https://mjtsai.com/blog/2023/12/07/fastspring-risk-screening/ Thursday, December 7, 2023 FastSpring Risk Screening I received a pair of e-mails from one of my payment processors, FastSpring, which included this text: Our implemented process is designed to ensure full alignment and compliance with regulatory standards, including KYC/KYB (Know Your Customer/Know Your Business) requirements, Anti-Money Laundering (AML) regulations, Countering the Financing of Terrorism (CFT) guidelines, and international sanctions screening. We've had to invest in various compliance measures to meet these regulatory requirements, but they do come with associated costs. We're striving to keep these costs as reasonable as possible for our sellers. The annual Risk Screening process is applicable to all sellers. To offset the administrative costs associated with this service and to ensure a seamless process, we have implemented a fee of $150.00 to complete the Risk Screening, no more than annually. [...] Upon successful payment processing, our Risk team will reach out to you in the following weeks to guide you through the screening process. We understand the importance of your business, and we are committed to upholding the highest standards of security and service. If the fee isn't received by the specified date, your account will be unfortunately disabled, resulting in loss of access to the FastSpring platform and payment processing capabilities, including subscription renewals. This sounded a bit suspicious. The e-mails seemed to be sent from FastSpring, but they looked different from other e-mails I've received from them. They used different formatting and did not address me by name. A link to their terms of service was included. The ToS does mention a $150 fee, but it refers to it as a "Vendor Risk Verification Fee," whereas the e-mail calls it a "Risk Screening Fee." The e-mail said to go to fastspringverifications.onfastspring.com to pay the fee. This is odd because it's a store hosted at FastSpring itself. It calls FastSpring an "authorized reseller" and has a field to enter a coupon code. There's a "Get updates about our products and offerings" box that's pre-checked. Nothing on the main fastspring.com site seems to link to this store. This store is not inside of the admin interface for my account, and it doesn't ask for my account ID, so it's not clear how they would associate the payment with my account. Do they match the e-mail address? And why aren't they just taking the fee out of my earnings automatically, like they do for their other fees? This all just looked strange, but I contacted FastSpring's support and they said it was legitimate. The decision to use a separate payment link, fastspringverifications.onfastspring.com, is intentional and aimed at enhancing the accuracy of fee tracking. This approach ensures a detailed and accurate record of all fee-related activities. I don't understand that at all. In any case, I'm a longtime customer but am currently only using FastSpring as a backup processor, so the transaction volume is low, which may explain why they want me to pay the fee. It's not that big of a deal, if legit, and it seems I have no choice if I want to keep the account, so I went to pay the fee, but they said my credit card was declined (3 times). I know the card works and had just used it for something else. It's never been declined anywhere else. I contacted the card issuer who said there was no record of FastSpring even attempting a charge. I've contacted FastSpring again to see what's going on but have not heard back from them since yesterday, whereas the initial confirmation that the e-mails were real came after only a few hours. Everything else with FastSpring has gone smoothly over the years, which is what makes this so surprising. So I wanted to document this odd interaction in case anyone else gets these e-mails that look like possible phishing. As a side note, when I got started selling software, all the e-commerce providers would post their rates online. It was all transparent and simple to compare. Now, they are all up front about the fact that rates depend on negotiating custom deals based on your scale. FastSpring pointedly does not tell you their pricing, except to say that it's "simple, flat-rate" that "works on a revenue-sharing model." But there's apparently at least one hidden fee that's only mentioned in the fine print. Previously: * What It Was Like to Sell Apps Online in 2003 Update (2023-12-08): FastSpring e-mailed me back to say that the payment issue was corrected, but it again reported that my card was declined. Update (2023-12-08): FastSpring "pointed the store to a different processor," and then it worked for me. They were very nice and said they would proceed with the screening, anyway, if we couldn't get the payment to work. Business FastSpring Financial Payments Phishing Web 14 Comments RSS * Twitter * Mastodon Kevin Kearney December 7, 2023 4:10 PM Michael - I got the same e-mail from FastSpring and had the same experience today as you - I tried to make the payment, using two different cards from two different banks, and in both cases was the purchase was declined. Immediately afterward, I make a test purchase of my own product through FastSpring with one of my cards, which when through immediately. Could you send me an e-mail and let mw know if you heard back from them about he problem making a payment? It does all seem extremely strange. Michael Tsai December 7, 2023 4:38 PM @Kevin That's odd, too. I wonder whether that's due to a difference between the Classic and Contextual backends. I'll post here when I hear back from them. Captain Hammer December 7, 2023 5:45 PM Thank you for documenting your experience. I have not received an email, yet, nor do I see a notice in a company Dashboard. Not using the new dashboard or doing subscriptions (if it matters). This is very weird. They're calling this a risk screening, but what is the new risk? FS already has enough identifying info to pay you, perform tax compliance, and has a multi-year history of legitimacy. I agree this should be absorbed by their processing fees. FS is not the cheapest around. This new annual fee is more than the Apple's annual Developer fee. I also dislike that everyone is no longer straightforward about their costs. Any news from Paddle along this front? I haven't experienced any new "risk screenings" from any other services. This feels like a made-up fee attached to a cable bill. I miss Kagi. The were straightforward and never did me wrong. Beatrix Willius December 7, 2023 9:19 PM A Xojo developer went through this a while ago. Fastspring is using ShuftiPro with some AI nonsense: "The process went very badly - having to upload photos of driving licence and passports / utility bills etc to an automated system that had the Artificial Intelligence of Artificial Sweeteners." Michael Tsai December 7, 2023 9:21 PM @Captain Exactly--it's not mentioned anywhere in the admin interface, which is where I would expect to see something that pertains to my account, specifically. I guess this is a rolling screening because I just got the e-mail this week, but the Hacker News post I found was from two months ago. Paddle had me do a more extensive background check in 2019 (with Onfido) than FastSpring did when I signed up with them, but there was no extra fee and it doesn't seem to be an annual process. The earlier part of the FastSpring e-mail implies that they are being required to do this and are paying ShuftiPro to handle it. I have not had to do such a screening with Apple or PayPal. I think maybe I did with Setapp when creating my account. I guess my main complaint is that it's been anything but the "seamless process" that was promised. Andy Becherer December 8, 2023 4:45 AM Nice to see I wasn't the only receiving or being puzzled/annoyed by this. After years of positive and smooth operations and partnership with them, this reads and feels forced, even a little like blackmail to me. Especially the prospect of this being a yearly occurence from now on, kind of like a new participation fee. These mails really rubbed in the wrong spot, tbh. Additionally, the short timeframe they want to enforce here makes this even more frustrating. Still, seriously considering alternatives right now. And if their "seamless" payment doesn't even work, they'll probably disable the account even if one tries to comply when the due date comes. As I said, feels disappointing after years of fruitful partnership. Somehow oddly reminiscent of the mail Kagi sent when they folded? But that might just be me. Kohan Ikin December 8, 2023 7:10 AM I got one of these as well, and also thought something looked "odd" about it. But like you, I contacted Fastspring Support via the admin interface to confirm it was legitimate. They were very friendly and polite about it. No problems making the card payment here, it went straight through for me. Though besides the Fastspring payment receipt, I've not yet received any email detailing next steps for the ShuftiPro compliance screening. I don't get a good feeling about ShuftiPro yet, the minimal research I did was full of people saying "easiest way to be approved for crypto and casinos!", which is not reassuring to me at all. I thought I'd been selected due to a very low income year & having just transferred out a Fastspring payout. So it's reassuring to me to see that it's happening to others as well, though frustrating for all of us. John December 8, 2023 9:12 AM They were very friendly few year ago. Now it is all about money. They want US to pay their own so called "Risk Screening" for a fee of $150.00. That would mean that fastspring costs $150 every year for us. No thanks. We will not do pay for that. Michel Fortin December 8, 2023 9:25 AM If I had to guess from the behavior, I'd say the company has a new owner who is trying to milk its customers before the service deteriorates too much following a reduction to a skeleton crew. Although I suppose any kind of pressure could be responsible. It'd be interesting to see if they actually follow through and cut you off if you don't pay for this verification. I note the CEO changed in 2019. The original vision of this company is probably lost by now. John December 8, 2023 9:28 AM This fee is explained in thier terms of service (fastspring.com/ terms-use/seller-terms-service) found in section 4.1. "FastSpring expressly reserves the right to charge you a Vendor Risk Verification Fee of $150, no more than annually. FastSpring's decision not to charge you the Vendor Risk Verification Fee in any given year is not a waiver of its right to charge it in any subsequent year." So the want eacht time a transaction fee, plus $150 each year. And the whole thing hidden under seller-terms-service and not under "Pricing" on the website. Ben Kennedy December 9, 2023 5:07 PM This has been very interesting to read; thank you Michael and others for documenting your experiences. I've been a FastSpring customer/ vendor with an active store since 2011, but as yet I have not received the email (this is the first I'd heard about it). In recent years my sales volume has been virtually negligible so perhaps I'm below the threshold of viability, or maybe it's just a matter of time. I also just migrated from the "Classic" to a "Contextual" store last month; relevant or not I don't know. Amusingly I was recently trying to confirm the terms of commission they take, and figured I was just a dunce because I couldn't find any discussion of it on their web site. By the sounds of it this is purposeful (which strikes me as distasteful). I wonder if they would even take me as a customer if I were to sign up today. Gray Spot December 10, 2023 11:19 AM I've been a fastspring customer for 14 years. I first received an email from them back at the beginning of October. So it looks like they might be rolling these out over time. I took one look at it and thought it was for sure a scam, so I ignored it completely. Time passes and I notice that my store was placed in "test mode". I contacted support, and days later I get a reply indicating I had not responded to the email and paid the $150. Unbelievable.... After 14 years and a "lot" of money moving through fastspring they claim to send 2 emails (I only got 1) then take my store offline. In the store portal (both classic and new) there is no indication I needed to pay some new fee. Just a "store is in test mode" notice. I have since paid the $150. That was last week. I have not yet been run through ShuftiPro to verify my identity (again, after a 14 year business relationship). All through this, the store remains down. I've seen no sense of urgency at all on their part, not as far as I can see. Best I can tell, this is a money raising activity and an attempt to cull certain accounts. That's how it seems from my perspective. If that is the case, in my opinion it's a really dishonorable way to go about it. Eli December 10, 2023 3:36 PM Do not pay. If something like this is done from other providers, it's usually for free. Lundrim Brit December 10, 2023 3:55 PM We received the email to pay within 3 weeks or we will lose our account with FastSpring and we are customers for 9 years. Sorry but FastSpring is no longer trustworthy. We will not pay. Leave a Comment [ ] Name [ ] E-mail (will not be published) [ ] Web site [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [Submit Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] - - Blog Archives Tag Cloud Top Posts Recently Updated RSS Feed * Comments Mastodon * Twitter Apple News [ ] [Search] Support this site via Patreon. Try my Mac apps: DropDMGDropDMGDropDMG EagleFilerEagleFilerEagleFiler SpamSieveSpamSieveSpamSieve ToothFairyToothFairyToothFairy Copyright (c) 2000-2023 Michael Tsai.