Hacker News new | comments | show | ask | jobs | submit login

But the status quo seems to me like a situation in which an entrepreneur can't start an honest corporation without putting his kids' college savings at risk of highly unpredictable fraud loss.

And to add insult to injury, that kind of risk is entirely the fault of the payment industry itself, for failing to implement sufficiently robust security measures. And yet, the merchant typically carries the risk, not the payment industry.

Perhaps any compulsory refunds should be classified as either based on fraud or based on dissatisfaction, and the card payment services should be required to indemnify the merchant against fraudulent ones provided that the merchant has followed the recommended security steps before completing the transaction.

In fact, I've noticed recently that a few payment services are offering to eat chargebacks based on claims of fraud if an on-line transaction included a test such as Verified by Visa, so this situation may be starting to change, albeit rather slowly.

For losses based on dissatisfaction, it's probably as fair as anything practical to make the merchant carry the risk, but it is extremely unlikely that this kind of chargeback would result in a sudden spike in refunds a long time after the initial payments. It seems reasonable to handle this case via a level of retained funds commensurate with the observed level of loss.

That really only leaves catastrophe-scale events, such as a product having a fundamental flaw where everything dies at midnight on 1 January 2000. But in that case, either the business has the funds to cover the loss (in which case there's no problem and the card services can go to court if the merchant doesn't pay back what they owe) or the business is toast (in which case unless it's a very small business, probably no individual who gave a personal guarantee could do much to cover the costs anyway, and if it was a very small business, there's no substantial danger to the card service companies on the relatively rare occasions that they have to write the client off and eat the loss themselves).

In short, to the individual a piercing agreement may be an existential threat to their way of life, but such agreements make little real difference to the card companies in cases where the problem is not essentially their fault anyway.

Merchant account providers are not in the insurance business. If you're starting a business and worried that your own product failures are going to bankrupt you, pay for insurance.

It seems to me at this point that we've lost track of what a merchant account provider even does, and that your argument in some way depends on the fact that it's easier for large companies to bear losses than small ones, and so they should bear those losses regardless of who causes them. Why not just say Apple and Walmart should insure all new startups against personal losses at the same time? It's the same argument.

Merchant account providers are not in the insurance business.

Really? I think there's a good argument that insurance is exactly the business they are in.

The fundamental difficulty here is that money you think you have as a merchant can be taken away again retrospectively, and the merchant account provider is on the hook for it if the merchant disappears. The merchant account provider accepts that risk, but takes steps such as retaining partial funds that will normally be sufficient to mitigate it. Every now and then they'll take a big hit when there's a spectacular failure and whatever guarantees the merchant account provider thought they had turn out not to be worth enough to cover the loss. Most of the time, however, things will go fine and the merchant account provider will make a tidy margin.

How is this not an insurance model?

If you're starting a business and worried that your own product failures are going to bankrupt you, pay for insurance.

I'm not worried about my product failures, I'm worried about fraud due to a combination of their insufficient security and their rather generous waiting periods for customer complaints, or simply due to a mistake on their part.

Merchant account providers are not in the insurance business.

And why not? They could at least be obligated to obtain such insurance. Seriously, what else are they doing with that 3% of all those transactions?

Primarily because we accept the status quo because the merchant is in such a weak bargaining position. Let us not forget that merchants and consumers form the basis of our economy whereas payment and banking systems are just plumbing.

If the financial industry had more incentive to increase the security of payment systems, then maybe we wouldn't have the absurdly insecure systems that we have now. Inter-bank ACH is fundamentally an honor system. Credit/debit networks are basically a shared secret between you and everyone you've ever spent money with.

I'm not saying merchants should be immune from all chargebacks. I'm just saying that the lack of competition in payment systems is effectively disallowing the benefits of an LLC to the little guy.

And why not?

Because I was joking; the cost to ensure businesses that risk thousands of chargebacks would be stratospheric.

But the cost of fraud is already bourne by the economy. It gets bourne by the taxpayers, the consumers, and the merchants. And yes it is stratospheric, but so is the revenue of the current payment industry.

What I'm suggesting is:

A. It makes the little sense for the personal savings of an entrepreneur to be the underwriter of last resort.

B. If the financial industry wasn't so easily able to push the risk off on others, we might find that they become interested in real security improvements that result in an overall decrease of fraud.


The fraud/abuse we're talking about in this case is perpetrated by the merchants themselves. Want to see what a system of "real security improvements" looks like for a payment processor that doesn't require your personal credit staked to your account?

It's called Paypal.

The fraud/abuse we're talking about in this case is perpetrated by the merchants themselves.

But the merchant account issuer doesn't distinguish fraudulent merchants from losses due to stolen cards, fraudulent customer chargebacks, etc. So currently in the US, essentially all fraud costs tend to be passed on to the merchant (and for small entrepreneurs, their kids' college savings).

It's called Paypal.

Note that most of the criticisms people level against Paypal aren't against their policies and mechanisms that are a rational defense against risk. It's things like the destroyed antique violin, banning merchant accounts for "editorial" reasons, outright hostile customer relations, and (last but not least) a penchant for holding on to other people's money for as long as possible for completely unjustified reasons.

Hopefully we can agree that the root cause here is the prevalence of fraud itself. A more secure transaction system could make things nicer for everyone. The problem is that the payment networks are the only ones who can institute meaningful change and the current system (that enables them to pass the costs on to merchants) suits them just fine.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact