This is the dirty little secret that everyone clutching their pearls over the OnlyFans 'scandal' won't talk about. There are plenty of providers who will deal with porn, but porn customers are shit customers who no one wants -- the fraud and chargeback rate is incredibly high so the cost of processing payments is equally high. The advantage that crypto brings to porn payments is not the pretend anonymity, it is that there are no chargebacks so you do not need to deal with fraud prevention.
I believe it. For a smaller company, it will take one analyst stumbling over something problematic that may trigger an investigation ( think SAR ). If the issue is bad enough and customer does not have clout to back it, bank might derisk.
The problem is.. it is not exactly standardized as each bank does their own thing thanks to BSA rules.
And it’s not exactly out of the realm of possibility that some analyst somewhere just really dislikes pornography. It’s not like there isn’t a robust anti-porn movement purposefully using “think of the children” as cover.
This isn't the case across the entire industry. There is a large portion of customers who keep their CB ratios below the requirements of Visa & MCs. Hell, plenty of the customers in the industry could get it even lower but that runs the risk of leaving money on the table by turning away a potential customer that doesn't do a chargeback.
There are some customers in the industry who run silly numbers like +10% and do "Mid burning" with different banks.
The highest CBs tended to be the "online dating space" or "find X nearby hookup" kind of sites.
If you've got any other questions feel free to ask.
Source: Worked at payment processor in high risk processing +$1B in volume
what is "mid burning" in this context?
what do you expect % of charge backs to be for something like onlyfans?
if you were to start a company in this field what would you use as a payment processor?
Mid burning is when a company will have many shell companies and just open up at many acquirers and knowingly will breach their chargeback ratio with the expectation that eventually their acquirer will shut them down but they don't care because they'll move onto another acquirer. This goes on until Visa/Mastercard blacklists them at the card level but these merchants don't care because everything is shells corps and structured that it looks like it has no ties to the parent corp.
I expect the CB ratio to be 0.7% if they're aggressive with not leaving money on the table and refund anything that looks like it'll give them bad press. If they're they're trying to keep it as low as possible I've seen the ability to operate at 0.3%.
CCBill & Epoch when I want to shift high risk liability. Rocketgate for everything else. Getting the processor is the easy part, finding an acquirer and getting a mid is much harder.
I have no advice on how to find an acquirer/getting a mid for high risk it is very much networking and knowing people club.
Sometimes merchants will turn off 3d secure because of the approval drop with 3ds. This is one of the main reasons why 3dsv2 was introduced to elimate the friction.
Even with 3dsv1 the liability doesn't always shift to the issuing bank. For example, I believe it is Mastercard NA(Might be Visa NA) that doesn't allow any 3ds liability shift for high risk merchants.
Source: Worked at payment processor in high risk processing +$1B in volume
1. It tries to gather more data points about the customer environment (i. e. browser and screen details). I think the goal is to provide more signals that the bank can use to decide low/high risk transactions. This likely feeds into...
2. Some transactions can be passed through in a "frictionless" manner. Instead of getting the "please log into your bank this is not phishing trust us" interstitial, it requires no interaction.
If most of the time, customers are sitting int eh 'frictionless" universe, then they won't hit too many situations that encourage cart abandonment.
Even with 3DS challenges, people are persuaded out of their one-time passcodes by phishing, using an increasingly elaborate series of text-message and voice-call based deceptions. I hate the term, but search for “smishing” and there’s a bunch of material explaining the exploits.
Depending on the region, only a small fraction of payments are enrolled in the framework to do that validation / challenge anyway, it’s been expensive to adopt and a lot of card acceptors are still nervous about abandoned carts and lost revenue.
Aaaand that’s not to mention good old fashioned stolen cards, counterfeiting and at the other end, full-scale identity takeovers.
Many security features are still bypassable by using the legacy system that should have been supplanted by now. It is a constantly-evolving (and frustrating) field.
Yeah but why would anyone bother with with all the hassle and some porn. Other than few people for the lulz, I can’t imagine this being serious problem (when 3ds works)
