no situations where (even in theory!) such a frontier exists
But that's also not connected to the main critique - I get how you'd welcome more efficiency (at higher costs), but do you get to welcoming costs outside of trying to do counterintuitive rhetoric?
I understand this and it's similar to what happens with, for example, theft or shoplifting: if we cracked down really hard on it, the honest user's experience would be disproportionately impacted and our collective freedom could be restricted too (imagine policemen searching whoever exits a supermarket, or cameras spying and tracking virtually everyone everywhere). At the same time, it's profoundly unfair that we need to let a certain class of people (fraudsters, scammers, thieves) to live at society's expense and I would like something could be done about that. Who knows, maybe sample crackdowns with really heavy consequences.
Under the assumption that the only way to bring fraud to zero is to raise the bar high enough that legitimate customers will also be turned away, some fraud is acceptable and the author posits it is even a good thing: it means good customers are having an easy enough time being a customer, too.
I thought this article was going to be somehow less intuitive, but in reality, it simply says something most people inherently understand: that you have to grease the skids a bit to make things work. Dressing it up in academic sloganeering doesn't make the insight all that much more powerful.
I think most people understand that a risk-free society is a poor society. Take driving: the safest way to drive is to not get in the car at all. Similarly, the best way to save yourself from credit card fraud is not to have a credit card. But does this justify driving like a maniac, or being careless with your personal information? Of course not.
In other words, the article simply points out that categorical thinking (1 or 0) is useless in this context (as it is in most contexts, to be honest). The meaningful question is what degree of fraud we should be willing to accept, and in what contexts.
It's a common insight, yet you see slogans like "zero tolerance" or "our overriding priority is security" everywhere. You can choose to believe people championing them are just oversimplifying or actually encouraging a bad system for their own gains, but it's important to be able to point to a well-written piece explaining why they're a bad idea.
Uhhh, it depends on the business?
I know there are some businesses which suffer high chargeback rates (pay2cheat SaaS), and most of the chargebacks were happening by customers who said that their card has been stolen (as the merchant could easily disprove any other lie). The usual customer cycle was: buy the cheat, get banned in the game due to suspicious stats, reports or whatever, be mad about it, and then they would turn to their bank and say that their card was stolen -> chargeback.
Eventually, they started forcing 3DS (which shifts liability from you to the card issuer, and apparently card issuers don’t like paying!). Revenue didn’t decline, but fraud rates did go indeed to zero.
Readit News
I regularly travel for work and it's impossible for me to make any purchases on major sites like Walmart, Best Buy, Target, Costco, etc. They all will accept an order, charge my card, and then randomly cancel the order some hours to days later, and refund me.
Similarly when traveling internationally, Schwab bank decided they didn't like one of my debit charges and blocked the card. I called Schwab and they gave me some "publicly sourced" 3 question quiz about myself that I apparently failed and they locked my entire account until I can fly back to the states and come into a branch.
Luckily I have a 2nd bank account and was able to change my payroll. But it's just insane to me that some random debit charge has resulted in my inability to access most of my money or my brokerage positions.
I hear similar issues and horror stories from all my coworkers and friends that travel.
The amount of incompetence involved with payment processing and banking is just mind boggling. KYC/AML is very quickly turning into bizarro big brother. But not an all-knowing AI big brother. A stupid 2005-era IP address detecting one. You do a little too much traveling? Poof. There goes a month of your life to banking jail.
A simple two-factor mechanism like passkeys or authy (that isn’t based on SMS to unreliable US phone carriers) would solve about 99.999% of this.
For example, my banking app requires Face ID to unlock it and to approve payments. But for certain types of payments, such as more than 3k USD, instead of using Face ID to process the payment it requires and SMS OTP entered into the app. Which tends to suck when I'm using another SIM or if the SMS does not arrive in time if I'm traveling internationally. How on earth do they think SMS is more secure than biometrics beats me.
Dead Comment
I have a pet hypothesis that a lot of the security heuristics they use are based on being able to spy on you everywhere you go, and the trail of digital litter you leave behind "confirms" it's you where you are.
It's difficult to draw conclusions from my own experience because the security landscape changes and I don't know what other people encounter. I do know people who spend their lives online on the phone and they don't complain about having problems blowing their whole paycheck every week; like for instance my assistant who doesn't either have trouble purchasing things for me.
These sites are not cancelling your orders. The card-issuing bank is.
If you have persistent trouble, switch banks.
Most likely the stores are cancelling the orders because of billing/delivery address mismatch or (if you didn't set a different billing address) that it doesn't verify against your card.
No SMS or notification on my phone to verify myself either.
Wrote them a mail to ask what this was about and why I cannot use my card, but they only wrote back that the card was not blocked and everything was fine, but sometimes they are afraid of fraud etc.
You’ll probably also find that banks are much twitcher around merchants like Nike and Apple because their products hold value really well, and are easy to sell on the second hand market. Makes those products a really great way to exfiltrate stolen funds because the products are almost as liquid as actual cash.
I got hit by these blocks with a EU card a long time ago, as the shop was trying to pass the charge with the magnetic strip. Had to phone to the VISA center to let the charge pass through on next retry.
Nowadays I'd assume any "card in the machine" transaction done with a PIN would go through no questions asked, even if you're located in Antarctica on their database.
No. My (UK) bank will decline purchases if they look suspicious and send me an SMS with the information and ask me to yay/nay them. (For 4 years running, they did this for my early September purchase to Apple. Most annoying.)
When my bank card expired Schwab even overnighted a new card to Peru for me. I order from Amazon a fair amount and don’t have any issues.
Maybe you are in this weird algorithmic grey zone where you don’t travel enough so everything gets flagged. Where for me I have been traveling for so long that nothing gets flagged.
Also I don't have issues with classic eCommerce stores like Amazon, Newegg, B&H, ebay. It's only the new wave of eCommerce stores trying to enter the market this decade, like all the big box stores. It's like they all got sold the same crap anti-fraud software/service.
For example, when building a road, there is a certain chance that an accident will happen, that some people will die, and that could have been prevented. For example, by installing a guard rail, enforcing speed limits, or by taking a different path.
But installing that guard rail for a one in a million chance that something bad happens is money better spent elsewhere, like improving safety where it matters more, and people tend to dislike the resulting taxes. Enforcing speed limits have a cost too, that can be recovered from the fines that result from it. But the goal is not to bankrupt your citizens with fines, and constant surveillance is not very popular. And the different path you are planning may go though people homes, relocating people is also expensive, and usually not very popular for the people in question.
So, we tolerate a few accidents and deaths over a dystopian society.
Just for clarity -- guard rails, where we choose to place them, probably cost $500k to $2M per life saved over their lifetime, while the value of a statistical life in the US is >$10M. This comparison ignores costs of non-fatal outcomes (injuries, disability).
It seems like we should be deploying more guardrails, even though their marginal return would be less than our current average.
In the above metaphor, it's more like guard rails are already in place, the speed limit is 1/10th a reasonably safe velocity, and the only way you can stop the remaining death-every-decade is to make everyone walk the road instead of driving it, and guarded so that you don't encounter any strangers along the way either. Very safe. But now nobody even wants to take this road. But it's so safe! Zero deaths, no injuries, ever.
Sure, the expenses/value argument can be made, too, but that's not ultimately what makes it nonzero. Even if you had limitless resources to apply to the anti-fraud, the only way you're getting nonzero fraud is if a large amount of legitimate customers are inconvenienced or outright denied as well. This is due to how easily fraudsters can still find processes and marks to make it worth their time, and regulations + policies are ever evolving to keep up, but a lot of it comes down to a cost/benefit analysis by the business. The internet just scales this up by several orders of magnitude too.
Take the wealthiest top 10,000 Americans out of the equation, and what’s the value of a statistical life in the US?
$10M seems to be a weird number in my mind.
Edit: Well that was a fascinating rabbit hole: https://en.m.wikipedia.org/wiki/Value_of_life#:~:text=In%20W....
That's not true. It assumes that there is an objective, known price for a life. Since you can't have e.g. 0.1 deaths, there's no guarantee that the optimal amount is at least 1. It's more that it's the outcome of haggling, politics, and the willingness to turn a blind eye to the consequences of stupidity.
True, but you can have 0.1 deaths per year, by having 1 death per 10 years.
Of course, I agree there are some things that don't work well for that - nobody's going to be happy accepting "1 nuclear meltdown per 30 years" even if statistically it'd mean fewer deaths than coal.
So, in relation to airplanes, we can't choose zero deaths in the real world. We have to choose some imperfect trade off, otherwise we'll cause more deaths.
> But the goal is not to bankrupt your citizens with fines,
There is this one crazy trick to avoid speeding tickets. Cops hate it.
While this is technically true (the devices themselves are cheap and effective), the data required for them to work well doesn't exist. If the data exists at all, it is usually horribly out of date. So in practice there will be many cases where these devices limit you to the 30mph from last year's big construction project. Then you get rear-ended because nobody expects you to slow down 50mph for no reason at all.
Seems like the same point we have with security in computer systems and ease of use.
For example, the USA's lack of a national ID (and the resulting adoption of realldy ba substitues like SSNs, driver's licenses and "two photo IDs") has made a plethora of fraud techniques ridiculously easy. In many other countries, "identity theft" so rare there is not even an established term for it.
Passkeys will hopefully turn into a similar case regarding computer security.
Having a better national ID than SSNs would have effectively no negative impact while being a huge benefit for security and fraud prevention. It would also, if implemented well, be hugely beneficial for privacy. For instance things like Signal could move from requiring phone numbers to a ZKP using a national ID.
(For what it's worth, I actually liked the national identity card, and didn't hear too much about identity theft - I'm just curious).
Not to mention before this there was almost no way to get a new drivers license number, so if it got stolen good luck, a new license is issued under the same number.
US federal government provides passports with passport numbers. All the infrastructure is already in place, it’s just a question of political will to implement an API to use this for identity verification.
Yes, you're
> you should welcome greater than zero fraud. You can think of it as a necessary expense, just like rent or salary or advertising is.
You don't WELCOME costs just because they're necessary. Similarly, you wouldn't welcome fraud just because it's too costly to get rid of it.
And if you add a tiny bit of morality into the mix, your too clever "fraud welcome!" message becomes even more invisible
(also, it could very well be that some fraud types can be reduced to literal 0 without bringing the whole system down, but then the parts of the system that can make it happen aren't incentivized to do so because they've passed all the costs to other parts of the system)
My interpretation was something like and efficient frontier model between multiple variables where “zero fraud” isn’t actually a position on that frontier. So, if you find a place with zero fraud, you can possibly increase the total utility of the system by aiming for slightly less than perfect but being back on the efficient frontier.
Arguably zero of anything is a great ideal but not maximally efficient.
Morally, the situation is more in favour of getting to zero.
Non-zero fraud is useful for political point-scoring, but zero fraud is a terrible goal on its own. You also need to be measuring false positive cost, and drive that to zero too. The moral argument has to be for the efficiency frontier itself, I can't see any other way this works.
It's less about "allowing fraud" and more about managing false positives in the fraud detection subsystem: it should ideally detect fraud, and only fraud. The false positives need to be low enough for the system to work, without also having so much fraud that the system stops working. Ideally there are no false positives at all, but at some point the effort to reduce this further exceeds the returns. Like with fraud.
But that's also not connected to the main critique - I get how you'd welcome more efficiency (at higher costs), but do you get to welcoming costs outside of trying to do counterintuitive rhetoric?
I think most people understand that a risk-free society is a poor society. Take driving: the safest way to drive is to not get in the car at all. Similarly, the best way to save yourself from credit card fraud is not to have a credit card. But does this justify driving like a maniac, or being careless with your personal information? Of course not.
In other words, the article simply points out that categorical thinking (1 or 0) is useless in this context (as it is in most contexts, to be honest). The meaningful question is what degree of fraud we should be willing to accept, and in what contexts.
Eventually, they started forcing 3DS (which shifts liability from you to the card issuer, and apparently card issuers don’t like paying!). Revenue didn’t decline, but fraud rates did go indeed to zero.