In China most payments cannot be reversed. By contrast, the security of payment methods are much more stringent in China.
I was surprised when I first learnt that you could spend money online with a VISA card by only card number, expiration date and a 3(!) digit CVV. Those are hardly secure and printed out on the card that anyone can see. Then the US merchants have so many rules about fraud detection but all of them are just heuristics with many false positives and false negatives.
When Internet companies constantly invents new methods to both increase security and usability (two step authentication, pass keys, FIDO-U2F), the payment industry in the US is just stuck in the past.
Many of the large American companies involved in payments (Visa, MasterCard, Stripe, Square, PayPal) also operate in Europe, and implement the modern security practices required here. 2FA for credit/debit payments made online, for example, and chip payments since... 2004 or something.
Stripe and Paypal are annoying. They refuse payments with virtual debit cards, debit cards issued in other jurisdiction than your shipping (or IP?) address, etc. I'm usually put off when I see a Stripe or Paypal checkout screen.
Just because things are different doesn’t mean they’re “outdated”.
The optimal amount of fraud is not zero. Merchants, and consumers, both benefit from the equilibrium where there is much more commerce, backstopped by bank fraud detection.
Credit card fraud is just not a large problem in the US, and the extra commerce encouraged by continuing to use a relatively insecure system generally outweighs the benefits of tightening security.
Tokenized NFC payments are even more convenient than swiping credit cards, and they’re gradually replacing the old system, but there is no urgency here.
I was surprised when I first learnt that you could spend money online with a VISA card by only card number, expiration date and a 3(!) digit CVV. Those are hardly secure and printed out on the card that anyone can see. Then the US merchants have so many rules about fraud detection but all of them are just heuristics with many false positives and false negatives.
When Internet companies constantly invents new methods to both increase security and usability (two step authentication, pass keys, FIDO-U2F), the payment industry in the US is just stuck in the past.