From a fraud prevention mechanism, credit card name has also been a minor signal when composing any fingerprinting patterns.
Might as well ignore the whole signal, and more now that anonymous and prepaid are gaining share.
Readit Newsglobile commented on True Name – Mastercard (2022) mastercard.com/news/persp... · Posted by u/popcalc
My wife and I are planning to have our first child soon and device addiction is something we’re worried of happening. I’m keen to hear from parents on HN how you go about managing devices with children. Do you have any recommendations, anecdotes, or resources?
Center for Humane Technology(0) has good resources, whether parent, educator or child...even if you didn't watch/like The Social Dilemma.
globile commented on Stripe is PayPal circa 2010 learnjsthehardway.com/blo... · Posted by u/qualudeheart
I have a perspective from the other end of this, as a seller. Been using Stripe for 5 years selling digital content with a low, $5 average bill. A year ago the site was likely noticed by hackers who started punching in dozens of stolen credit cards. I kept refunding manually at first, but then I had activated Stripe Radar. It made absolutely zero difference out of the box. "-Is it a 100th charge coming from the same IP in Ukraine with a Canadian VISA? No problem, charge approved, here's your success webhook.". "-Same fake TLD for the email address, for a customer number 2235? Nothing suspicious here, charge approved.".
What helped fight this was to create a rule in Radar to reject all cards without 3D Secure capability, but it had cut off a sizable chunk of legit revenue.
This is the big problem with Stripe's positioning in the payments food chain ladder.
Block every single fraudulent or suspicious transaction, and you're leaving obscene amounts of money on the table.
The amount of credit card fraud that goes unclaimed or is eaten by liability shift is huge, so if Stripe makes a product like Radar ACTUALLY WORK, they would be missing out big time.
I am confident Stripe's radar's shortcomings are deliberate and not simple bugs or design problems.
It appears they have no incentive for the product to be 100% effective and that would explain why Stripe Radar is billed per screened transaction, regardless of outcome.
We benchmark Stripe Radar against other pure play fraud fingerprinting solutions, and the difference is abysmal. The fact that Stripe claims to have seen 80% of any card before it gets to your store make this fact even worse.
So, like parent says, you are going to see radar scores of 90 and 95 for certain charges (clearly fraudulent carding attempts), followed by scores of 15 or 20 for the same card, IP, fingerprint with absolutely no warning.
I've grown tired of escalating this to Support. They just give me the ML model answer. Basically: "It's a black box!"
You can definitely add a rule to start blocking charges from X places, or with Y velocity, or always enforce 3DS, but then you're taking the model into your own hands, and that has some important consequences.
Your acceptance rate goes down. You're heavily interfering with the model and relying (and trusting) it less, and you realise you really don't need Radar to do that for you.
If you're serious about fraud, you must use a pure player solution that is 100% aligned with your interests.
From what we've seen with Stripe Radar in the past, that doesn't seem to be the case.
I'm a big fan of Stripe in may ways, but I really have a love/hate relationship with this side of their business...
Stripe support is broken. I recall patio11 writing about how Stripe is all about putting in the correct "process".
Well, the process for support fails.
We handle a decent volume and have been a merchant for over 8 years. We can't even get an account manager to handle specific issues.
90% of requests are met with a subtle RTFM!
If you ask specific questions, these are avoided.
An open ticket is bounced from person to person. No two people seem to touch the same issue.
If you try specific chat support, and you ask technical questions, you'd expect some knowledge. Instead, most agents put you on hold and go over documentation, only to come back and say they've escalated this to a ticket.
Then the ticket comes back with more links to documentation, never answering the question.
The only way to make progress, answers and some human treatment is by jumping from connection to connection on Linkedin, trying to get an intro to someone inside.
Or of course, getting lucky with an HN post.
Was waiting for someone to post PaulG's take on this. So here goes:
globile commented on Happy 15th birthday Hacker News news.ycombinator.com/fron... · Posted by u/andrelaszlo
I’ve been coming here from the beginning. Off and on. Different handles because I rarely saved my passwords. I absolutely appreciate all the gem comments especially from insiders. This is the only place that reminds me of 90s newsgroups.
I want to especially thank Dang for keeping this place consistent.
Was also here on the 1st day, the same day I decided to start-up 15 years ago!
Took me 7 years to create an account though. Wish I had done it sooner!
Especially ALWAYS reading the comments BEFORE the actual articles! Thanks!
globile commented on Payments down 20% in my SaaS after EU introduced PSD2 globalbankingandfinance.c... · Posted by u/rokkk
> The first thing that can reduce conversions is the higher rate of 3DS triggered user abandonment. Since many consumers are not familiar with the 3DS process, there is a higher chance of abandonment during the authentication process.
This would presumably go away once PSD2 is fully implemented and all purchases require it, which is a benefit of requiring it by law rather than letting merchants choose whether or not to require it. Requiring it is a common good in the sense that it reduces the economy's overall loss due to fraud.
Additionally, as the article mentions, using 3DS shifts liability for charge not authorized disputes from the merchant to the bank. Thus, the decreased rate of conversions must be compared against decreased losses due to chargebacks.
It quickly gets complicated. There are many more variables to take into account.
- SCA exemptions - Prepaid Cards (with no built in 2FA support) - Banks in less developed markets (No 3DS) - "We encountered a 3DS processing error" is a common nondescript message which occurs with international payments
For regular merchants, the decrease in conversion (double digit) is VERY far away from any improvements in chargebacks. Bear in mind that most merchants need to stay below 0.75-1% chargeback regardless of conversion/decline ratios.
EDIT: Spelling
globile commented on Payments down 20% in my SaaS after EU introduced PSD2 globalbankingandfinance.c... · Posted by u/rokkk
We developed an internal 3DS attempt strategy to try to remedy this [0], but it is not ideal.
Basically, try 3DS (with no authentication), then try regular charge (NON 3DS), then if all else fails try a full 3DS charge. You'd be surprised by the disparity, especially internationally, and we do recoup some charges at the expense of triggering some unintended blockage.
When asking our provider (Stripe in our case) about the best strategy for this, it always comes down to , "Let SCA (Strong Customer Auth) rules and logic handle everything", but this simply doesn't work well.
I really wish the likes of Adyen, Stripe, etc...would help out with better decline ratio strategies.
I think we are all plagued by "do_not_honor" and "transaction_not_allowed" codes that do little to move us in any direction...
[0] https://medium.com/@globile/using-stripe-to-sell-internation...
EDIT: Fixed the order of actions...
> If you have a European Stripe account, billing US customers will not provide the same acceptance rates as if you use a US account.
Is this due to Stripe or due to the credit card providers blocking transactions? I ask because I have a card that routinely declines charges if I am not near my home. (I can temporarily expand "home" by adding travel plans in their app, but it's inconvenient.)
I might be oversimplifying but when you pay with a US card at a European Stripe Merchant, the acquirer they use locally will show up at your US Bank as "foreign", and this will trigger all sorts of things at the fraud/compliance level.
Stripe offers Atlas so you can "easily" open a US Stripe account and serve your US customers from there, but wouldn't it be great if Stripe did that for you automatically?
Sitting up straight at my desk, chair locked, perfect posture? I’m doing nothing, maybe looking through System Preferences to change the system highlight color.
Sliding down in my chair like jelly, with my shoulders where my butt should be and my head resting on the lumbar support? I’m building the next iPhone and it’ll be done by 2 AM.
"I'm going to quickly shift from my terminal to this chrome tab to check this documentation but while it loads I'll get a dopamine hit from X."
Blur the screen and help me get back on track...