
Stripe Acquires Touchtech - middle1
https://techcrunch.com/2019/04/17/stripe-acquires-touchtech-updates-apis-to-prep-for-strong-customer-authentication-in-europe/
======
TazeTSchnitzel
It's quite exciting that stolen payment card details will lose most of their
value for Internet purchases in the EEA soon. Long overdue I think, it's
practically a backdoor to the whole Chip and PIN security system. (Though so
are transactions with signature or magstripe, but those are also slowly being
tackled…)

My main bank account is with Nordea, a big Nordic bank, one of Sweden's big
four. They are currently quite paranoid about Internet purchases and outright
do not permit any such transaction if it does not have that kind of two-factor
authentication — if the merchant doesn't support it, you must log in with the
app or Internet bank and temporarily turn this off for one hour. But with
support for two-factor authentication bexoming obligatory in the EEA, I guess
it will only be non-EEA merchants where this is a problem. :)

~~~
andy_ppp
Why isn’t Verified by Visa mandatory everywhere? Isn’t that enough?

~~~
pbreit
Because it would decimate checkout conversion to save a few basis points in
fraud losses.

~~~
statictype
Is there any data on how much conversion rates drops when it's used?

~~~
riteshpatel
It depends on the region but it can be as high as 30% from what I've read

------
jatsign
...well crap. Time to update my side projects to handle this new flow. I
wasn't aware this was even coming. Looks like there are a lot of exemptions
(my side project costs customers less than 30 euros), but it's ultimately up
to the customer's bank.

I guess I'll move to Stripe checkout instead of my custom form.

~~~
pbreit
You might be eligible for <30 EUR exemption: [https://stripe.com/en-
US/guides/strong-customer-authenticati...](https://stripe.com/en-
US/guides/strong-customer-authentication#exemptions-to-strong-customer-
authentication)

~~~
Artemis2
You’d still have to handle the complete flow for the case where the exemption
has been used multiple times since the last authentication though.

------
loceng
As security practices improves, reducing fraud, does the industry reduce its
costs and pass the savings to consumers or is the trend to increase their own
profits? I have an assumption as to what the answer is, however I'm wondering
if anyone here in the industry may have a solid understanding?

~~~
0xffff2
Is reduced fraud even creating meaningful savings? The simple fact that these
changes are driven by government regulation rather than internal efforts makes
me think not. I think the main benefit to consumers is that they don't have to
deal with identity theft as often.

~~~
yani
Every chargeback from a fraudulent transaction costs ~$25 to businesses.

~~~
bpicolo
For middlemen it can cost significantly more, as they often have to pay the
businesses for the service anyway (e.g. food delivery)

------
topicseed
Hopefully, this will be handled in a better fashion in Europe than in India
where online transactions dropped two digits after the changes were enforced.

For e-commerce platforms, refunding fraudulent charges is cheaper than a two-
digit drop in transactions.

------
yingw787
Congrats to Touchtech! Acquisitions are always exciting :)

I'm wondering what this means for multi-factor authentication with regards to
payments. Why bio-metrics instead of a physical security key and U2F?
Convenience? Customer reach?

If the U.S. implements something like SCA in the future, would it be likely
that biometrics will win out over PINs or security keys, given different legal
protections for both
([https://pilotonline.com/news/local/crime/article_25373eb2-d7...](https://pilotonline.com/news/local/crime/article_25373eb2-d719-5a6e-b677-656699a50168.html))?
What might this mean for future legal precedents regarding biometrics?

------
davidmott
Always good to hear Stripe are doing well and expanding, their platform and
more particularly, their api, is so intuitive.

------
davidmott
Good to see Stripe improving their service even more.

