One day a payment company will refuse to be acquired and give paypal a run for their money. Paypal fees are just too expensive and I have to believe there's a company who will want to disrupt and take on Paypal rather than succumb to them.
PayPal's problem isn't so much their fees (although that's an issue) but their utter disregard for their customers. The fact they'll arbitrarily freeze an account for seemingly nothing more than shits and giggles is counter to the kind of stable experience you'd expect and want from a payment provider. The fact there is little recourse when the fuckup fairy strikes is what's most concerning though.
It might be that this is indicative of the core value of Paypal's fraud prevention intelligence. All the smart people I know who work at Paypal are working on fraud prevention (even the analytics guy I know there admits to providing more data to the fraud prevention teams than anybody else).
I wouldn't be very surprised if Braintree decided to be acquired because they learned that doing "enough" fraud protection requires the sort of fees that Paypal charges – _plus_ a dataset like eBay to mine for patterns and to instrument up for real-time triggers.
Thinking about it (as in, this is not some long-held considered belief, just some random thought that's just popped into my head), it'll kinda surprise me if anyone smaller than Paypal/eBay, Amazon, Facebook, or Google, will be able to compete longterm as a payment company. If you don't have firehose-sized transaction data to monitor (Paypal/Amazon) or strong social network signals about identities (Facebook/Google), I doubt you're going to be able to create fraud protection as effectively as those players, and that's going to cost you and your (non-fraudulent) customers and be reflected in the transaction fees you'll end up non-competitively charging.
Random thought number 2 – I wonder if there's now some opportunity to start up a non-US based payment company, and lobby for privacy law changes in the wake of the post-Snowden knowledge about how the PRISM-linked companies are mis-using personal data, especially of "non US persons"? I wonder how hard you'd have to push the Brazilian government to make using PRISM-linked or US based companies as payment services illegal - for domestic privacy reasons? (Unfortunately, I suspect the opportunities for me in Australia to lobby for laws protecting Australian citizens from surveillance by the NSA won't get any support at all from our in-bed-with-and-beholden-to-the-US government.)
There could be ways round the big-data-required problem. You could charge different transaction fees depending on how good your data is on somebody and allow them to provide data to improve your confidence in them. Or require deposits from people and return them over time.
That's a good idea - but I suspect it'd be a much harder sell to end user merchants (and their web developers).
Explaining "our fees are based on your customers fraud risk, only 0.9% + 25c per transaction for people who've liked your facebook page and have more than 100 facebook friends and an account more than 24 months old, up to 5% + $1 per transaction for people using TOR or coming from ex-Russian-state ip addresses" isn't going to go down so well as "Paypal costs 2.9% + 30c/transaction and works globally in any currency, you can probably get half that rate from you own bank if they'll give you an internet merchant number - but they'll probably only give you local currency transactions."
Agreed. It might be easier to charge the customer rather than the merchant. If as customer I could choose from a list of payment providers and get a different fee from each one then the competition would be very transparent. Plenty of barriers to overcome to get to that point though.
I get their fraud protection focus. A huge reason they stay around is that you can use them without a merchant ID, which banks are a lot more hesitant to hand out these days. However, Stripe, and more recently, Shopify Payments, offer the same advantage without the PayPal-ness.
