Stripe Acquires Touchtech

It&#x27;s quite exciting that stolen payment card details will lose most of their value for Internet purchases in the EEA soon. Long overdue I think, it&#x27;s practically a backdoor to the whole Chip and PIN security system. (Though so are transactions with signature or magstripe, but those are also slowly being tackled…)<p>My main bank account is with Nordea, a big Nordic bank, one of Sweden&#x27;s big four. They are currently quite paranoid about Internet purchases and outright do not permit any such transaction if it does not have that kind of two-factor authentication — if the merchant doesn&#x27;t support it, you must log in with the app or Internet bank and temporarily turn this off for one hour. But with support for two-factor authentication bexoming obligatory in the EEA, I guess it will only be non-EEA merchants where this is a problem. :)

...well crap. Time to update my side projects to handle this new flow. I wasn&#x27;t aware this was even coming. Looks like there are a lot of exemptions (my side project costs customers less than 30 euros), but it&#x27;s ultimately up to the customer&#x27;s bank.<p>I guess I&#x27;ll move to Stripe checkout instead of my custom form.

As security practices improves, reducing fraud, does the industry reduce its costs and pass the savings to consumers or is the trend to increase their own profits? I have an assumption as to what the answer is, however I&#x27;m wondering if anyone here in the industry may have a solid understanding?

Hopefully, this will be handled in a better fashion in Europe than in India where online transactions dropped two digits after the changes were enforced.<p>For e-commerce platforms, refunding fraudulent charges is cheaper than a two-digit drop in transactions.

Congrats to Touchtech! Acquisitions are always exciting :)<p>I&#x27;m wondering what this means for multi-factor authentication with regards to payments. Why bio-metrics instead of a physical security key and U2F? Convenience? Customer reach?<p>If the U.S. implements something like SCA in the future, would it be likely that biometrics will win out over PINs or security keys, given different legal protections for both (<a href="https:&#x2F;&#x2F;pilotonline.com&#x2F;news&#x2F;local&#x2F;crime&#x2F;article_25373eb2-d719-5a6e-b677-656699a50168.html" rel="nofollow">https:&#x2F;&#x2F;pilotonline.com&#x2F;news&#x2F;local&#x2F;crime&#x2F;article_25373eb2-d7...</a>)? What might this mean for future legal precedents regarding biometrics?

Always good to hear Stripe are doing well and expanding, their platform and more particularly, their api, is so intuitive.

Good to see Stripe improving their service even more.