Most conversations about credit card fraud prevention start with statistics. Marshall Greenwald, Founder and CEO of IoniaPay, starts with a different question: why are we still guessing?
Marshall joined The Ecommerce Edge with host Jason Greenwood for a wide-ranging conversation on why merchant processing keeps failing the merchants it’s supposed to serve, and what replacing guesswork with certainty actually looks like. They covered friendly fraud, false positives, instant settlement, and why Marshall’s card kept declining on a family road trip to California.
The Three Fs Every Merchant Credit Card Processing System Gets Wrong
Marshall opened with what he calls the three Fs: Fraud, False Positives, and Friction. Most payments processing discussions focus on fraud alone. That’s the wrong frame.
The numbers aren’t a secret: 3.2% of e-commerce revenue goes to fraud. What gets less attention is that 5% of legitimate customers get caught as false positives, blocked by the very credit card fraud prevention systems built to protect the merchant. Add friction into that mix, where every verification step costs you a percentage of customers who just give up, and you start to see why most fraud tools are quietly damaging the businesses they claim to serve.
Marshall illustrated the friction problem with an intentionally ridiculous example. You could require every customer to drive to your store and submit to DNA testing. You’d have perfect certainty. You’d also have no customers. The real challenge in merchant credit card processing has always been finding the line between knowing who someone is and making it easy enough that they actually complete the purchase.
Friendly fraud makes it worse. It’s rising fast, closing in on the same rate as actual fraud, and because it looks like a normal transaction gone wrong, it’s nearly impossible to catch after the fact.
Why Heuristics Keep Failing at Credit Card Fraud Prevention
The core problem with traditional fraud tools is that they’re built on heuristics, behavioral signals that suggest something might be fraud. Mismatched billing and shipping addresses. Unusual purchase velocity. A transaction from a new location. These signals have been studied, scored, and built into payments processing risk models for decades.
None of them actually prove anything.
Marshall made the point plainly: criminals have known for years that they need to enter your billing address to get a card approved. So they do, and then they ship the stolen goods somewhere else. The signal that every fraud system uses to flag suspicious transactions is something every fraudster already works around on the first try. Meanwhile, legitimate customers buying gifts, traveling for work, or shipping to a different address keep getting blocked.
“There’s nothing about your billing address and shipping address being different that says that you’re not the cardholder. That’s not a logical tie.”
— Marshall Greenwald
Merchants absorbing those false declines aren’t just losing the sale. Under Visa’s Acquirer Monitoring Program, VAMP, merchants whose chargeback ratios cross Visa’s thresholds face escalating fees and the risk of losing card acceptance entirely. The credit card fraud prevention system that’s supposed to protect them can end up putting them in VAMP territory anyway, just from the wrong direction.
F3: Positive Identification Instead of Risk Scoring
IoniaPay’s F3 framework starts from a different place. Instead of asking whether a transaction looks fraudulent, it asks a simpler question: is this the cardholder, and is this their card?
If yes, confirmed with certainty, the transaction clears. If not, it gets flagged. No scoring. No probability distributions. No behavioral pattern matching that criminals can learn to defeat. F3 positively identifies the cardholder at the moment of transaction, which is a fundamentally different problem to solve than guessing whether behavior is suspicious.
On qualified transactions, fraud liability shifts away from the merchant entirely. Chargebacks, friendly fraud, stolen card transactions, all of it becomes IoniaPay’s liability. For merchants watching their chargeback ratios and worrying about Visa VAMP monitoring thresholds, that liability shift is the difference between a compliance headache and a clean processing history.
Why Your Card Gets Declined on Road Trips
The false positive problem in merchant credit card processing isn’t abstract. Marshall told a story that anyone who’s traveled with a primary credit card will recognize. He was driving from Arizona to California with his family, a normal route with predictable stops, when his card started getting declined. Gas stations. Clothing stores. Everywhere. His issuer’s fraud system flagged the California transactions as suspicious, even though the pattern was completely unremarkable.
“I had to call my bank, verify who I was, and then they unlocked it. And then 45 minutes later, it locked again.”
— Marshall Greenwald
The bank’s credit card fraud prevention system flagged a legitimate customer, the merchant lost the sale, and the customer spent an afternoon on hold. The fraud system worked exactly as designed and still produced the wrong outcome. This is what a 5% false positive rate looks like in practice for real people on ordinary errands.
Faster payments, zero fraud liability
Merchants shouldn’t wait for payments or lose revenue to chargebacks. See how Instant Direct Payments™ prevents fraud and protects businesses.
Instant Direct Payments: Fixing the Merchant Processing Settlement Gap
Fraud prevention is half the problem. The settlement side of merchant credit card processing has its own structural failures, and Marshall walked through exactly why merchants still wait 2 to 4 days to get paid.
A standard card transaction moves through six to eight companies before money reaches a merchant account: the processor, the acquiring bank, the card networks, the issuing bank, risk layers, reconciliation systems. Each handoff adds time, cost, and a failure point. The result is a settlement float that ties up merchant cash, forces dependence on rolling reserves, and can leave a small business short on payroll because a holiday weekend fell in the middle of a settlement cycle.
Real-time payment infrastructure exists. The RTP Network from The Clearing House can move money instantly, but only for push payments, meaning it works when someone with an existing wallet pushes money outward. There’s no mechanism to take a card payment and move it in real time all the way through to the merchant. IoniaPay’s Instant Direct Payments (IDP) closes that gap by collapsing the intermediary chain. Using Visa and Mastercard rails but removing the unnecessary steps between them, merchants receive funds the moment a transaction clears, 24/7, including weekends and holidays.
Friendly Fraud Is More Sophisticated Than Most Merchants Realize
Friendly fraud gets discussed mostly as a customer falsely claiming they never received an order. Marshall described something more systematic involving loyalty programs that most payments processing conversations ignore entirely.
A customer buys an item, earns loyalty points, then returns the item. If the merchant’s systems aren’t tightly synced, the loyalty points often stay on the account even after the return is processed. Sometimes merchants waive the physical return entirely. The customer ends up with either the goods and the points, or a full store credit on top of the returned merchandise. Nothing about that pattern triggers a traditional fraud alert in merchant credit card processing systems because it mimics completely normal purchase and return behavior.
“It’s really hard to tell the difference. And the merchants often don’t even realize it’s happening at scale.”
— Marshall Greenwald
Built to Complement, Not Replace
Jason asked the obvious competitive question: is IoniaPay trying to replace Stripe, PayPal, and existing gateway infrastructure?
Marshall’s answer: no. IoniaPay is built to work alongside existing merchant processing setups, not replace them. Merchants don’t have to choose between IoniaPay and their current processor. The platform integrates into existing payments processing stacks, handles what it can, and routes to the traditional rail for anything outside its scope. Orchestration across 200+ gateways is part of the product, not a separate service.
The practical pitch is that merchants get the fraud elimination and instant settlement benefits without a migration project.
Agentic Commerce Is Already Happening in B2B
The conversation ended with a look at where payments processing is heading. Jason asked about agentic commerce, AI agents making purchases autonomously, and whether that changes the landscape.
Marshall’s answer split cleanly by segment. In B2B, it’s already real. He’s working with clients where AI agents are executing procurement workflows and completing transactions without human involvement. In retail, the timeline is longer. Consumers still want to browse, see the product in context, and make their own purchase decisions. He noted that ChatGPT tested transactional commerce and then stepped back, likely because the economics of being a marketing platform are cleaner than being a merchant of record.
“I just can’t see a world anytime soon where somebody like my wife is going to log into ChatGPT and say, ‘Go buy me this dress.’”
— Marshall Greenwald
The point wasn’t skepticism about AI. It was a straight read on where the near-term action is actually happening in payments processing, and where it isn’t yet.
Watch the full episode on The Ecommerce Edge to hear Marshall and Jason go deeper on 3DS, authentication challenges, and the payments processing infrastructure that’s still running on rails built for a different era.