But, they have to maintain a system to deal with that. Also, if they pass all fraud back to the merchants, at the levels that would happen if they had no good fraud detection, then merchants would stop allowing credit cards. We take for granted that most transactions are valid. If the credit card companies did not invest a lot in automatic fraud detection, the percentage of fraudulent transactions would be something like the percentage of email which is spam.
They still leave much of the risk to the merchant. Turn on 3d secure, watch how the banks often don't even respond, and watch the conversions plummet as your hard won customers get caught in a whirling loop. Turn on all the fraud tools and watch how nobody ever checks-out again...
Ya, depending on your type of business, you really may not need any fraud tools at all. I deal in b2b SaaS. We had to work to get any and all fraud tools turned off because we have essentially zero fraud (companies that you work closely with tend not to try to pay their monthly recurring fees with stolen credit cards.)
