Why is this so hard?
A lot to reasons, but primarily liability and cost, in three distinct ways:
1) Fraud risk. Both the idea of a hacked account (someone paying for something using someone else's account/info/etc.), and the idea of someone paying legitimately, but disputing it. Getting hit with fraud costs them money, adding barriers to stop it costs money and resources, and they could be liable if it's not handled correctly.
2) Government requirements. Post war on drugs, lots of banking requirements around tracking money to stop money laundering; post 9-11, same thing, but to stop terrorism. Staying compliant with this costs money, and being incompliant risks liability.
3) Security. When dealing with people's financial data (CC info, bank accounts), keeping it secure costs money and resources, and exposes them to liability if they don't handle it correctly.
Any of those three things can make the payment entity liable for various issues and pushes their costs up. Thus they need to charge enough to not only cover all normal business operations (customer service, IT, etc.) but also deal with these issues, exacerbated due to the potential amount of money being dealt with regularly.
Thus there's very few players, and they're somewhat expensive. Honestly, it's interesting that they don't cost more, with more hoops.
Anyways, hope that helps explain. :)