Why is it 2019 and I have a laser guided robot vacuum, we're sending flying robot drones other other worlds, the entire knowledge of humanity is accessible on a wireless handheld device, but I can't require a password to be used when withdrawing money from my bank account or my credit cards?
Because it’s cheaper for credit card companies to eat this cost than it is to prevent these costs. Don’t tell me you all haven’t taken shortcuts and papered over low-impact bugs etc., it’s the way of the world.
“Low-impact” is a relative term and should be evaluated from multiple perspectives. While it may not impact the daily operations of the bank, people have suffered a lot of stress that could have been prevented with better bank security policies. It’s fine to paper over things that have no material impact on anyone’s life, but I don’t think secure banking fits that bill.
Because it's not actually "money", the problem is the bank's rather than your own, and no bank has thought fit to advertise "less chance of having to fill out a bunch of annoying paperwork" or "no need to check your account every month" as points of competition. Furthermore, any change that makes fraudulent transactions harder is tempting to use as a justification to shift liability onto customers, which is something you definitely don't want.
And ultimately like many systemic failures in the US it really only affects the underclass - debit card, cashflow confined to one checking account, and an unfamiliarity with expecting results from institutions.
>and no bank has thought fit to advertise "less chance of having to fill out a bunch of annoying paperwork" or "no need to check your account every month" as points of competition
More friction means less spending. It's all about moving the money out of your bank account as fast as possible. Even with the fraud risk, it's worth it for the middle men who take a cut of your money along the way.
In my country you need to login into your bank account to approve payment with credit card. Technology is here but why not all banks are using it is different question.
Because 3Dsecure is really annoying, and therefore hurts conversion rates big time.
It's not mandated by the banks but by the merchants, most merchants do not want to push that garbage onto their customers. Odds are you live in a country with few payment processors that really like 3DS.
But hey, I guess soon PSD2 will be forcing this nonsense down all our throats!
And uh, why would you want this anyway? 3DS only protects the merchant, not the consumer.
I think in the end it's a (lack of) scale problem. Once you're big enough, you don't really care about fraud.
Merchants don't care about fraud itself. They care about liability. So they'll do whatever silly wiggle dance (like 3DSecure) is required to avoid penalty fees or declines, but in the end, whatever fraud they deal with is going to be typically crushed down to a line item or two on a spreadsheet. And that line is far smaller than "losses due to checkout abandonment."
The banks seem to have decided it's easier to yell "zero liability" and bury the costs somewhere. I've had what should have been very traceable compromises on my cards (used at an ATM with camera, used online with shipped goods) and they were far less interested in prosecution than if you had enterred a branch with a pistol and a note and made off with $250. They'd rather eat that fraud than run the risk you'll use an "easier" card.
Only consumers care because it ISN'T at scale for them. They usually have individual, or small-scale burst fraud experiences, so they're not going to have the infrastructure or resources to shrug it off, and the amounts of money are significant at their scale.
I wonder if a more legitimate alternative to the "identity theft protection" industry could have some viability. An all-in-one service for consumers-- you forward them any bogus transaction with a single click through the bank's site/app, and they front you the funds until the dispute is resolved and spend the time arguing over getting the charges reversed, no questions asked. Not that it would be right from a moral standpoint, but it would at least let us be able to worry as little about fraud as the merchants do.
>I've had what should have been very traceable compromises on my cards (used at an ATM with camera, used online with shipped goods)
Not really, these guys know ATMs have cameras. The recipient of the shipped goods will just be yet another victim, almost never the fraudster themselves.
>they front you the funds until the dispute is resolved and spend the time arguing over getting the charges reversed, no questions asked.
This is essentially exactly how Amex works. Except instead of a single click a dispute is more like 7-8 clicks, but still very fast. Over the phone or chat you can dispute tens of transactions in less than 5 minutes.
