[HN Gopher] Stripe banned us for payment disputes but we never h...
___________________________________________________________________
Stripe banned us for payment disputes but we never had a single
dispute
Author : hienyimba
Score : 643 points
Date : 2021-09-14 10:51 UTC (12 hours ago)
(HTM) web link (justuseapp.com)
(TXT) w3m dump (justuseapp.com)
| hienyimba wrote:
| UPDATE from Justuseapp.com: Stripe has reached out to us and
| working together, we have resolved this issue and our account has
| been re-enabled.
|
| I cannot thank Hacker News enough.
|
| Running a business all these years has been hard and full of Ups
| and downs. I do not recommend it for the faint-hearted. Until
| this morning, I had almost given up hope that our business was
| dead.
|
| Thanks for bringing us back from the dead HN.
| _hilro wrote:
| from https://news.ycombinator.com/item?id=28524077
|
| > it looks like JustUseApp was collecting money for the virtual
| cards by pushing through unauthorised payments to the users
| original card.
|
| > Additionally in the EU, the introduction of Strong Customer
| Authentication basically makes these types of transaction
| completely illegal
|
| Was this the case?
| hienyimba wrote:
| No it wasn't.
|
| All payments must be manually authenticated. I have replied
| the parent comment.
| kureikain wrote:
| Not exact this but I had my account in some suspend state twice
| saying I was on Match list
|
| https://news.ycombinator.com/item?id=26320429
| https://news.ycombinator.com/item?id=21306225
|
| In both case Edwin has helped me a lot to recover my access.
|
| But it's a hear sinking moment and a few anxiety days because
| without Stripe I don't really know what option I had out there.
| Paypal is probaly what I will do next in those case.
|
| PS: if you're here Edin, thanks so much for helping me solve
| those issue in the past. I finally be able to bootstrap by SaaS
| and profitable with it.
| gadders wrote:
| I think all payment processors grow until they hit scale and
| become paypal. This may be because at that scale they hit new
| regulations, or have to manage their customers as aggressively as
| paypal.
| afarrell wrote:
| As you scale, your probability that you will
|
| 1. Deal with bad actors
|
| 2. Misjudge an honest actor as a bad actor
|
| both approach 1.
|
| To make a general statement about Stripe, we'd need a broader
| statistical analysis rather than a single anecdote.
| Crazyontap wrote:
| What scares me most is what happens when this happens to you and
| you can't get to the HN front-page? Will you get the same
| resolution from Stripe/Google/Apple/Aws if it didn't?
|
| Making the front-page is often random luck I think, which is also
| why I personally always upvote such submissions when I find the
| person making it is a solopreneur/small company - as this may be
| their last and final resort to get things sorted.
| marcus_holmes wrote:
| well their website banned me from viewing it because I use a VPN,
| so I can't comment on the justice/injustice of their position. My
| irony sensor went off though.
| hienyimba wrote:
| This was due to us trying to please Stripe as users on VPN
| (anonymous IPs) were more likely to be fraudulent according to
| them
| RHSeeger wrote:
| But if you don't need to pay to read the page, why put it
| behind that check?
| eli wrote:
| Users on VPNs certainly are more likely to be fraudulent
| pc wrote:
| (Stripe cofounder.)
|
| Ugh, apologies. Something very clearly went wrong here and we're
| already investigating.
|
| Zooming out, a few broader comments:
|
| * Unlike most services, Stripe can easily lose very large amounts
| of money on individual accounts, and thousands of people try to
| do so every day. We are de facto running a big bug
| bounty/incentive program for evading our fraudulent user
| detection systems.
|
| * Errors like these happen, which we _hate_ , and we take every
| single false rejection that we discover seriously, knowing that
| there's another founder at the other end of the line. We try to
| make it easy to get in touch with the humans at Stripe, me
| included, to maximize the number that we discover and the speed
| with which we get to remedy them.
|
| * When these mistaken rejections happen, it's usually because the
| business (inadvertently) clusters strongly with behavior that
| fraudulent users tend to engage in. Seeking to cloak spending and
| using virtual cards to mask activity is a common fraudulent
| pattern. Of course, there are very legitimate reasons to want to
| do this too (as this case demonstrates).
|
| * We actually have an ongoing project to reduce the occurrence of
| these mistaken rejections by 90% by the end of this year. I think
| we'll succeed at it. (They're already down 50% since earlier this
| year.)
| buf wrote:
| This post reminds me of when the same thing happened to me
| about 5 weeks ago:
| https://news.ycombinator.com/item?id=28085706
|
| It feels like there should just be a better process. Shut down
| payments to protect yourselves sure, but spare a real life
| person to email the customer and give them a chance to explain
| or at least understand why.
| GiorgioG wrote:
| It seems like companies can't seem to get their act together
| to offer some kind of rapid escalation/remediation service.
| Maybe it's time for legislation to force their hand. This
| could potentially cost a business a ton of money (and affect
| a non-trivial number of employees) in the process.
| mgkimsal wrote:
| Would 'paid' support help? Like pay, say... $150 up front,
| which is refunded (partial or all) depending on the outcome
| (error on their end, you get refunded?)
|
| It runs the risk of turning 'support' in to a profit
| center, I support.
| GiorgioG wrote:
| Not really. This should be an emergeny-use only type
| support. But don't penalize (by making them pay) for a
| screwup on your end.
| aquark wrote:
| While not ideal, I think this is a great option.
|
| Microsoft (used to?) offer this for developer support and
| I remember using it maybe 15 years ago where it was a
| couple of hundred bucks to open a ticket but you got
| quick access to a real expert and good escalation.
|
| If the issue turned out to be their problem the ticket
| was refunded.
|
| For something business critical like this it is a way of
| signaling to the company that there is clearly somethin
| wrong with the automated process: a real scammer won't
| pony up hundreds of $ to get a review they would fail.
| AzzieElbab wrote:
| please stay a startup, pc !!!
| hippich wrote:
| > Stripe can easily lose very large amounts of money on
| individual accounts, and thousands of people try to do so every
| day.
|
| Not sure what case you refer to, but in our case someone was
| able to place multiple clearly (in my own hindsight) fraudulent
| orders on our woocommerce store. And it wasn't Stripe who lost
| on these chargebacks - it was us. The only way for Stripe to
| lose money in such scenario if seller (us) would be an active
| part of the fraudulent transaction. I.e. work together with
| someone placing fraudulent orders and immediately funnel money
| away and throw away stripe account. That is clearly not an
| option for an established business...
|
| And no, it wasn't a niche attracting fraudsters - we sell
| pyrography tools, not electronics or some other similarly
| attractive products for fraudsters.
| danielmarkbruce wrote:
| You figured out a way to do it (and people will set up
| businesses solely to do this) without having to think too
| hard. The creative things fraudsters will do is pretty wild.
| The time horizons they'll work on is also surprising -
| sometimes they move fast, sometimes they are quite patient
| and pose as an established business. And... sometimes they
| start out legit and then go to fraud when their business
| starts failing.
|
| Give these guys a break - they are trying to onboard
| customers as fast as possible to reduce the headache
| involved. The only way to do it is automation. There will
| _always_ be cases where things go wrong.
| fragmede wrote:
| And sometimes the scammers will buy legit, aged accounts,
| or take them over, so just because an account has been in
| good standing for years, with what looks like real human
| interactions with support, isn't enough of a signal to know
| that a scam isn't taking place from that account.
| koreanguy wrote:
| Your AI is the problem, not using stripe for any type of
| business.
| mdoms wrote:
| Every time. Every fucking time. And what if this post hadn't
| blown up on HN? This guy would just be screwed? If I want to
| use Stripe should my risk matrix include "fingers crossed HN
| picks up my story if I get shafted"?
| anonymoushn wrote:
| What's your recommended way to get in touch with humans?
| Previously we had a manufacturing business + online store
| rejected because we mentioned that some of our customers may
| eventually be drop-shippers (i.e. an online store cannot
| prevent people from buying on behalf of other people) and there
| seemed to be no recourse other than "start a different
| business."
| quelltext wrote:
| What do you mean by drop-shippers and what do they do that's
| risky/bad?
|
| Looking for drop shipping on Google leads me to pages e.g. by
| Shopify or Square explaining it's a model to run retail where
| the store doesn't hold stock or fulfill but instead has a
| distributor / manufacturer fullfil the transaction, shipping
| directly from them to the customer.
| anonymoushn wrote:
| Some companies don't want to do business with drop
| shippers, maybe because they will often be unable to
| fulfill orders or because customers will often be upset
| that their order took a few weeks to arrive. As a
| manufacturer, we anticipated that some people would resell
| our products on their own storefronts.
| pc wrote:
| My email address is public (patrick@stripe.com). Lots of
| other people at Stripe also have public email addresses.
| (Just to be super clear, it's a bug that you'd have to do
| this, and I'm sorry about the trouble! But when mistakes
| happen we do want to have a way to know so that we can fix
| things.)
| milofeynman wrote:
| I open every stripe article on hn just to read your comments. I
| appreciate your style of hands-on leadership. I try to do my
| best to imitate it.
| onetimemanytime wrote:
| OK, but how do you explain the appeal?
|
| Hire people to manually review final appeals, maybe you've gone
| too far and are not hiring to keep up with user growth.
| [deleted]
| bilalq wrote:
| I'm a little skeptical knowing that Stripe never publicly
| addressed why they banned LaunchGood.
|
| https://tinyletter.com/blauvelt/letters/looking-forward-afte...
| codegeek wrote:
| "We try to make it easy to get in touch with the humans at
| Stripe"
|
| You used to offer live chat which is no longer the case,
| correct ? I understand that stripe has exploded as a business
| but with all the money being invested in Stripe, I would
| seriously recommend getting live chat back so at least we know
| we have someone out there looking for us. Perhaps offer this to
| customers who are diong a min. MRR (could be controversial).
|
| The attraction behind Stripe is the ease of API but at some
| point, that will become unimportant if support is not good when
| we are talking about dollars. Just my 2 cents as an overall
| Happy Stripe customer for almost 7 years.
|
| EDIT: Never mind. I was wrong.
| pc wrote:
| We definitely still offer live chat support!
| andrewstuart wrote:
| if (transactionInvalid > 5) { if
| (accountPossiblyFraudulent) {
| sendAccountCancellationEmail(accountid))
| stripeBackEnd.closeUserAccount() } }
|
| It's disgraceful that there isn't multiple layers of careful
| analysis and INCLUDING personal reachout before canceling an
| account.
|
| Big companies like Stripe need to be reigned in with
| legislation because they wield the power to destroy businesses
| and they do it without care.
|
| Where is Stripes ombudsman - a customer advocate - an
| independent person with CEO level power within Stripe who's
| primary duty is to customers and is a channel of last resort
| when your normal support channels have failed? Why don't you
| have this?
|
| How can you allow Hacker News to be the channel of last resort?
|
| You're running a financial services company and doing it as
| though it's unimportant to cancel someones ability to invoice.
|
| The lack of protection for your customers is why companies like
| Stripe need much tougher regulation.
|
| In fact, you as the co-founder of Stripe should NOT be
| answering here on Hacker News. You should make it a point to
| NOT personally resolve such issues because if you have to, then
| you are acknowledging serious failure in your companies systems
| and serious letdown of your customers. In fact you should be
| appalled that Stripe so fails it's customers that they must go
| to social media to solve valid problems. You should simply be
| able to rely on some lower level person in Stripe finding this
| and posting a short message saying "please contact our
| ombudsman", and being assured that your ombudsman will give it
| due and fair consideration.
|
| So surely this is not the only time Stripe has mistakenly
| cancelled an account - but this is the one case where the
| person who's account was cancelled was able to get their issue
| on the front page of Hacker News. Therefore is can be said that
| many people have their accounts mistakenly cancelled by Stripe
| and have no recourse - again where is your ombudsman?
|
| This is serious systemic failure of Stripe. And the worst thing
| is it is not just Stripe - this is what people have now come to
| expect from giant companies that are a critical part of
| business - such as Apple's app store - people now expect that
| the company might one day send a random email saying, in effect
| that your business is over. You can't or won't fix it, so the
| law should.
|
| Stripe founder need to hear this: "sorry" ain't enough.
| invalidusernam3 wrote:
| > We actually have an ongoing project to reduce the occurrence
| of these mistaken rejections by 90% by the end of this year. I
| think we'll succeed at it. (They're already down 50% since
| earlier this year.)
|
| More important than that is provide a way for people to get
| this revolved without having to make the front page of HN.
| oconnor663 wrote:
| One particularly frustrating aspect of fraud prevention is
| that fraudsters are better than the rest of us at getting
| human support staff to do what they want. They have way more
| practice, and they learn techniques that work from other
| fraudsters.
| pc wrote:
| Right. It's a hard problem. That said, we think we can get
| better.
| atatatat wrote:
| Reading the stories week in and week out, we think you
| can get better, too.
|
| Hopefully that's a more diplomatic version of my
| (somewhat valid) sibling comment.
| effingwewt wrote:
| Let me help you.
|
| Stop relying on HN/Twitter as coalmine canaries and hire
| human fucking support.
|
| This trope is ground into the mud by now.
|
| You don't get to outsource customer support, or better-
| nix it entirely and then act all shocked shit like this
| happens.
|
| 'Oh no I have no idea how this happened, even though this
| was the exact plan when we went to email-only suppprt'
|
| If the entire road you have paved is one big crack in the
| ground, it's less like customers falling through the
| cracks and more like a city being swallowed up in an
| earthquake.
|
| It should be made law if you are a payimg customer
| companies should have to offer customer support that the
| customer can actually understand.
|
| Doordash and UberEATS are two of the worst companies in
| the US, and yet even they have (garbage, to be sure)
| customer service.
|
| You guys cut all corners in the name of the Holy Profit.
| So why the hell should we cut you slack when you fall in
| the pit _you_ dug.
|
| Aww how cute you downvote me immediately with not a word
| of rebuttal.
|
| I'm sure because there is literally no excuse for this
| bullshit behavior. Im fine eating fake points to call you
| out on it.
| dwild wrote:
| > One particularly frustrating aspect of fraud prevention
| is that fraudsters are better than the rest of us at
| getting human support staff to do what they want. They have
| way more practice, and they learn techniques that work from
| other fraudsters.
|
| Then put a flag on that account. Repetitive issues will
| make it clear what's happening.
|
| Fraudster also doesn't have the same needs as most
| customers, they don't need to keep the same account... at
| best the same account will barely give them more
| credibility, but that would no longer be true if a flag has
| been raised previously.
|
| There's plenty of ways to verify identities, use that when
| a flag has been raised previously. Again, something that
| sure a fraudster can do but lower odds than an actual
| customers.
| fencepost wrote:
| I'll say the same thing about fraudsters I tell clients
| about hackers, ransomware gangs, etc. What they do is their
| jobs and some of them are quite good at those jobs. Don't
| think of them as the stereotype angry teen that might have
| come to mind 30 years ago - these days it's more likely
| that they look just like your IT department working from
| home - or like technical employees in a Russian government
| office in Moscow.
| mbreese wrote:
| I know it's not an ideal support mechanism, but I think this
| is one of the services HN provides to the community
| (informally). It can provide backdoor/informal channels
| through engineers and founders to some rather large
| companies. Especially when other avenues fail. But for the
| community, in this case, not only Stripe gets to learn about
| the issue, but we can all take something from this about
| automated systems and needs for manual overrides/reviews.
| This type of "case-study" can help many other companies avoid
| similar problems.
|
| But we also get some of the back story from Stripe about
| _why_ their systems are designed this way. What challenges
| they face that made these engineering choices make sense.
|
| I'm sorry that this happened to the OP. But at least this
| channel of communication exists. And I think we can all
| benefit from it.
| falcolas wrote:
| It only exists as long as the post gains enough attention
| to get to the front page. Which doesn't happen for every
| post - not even most posts - which makes it an
| exceptionally poor avenue of support.
| [deleted]
| [deleted]
| rualca wrote:
| > I know it's not an ideal support mechanism, but I think
| this is one of the services HN provides to the community
| (informally).
|
| I would like to know where and why Stripe's customer
| support failed in this case. Or even if it failed at all.
| Those are the only relevant details.
|
| It's immaterial to the discussion whether any other web
| forum was used as an alternative to Stripe's customer
| support. I'm sure HN didn't signed up to be any company's
| customer support channel, or if it's reasonable to get it
| involved in this ordeal.
|
| If I have a problem with Stripe, I want my business to be
| dealt with Stripe directly, and in the process not get a
| web forum involved. I would hate to be in a position where
| escalating an issue so that it becomes a PR issue as well
| is seen as the first step in a problem-solving workflow.
| atatatat wrote:
| The answer is usually:
|
| Maintaining the magic abuse detector requires secrecy
| around the heuristics, which means not always giving the
| clearest error codes/any error codes to the user re:
| what's wrong with their account/transaction.
| jjav wrote:
| > More important than that is provide a way for people to get
| this revolved without having to make the front page of HN.
|
| Absolutely!
|
| Mistakes are ok, it'll always happen. Great to try to
| minimize them, but there will always be mistakes.
|
| The real key is how they are handled and how easy it is to
| get a real responsive human on the line who is empowered to
| fix it ASAP.
| rajeevk wrote:
| Only a few HN posts can make it to the front page. Only if
| you are lucky then you will be able to raise your voice
| through here. So I assume there would be many users out there
| affected like this and their issues were never resolved.
| amirhirsch wrote:
| Maybe Stripe should make and offer to acquire Justuseapp. It
| seems like a useful addition to help with subscription
| management.
| dkersten wrote:
| Since most of us are mere humans don't have the ability to get
| your attention by a viral post, how should someone get in touch
| to get this reviewed and rectified if they find themselves in
| such a position? I mean, OP's post shows that Stripe still
| decided to close the account even after "further review", so
| simply contacting support doesn't seem to be enough.
|
| EDIT: I see that while I was typing you replied to a sibling
| comment. So we should contact you directly? Can I ask why this
| slipped through further review, it seems like a bug like this
| shouldn't require contacting a founder directly by email to
| resolve.
| pc wrote:
| You don't have to contact me in particular -- you can get in
| touch with anyone at Stripe. (Or even DM Stripe on Twitter.)
|
| With regard to the last part of your comment -- absolutely.
| This is a final recourse when the system breaks, not a part
| of the system that we hope you ever have to use.
| rubynerd wrote:
| I don't doubt that from your perspective as the founder of
| Stripe, that's the workflow you'd like to have for when
| things "go wrong", but from the perspective of someone
| currently interacting with Stripe support, I strongly doubt
| that simply raising a support ticket or reaching out on
| Twitter would result in any meaningful movement on a
| rejection like this.
|
| Regarding Stripe's support: I emailed last night to confirm
| how to delete a user's card when it's represented as
| PaymentMethod, and in reply I received a link[0] to the
| cards/delete API documentation (which, in case you're not
| as steeped in PaymentMethod's as I am, won't work because
| the two objects are fundamentally different).
|
| Given this rather lacklustre handling & having also been on
| the receiving end of someone trying to fraud the company
| I'm working for, I highly doubt someone who is asking for
| reconsideration after receiving a fraud ban would actually
| receive an escalation via the front-line agents manning
| support@stripe.com, and if they could, the actual
| legitimate bans that Stripe no doubt needs to put in place
| would simply abuse that channel and waste everyone's time.
|
| I appreciate it's a really challenging balance of trying to
| provide an escalation/appeals process that won't be abused
| itself, and by comparison Stripe's approach of direct-
| founder-contact seems easier than Apple, as if your
| developer account application is rejected[1] you have
| absolutely zero recourse apart from going H.A.M. on Hacker
| News & hoping the community helps you out, whereas in this
| case there is a magic button that starts an invisible and
| unaccountable appeals process, that ultimately resulted in
| another rejection.
|
| The only "solution" (if any) I can see to counter the
| negative experience (& associated PR) would be involvement
| in the appeals process, where you are allowed to
| effectively "state your case" via video call or submission
| of evidence, but this draws a thorny parallel to the
| judicial system, and I doubt Legal would sign off on such a
| process.
|
| This is a problem that impacts basically any kind of
| appeals process, and Stripe's not alone in suffering from
| it, but that perspective doesn't help the dozens of
| founders that don't have the connections to sort this
| issues out in private, and are burning the attention span
| of Hacker News in the process of unblocking their
| businesses. Front-line support also isn't the answer,
| unless specific processes can be put in place to handle
| rejection escalations and get them into the eyes of the
| right people.
|
| ---
|
| [0] https://stripe.com/docs/api/cards/delete
|
| [1] Long story short: to use Apple's Mobile Device
| Management APIs, you need an Enterprise developer account,
| which thanks to The Verge & gambling apps skirting the App
| Store, isn't possible unless you went to Stanford with a
| future Apple PM. Admittedly, the chances of an Apple
| executive personally addressing this if I were to email is
| statistically quite low compared to emailing you.
|
| If someone from Apple is reading this & would like to pre-
| empt the classic "Apple screwed me" Hacker News post, do
| feel free to email me on luke@ghostworks.io and I'll
| happily brief you on The Great Saga of Enrollment
| 4HZY7VX69S.
| fencepost wrote:
| _The only "solution" (if any) I can see to counter the
| negative experience (& associated PR) would be
| involvement in the appeals process, where you are allowed
| to effectively "state your case" via video call or
| submission of evidence, but this draws a thorny parallel
| to the judicial system, and I doubt Legal would sign off
| on such a process._
|
| There's also the question/option of considering
| reputation, which also brings up scary thoughts about
| China's moves in that area. If you're complaining and are
| a well known highly voted participant on HN, YouTuber
| with thousands of subscribers, etc the risk that you as a
| public-ish figure are trying to scam is lower.
| rubynerd wrote:
| Oh absolutely, and that's something I'm taking into heavy
| consideration as I figure out the next move with Apple: I
| have next to no social clout or network, so if the
| loudest move I make in the tech sphere is "Apple screwed
| me", is that all I want to be known for?
|
| I'm not hopeful for any change in these sort of review
| processes without any legislation changes, but it would
| be a truly tragic state of affairs if it were to escalate
| that far.
| dkersten wrote:
| I suppose a related question then is if your review team is
| applying stricter rules than you are. Surely, in this
| particular instance, the review team should have been able
| to see that its a bug in the same way you are. I guess I'm
| confused by why contacting a founder helps here, are you
| overriding some checks somehow? Is that safe to do? If not,
| why did the review team not spot it?
|
| Maybe it really was a strange and unusual set of
| circumstances that made this occur, so hopefully its rare
| that someone would need to escalate to you directly. Thanks
| for being responsive to questions and making your contact
| details available. That's a lot better than some companies
| do.
|
| PS: since I have you here, completely off topic, I met you
| once in Dublin long ago and you got me interested in Lisp.
| Thanks for that :)
| mikepechadotcom wrote:
| Sorry to say that, but the fact that founders have to post on
| Hacker News to get necessary support from Stripe in case
| something like this happens, gives the impression that your
| reply is just reputation damage control, and nothing will
| actually change.
| pc wrote:
| I would estimate that roughly 99%-99.9% of cases get resolved
| without anything on HN. (Per the GP comment, things have
| already improved 50% since earlier this year and will, I
| think, improve tenfold by the end of the year.)
| teachrdan wrote:
| What's your definition of "resolved"?
|
| If a Strip user appeals unsuccessfully through your
| official channels and then gives up, do you consider that
| "resolved"?
|
| It seems like you exhaust those unfortunate users who
| banned due to Stripe's errors and then call it a success
| because they've stopped complaining. Or does your
| definition of "resolved" account for that?
| albrewer wrote:
| > and nothing will actually change
|
| If nothing changes, people will move away from Stripe on to
| something else. I'd say stuff like this is exactly how a
| business that wants to stay alive needs to react to swiftly
| and figure out the root cause for.
|
| The communication from the founder or representative needs to
| reflect the commitment to change and show the plan they
| intend to execute. The GP didn't do so well on the second
| point (vague plan, at best).
|
| If we see stuff like this still happening in 3-6 months, I
| think it's time to bring out the pitchforks.
| m11a wrote:
| Not really. Stripe has a better platform than competitors,
| and even though its support isn't a strong point it's still
| better than competitors (which admittedly is not a very
| high bar). It's probably much better for large businesses
| who have their own contact/account manager at Stripe etc.
|
| Last time I contacted Stripe I was given a round circle
| between departments, the department responsible denying the
| issue and/or sending me to an unrelated department (who had
| a good agent but, as expected, admitted she couldn't fix
| the issue even though she recognised its existence). In the
| end it turned out to be a bug in Billing that was
| eventually fixed (per the dev IRC) but support denied there
| was any bug and kept giving bot-like responses. It was
| ridiculous. Stripe _should_ probably improve its support,
| but even if it doesn't it'll probably do just fine.
|
| Big tech and developed 'startups' are famous for bad
| support. Consider Coinbase, which barely responds, PayPal,
| which is useless, or Google/FB, which don't even provide a
| contact option except in limited cases (eg GSuite for
| Business issues).
| noasaservice wrote:
| > Stripe has a better platform than competitors
|
| .... If you weren't disabled by an automated system, and
| "customer support" (probably another level of shitty ML)
| continues to double down.
|
| I concur with mikepechadotcom that this is simply a one-
| off damage control via "Social Media Escalation".
| m11a wrote:
| Right. I meant in terms of its APIs, Stripe's product is
| solid. I'm not saying their user service/CS is great,
| although it's probably average for the payment processing
| industry for non-large companies.
|
| I had almost exactly the same issue as OP but with
| Braintree. The support was equally as useless. Stripe
| isn't unique here, most tech companies just don't know
| how to build good support.
| atatatat wrote:
| People "moved on" from PayPal, too.
|
| You can't take back the entrenched market position gained,
| and the millions in dickswinging power now accessible.
| sombremesa wrote:
| It is just reputation damage control (i.e. this type of
| mistake will continue to happen - to err is human anyway),
| but communication is seen pretty favorably and it's the
| sensible course of action.
| yjftsjthsd-h wrote:
| > We actually have an ongoing project to reduce the occurrence
| of these mistaken rejections by 90% by the end of this year. I
| think we'll succeed at it. (They're already down 50% since
| earlier this year.)
|
| How can you tell? It seems, naively as an outsider, like the
| problem is precisely that you can't tell if they should have
| been rejected, in which case you can't tell how often it
| happens?
| pc wrote:
| Yeah, good question. First, we aren't trying to calculate the
| absolute rate, just relative changes. (The absolute rate
| would be nice to know but it's not needed to know whether
| we're getting better or worse.) Methodologically, we
| sample/scrutinize rejections manually and also look at the
| occurrence of discovered false rejections. But you're right
| that there could be some dark matter that we never become
| aware of.
| mdoms wrote:
| Well it looks like the Brains Trust inside Stripe has found
| a way to duke your OKRs, because this guy's appeal was
| denied and he was cut off anyway. No wonder your
| "incorrectly identified as fraud" metric is trending down
| if your staff are simply doubling down on incorrect
| accusations instead of copping them. Sounds like Goodhart's
| Law in action - do you happen to tie bonuses to OKRs?
| 55555 wrote:
| Random aside: Please look into supporting processing for sex
| toys!
| addingnumbers wrote:
| "We try to make it easy to get in touch with the humans at
| Stripe"
|
| Do, or do not. There is no "try."
| pogchampion wrote:
| I don't understand the stripe hate in the replies. In the past
| when I worked with stripe on a mobile project they were always
| quick to reply, and I felt like they did a good job of helping
| us through difficult problems (at the time a new platform) that
| is rare from a customer support perspective.
| jbschirtzs wrote:
| See my reply elsewhere on this post if you really want to
| understand what you here suggest.
| TicklishTiger wrote:
| Stripe can easily lose very large amounts of money on
| individual accounts
|
| How so?
|
| Is that because Stripe settles the payment on their end (they
| pay the merchant) before the payment to Stripe is settled?
|
| Can crypto solve this?
| penagwin wrote:
| I don't think crypto would solve this particular issue.
| Stripe needs the ability to back out of moving money, so
| there's several settlement periods for different parts of the
| transaction and ways to appeal transfers retroactively.
|
| I suspect fraudster's are able to wait out this period
| without detection so they can cash out. If this is the case,
| then even time locking smart contracts won't help, as the
| fraudsters just wait out the time period. At that point
| Stripe would have even less recourse to recover money, as
| retroactive transfers are not possible at that point.
|
| I could see services such as their debit card offering being
| abusable too.
|
| They also likely have to worry about things such as predatory
| recurring payments as those will result in chargebacks which
| could ultimately fall on Stripe to foot.
| [deleted]
| TicklishTiger wrote:
| Is fraud even possible with crypto?
|
| As I understand it: When A pays B with Bitcoin via the
| Lightning Network, B can almost instantly be sure that they
| have the money. There is no way for A or an intermediary to
| take it back.
| Jiro wrote:
| Reading this, it seems like part of the problem was the false
| message. If there aren't any unauthorized charges, the system
| shouldn't be sending people rejections falsely claiming that
| there are. Mistaken rejections are unavoidable, but they can
| still accurately describe the reason for the rejection.
| blantonl wrote:
| _We actually have an ongoing project to reduce the occurrence
| of these mistaken rejections by 90% by the end of this year. I
| think we'll succeed at it. (They're already down 50% since
| earlier this year.)_
|
| It seems to me that if a company provides such an important
| service to other companies (i.e. functioning as that company's
| direct revenue source - payments), then if somewhere it is
| determined that Stripe no longer intends to provide that
| service, someone at Stripe should be reaching out proactively,
| via a telephone or other method, to the leadership at the
| customer and explaining to them in detail why the decision was
| made to terminate the relationship and what recourse they have.
|
| I shudder to think of the impact something that an algorithm
| based decision like would have on my business in this scenario.
| I would be an absolute disaster, and could have far reaching
| implications for the viability of someone's business.
|
| Every single decision where Stripe is terminating a
| relationship should have a clear path to a human being for
| resolution, and should be reviewed by a human before the
| decision is even made. Like, setup a conference call with
| leadership and work through the issue. Most fraudsters wouldn't
| go through that process anyway, and it provides a proactive
| approach to working with customers who obviously would be in a
| complete disaster recovery scenario if this occurred so it
| would be all hands on deck on the customers side. Nothing is
| worse than having all hands on deck to address a critical issue
| and feeling helpless because the other side of the equation is
| an auto-responder email box.
|
| No business should be writing blog posts for help on something
| like this.
| ryan29 wrote:
| This should be at the top of the comments IMO. I'm honestly
| stunned by this blog post because I always assumed a
| relationship with a payment processor like Stripe was akin to
| a banking relationship where you'd have an account manager
| that would reach out to you to resolve problems. If the banks
| can do it, why can't Stripe? Is it simply a difference in
| regulation and what they can get away with legally?
|
| All of the big tech companies think they can use machine
| learning and algorithms to do everything and they have an
| "acceptable" rate of failure as a target.
|
| The main problem with that is that even if the failure rate
| is .01%, the failure is typically _catastrophic for that
| .01%_. When the error is going to ruin someone 's life, is
| there really an "acceptable" rate of failure?
|
| A secondary problem is that machine learning and algorithms
| are going to have a tough time accounting for virility. IE:
| If I have a small product that goes viral, as a percentage
| change, my error/fraud/dispute rates are going to jump
| drastically. So at the exact moment where reliable, scalable
| payment processing is the most important in my life, the
| automated systems are going to have the highest risk of
| banning me and automatically denying my appeal.
|
| The fact that 24-48 hours is considered an acceptable
| timeframe for an appeal is worthy of it's own paragraph.
| That's unacceptably slow if they're locking the account and
| doing irreparable harm to your business. That wouldn't be
| tolerated in a market with proper competition and my instinct
| is to ask for regulation that would involve a 3rd party in
| dispute resolution for a payment processor that's terminating
| a relationship in a non-amicable manner.
|
| At least give me some options that can make things suck less.
| I'd prepay $500 (non-refundable) without even thinking about
| it to be guaranteed a phone call prior to account
| termination. I'd let them hold back a percentage of revenue
| up to an absolute value so it can be held as a (refundable)
| bond to protect against fraud. I'd let them hold back a
| higher percentage if their automated systems detect an
| increased chance of fraud / issues.
|
| I think stuff like this is a stunning failure and I can't
| understand how tech entrepreneurs (of all people) can't
| understand why it's unacceptable. The dream for most of us is
| literally to build something that has overnight, viral
| success and makes us rich, but we've got companies like
| Stripe using ML algorithms that'll auto-ban you as soon as
| you deviate from the norm. How is that reasonable?
|
| The absolute worst case scenario for a Stripe customer should
| be for the customer to opt to have all payments withheld (by
| Stripe) and to undergo some kind of dispute resolution or
| problem solving. Would you rather wake up to a banned account
| or an email saying they're holding your money until you call
| them? I know PayPal gets a lot of flack for the latter, but
| maybe it's not that bad compared to the alternative. The
| problem with PayPal AFAIK is they hold the money for a long
| time no matter what.
|
| I get so frustrated when I see PR / damage control and the
| solution they're providing is "we're going to improve the
| algorithms." You can't. By the time those systems fail you
| need one-on-one human support where both sides can adapt,
| compromise, negotiate, etc. in real-time.
|
| YOU NEED PEOPLE, NOT MACHINES!
| idorosen wrote:
| Stripe's customer support is absolutely horrible and
| ineffective, in my opinion. I have multiple firsthand data
| points, including three ongoing issues.
| edwinwee wrote:
| Can I help with the ongoing issues? Could you add me to the
| email threads? edwin@stripe.com
| [deleted]
| idorosen wrote:
| I've just forwarded you multiple threads now where at least
| 5 agents (each) have passed the buck, resolved the ticket
| without actually reaching a resolution, closed it, or just
| gone silent.
| h0nd wrote:
| The more stories I read about VISA/Mastercard (yes, Stripe is
| there to accept payments of these networks) the less I want to
| use them. The only alternative I found so far were cryptos. (yes,
| there is paypal and such - but I have never seen any brick and
| mortar shop accepting it)
| avianlyric wrote:
| Reading between the lines here, and based on the reply from Edwin
| in this thread, it looks like JustUseApp was collecting money for
| the virtual cards by pushing through unauthorised payments to the
| users original card.
|
| So payment using their privacy card would look a little like
| this.
|
| Merchant --> Privacy Card --> Users Real Card --> Users Bank
|
| Where the step between Privacy Card and Real Card doesn't involve
| a checkout process and transaction authorisation. In bank speak
| they're just presenting transactions to the users bank, without
| first getting a transaction authorisation.
|
| These details are important because presented transactions can't
| be stopped (that's what authorisation is for), they immediately
| move money from the users bank to the merchant, regardless of
| available funds or user consent, they can only be reversed via
| chargeback. These types of payments are called unauthorised
| payments, and due to the inability of bank to prevent, you're
| never really meant to use them, and the receiving bank has very
| strong rights during the chargeback process.
|
| As a payments processor on the other side of the card network you
| don't want to be dealing with unauthorised payments. They're
| trivial to dispute, you're almost certainly breaking the card
| networks rules, and when they go wrong (which they 100% will),
| they're extremely expensive and time consuming to deal with.
|
| Additionally in the EU, the introduction of Strong Customer
| Authentication basically makes these types of transaction
| completely illegal, and as a customer if such a transaction
| happened on your account you would have a right to full refund in
| the event of dispute, and your bank would be forced to provide it
| even if you had published your full card details online. You're
| bank would of course then go after the merchant via the card
| network, and then payment processors like Stripe get caught in
| the middle, and potentially find themselves liable for money they
| can no longer reclaim from the merchant, because they've already
| paid out the money and the dispute only happened 3 or 4 months
| later.
| hienyimba wrote:
| Your prognosis is not quiet correct.
|
| Users have to manually fund their cards. This takes care of all
| the issues you mentioned above.
| iav wrote:
| My SaaS business serves corporate law firms and investment banks
| that invest in large corporate bankruptcies (think Hertz). When I
| launched, I first applied for a merchant license from Stripe, and
| was quickly denied by an automated system, citing violation of
| TOS (no reference to what violation). But given there are a ton
| of alternatives, I just used Braintree instead and it's been a
| great experience so far.
| hef19898 wrote:
| Sounds like a fun business, and industry!
| Zarathu wrote:
| I really feel for the author. We had once decided to participate
| in Stripe's Identity Verification beta. After submitting the form
| to request participation, Stripe's system locked our account
| pending verification.
|
| We were fortunate in that we had a backup payment gateway
| integration "just in case", because otherwise we would have been
| completely unable to accept any payments at all for a full week.
|
| That week was still extremely stressful. They offered no
| explanation or reason for putting our entire business on hold.
| Spare_account wrote:
| >We were fortunate in that we had a backup payment gateway
| integration "just in case"
|
| This seems like the key point here. I'm not a software guy or
| even a payments guy, I'm a network infrastructure engineer.
|
| For anything that we want more than 99% uptime, we put in two
| of everything, sometimes more. Two separate service providers,
| ideally coming down different physical paths where practical.
| wting wrote:
| It's not possible to increase availability with redundancy in
| all cases, because not all financial actions are idempotent.
|
| For example, sending money via a banking wire. If the bank
| goes down, you can't send a second wire through another bank
| without loss because the first wire is not retractable.
| dexen wrote:
| "Treat infrastructure as possible failure points and prepare
| accordingly" holds just as well for the payment
| infrastructure. Interesting and fresh perspective, thank you
| for sharing.
| toss1 wrote:
| Great practice, specifically determining how much redundancy
| you need, and making sure it is available. The theme also
| goes with your acct name quite nicely!
| dgb23 wrote:
| That is a scary trust violation... Good for you that you went
| the extra mile in advance and not in hindsight.
| edwinwee wrote:
| Could you email me at edwin@stripe.com and I can dig into what
| happened here?
| donohoe wrote:
| I can easily see this happen and I'm sure its affecting many
| others too and you just don't hear about it.
|
| A couple of years ago I was unable to make some online purchases
| with my debt card.
|
| It was always vendor specific and there didn't seem to be any
| logic to it. I talked to my bank, and they talked to MasterCard,
| and I would speak with vendors technical support or billing.
| Nothing out of the ordinary.
|
| This was happening for over a year and I got by with using a
| credit card as needed (which I don't like to use in general).
|
| Anyway, the common denominator was all these vendors used Stripe
| for payments. I email Stripe and eventually someone noted that my
| card number had been flagged by some algorithm in the past and
| had been blacklisted. For background, to my current knowledge,
| I've never had an issue with identity-theft, had others
| fraudulent charge my account, or done anything out of the
| ordinary.
|
| That fact that this happens, and you have no notification or no
| clear recourse is frustrating. To be clear, I do not think this
| is specific to Stripe - I think all large services are vulnerable
| to this.
| DanielBMarkham wrote:
| There's an interesting efficiency/reverse-opportunity-cost issue
| here.
|
| If you set up your ML so that it works x% of the time, you might
| very well have a profitable business even if you end up
| accidentally screwing over a bunch of folks. But no competitor
| can challenge you in the marketplace because the human cost of
| answering phones and emails to find that last little bit of
| efficiency is overwhelmingly disproportionate to any economic
| value the business would gain.
|
| Many of us like to bang on businesses as being amoral and
| impersonal, but most are trying to do something people want, only
| better and more efficiently. ML may be providing an upper limit
| to efficiency by taking out any opportunity to do some serious
| analysis. Because in many cases removing that last 1-5% in
| inefficiency is the bit that leads to a completely new way of
| working, in many areas we may be boxing ourselves in to a very
| long-term status quo.
| quesera wrote:
| Yes.
|
| You can build a system that efficiently serves the 98% case of
| "simple" customers. Then you can ignore the 2%
| unprofitable/complicated customers, forcing them to go to other
| vendors.
|
| If you're big enough, you starve your competitors of the low-
| cost/simple customers. So their cost structure goes way up,
| which in turn prices the services out of reach of all other
| customers except the stupidly profitable, which is to say:
| gambling and porn.
|
| (This has parallels to the USPS v. FedEx/UPS problem in the US,
| with the exception that the USPS is required to serve all
| customers, so no one is completely without service)
| sudhirj wrote:
| If I understand correctly you use Stripe Issuing to give people
| cards that they can then spend with in a way that you control?
| How do people recharge their Justuseapp cards? You charge their
| real card and credit their virtual ones? And if one of the apps
| being used makes a unauthorised charge do you then raise a
| dispute on behalf of the customer?
|
| I'm not trying to apologise for Stripe, I'm trying to see what's
| special about this financial arrangement. It's obviously not a
| SaaS nor are you selling anything physical.
| InsomniacL wrote:
| "You can then use the virtual credit card to signup for free
| trials on the web and on apps without worry. We approve only
| free trials and not actual purchases."
|
| I assume when you sign up to a free trail, they'll charge your
| card PS0.00 to confirm it's a valid card, then when the trail
| ends and they try to automatically charge you for a full
| subscription they'll block the transaction.
|
| https://justuseapp.com/free-trial-card
| grey-area wrote:
| This is not the intended use for stripe issuing at all, and
| would lead to stripe handling thousands of disputes from
| companies trying to charge cards with 0 balance after trials
| end.
|
| I can see why they blocked it.
| reillyse wrote:
| Also not how disputes work
| hienyimba wrote:
| Free trial cards were not issued with Stripe Issuing.
| Aeolun wrote:
| Recently quality of service at Stripe has gone seriously down the
| drain.
|
| They arbitrarily closed my account a while ago, and after
| following their draconian re-activation process (somehow my
| government issued ID is not good enough to identify me, they need
| to verify the same information and ID in a video call) I think
| we're now at 20+ emails and counting.
|
| I just gave up and will go with a different provider or open a
| new account since it's easier.
|
| At some point Stripe was the provider that took everyone, but
| they've become allergic to any kind of risk and trust nothing.
| mmerlin wrote:
| My speculative guess is they raised the bar on the low-pass
| filter by tightening up the algorithm after losing way too much
| to credit card fraud.
|
| It was absolutely scary the amounts of fraud I dealt with
| running a dropshipping shop a decade ago.
|
| Every bad fraud order that I dropshipped ate the entire profits
| from a dozen legit orders, and card fraud was attempted on
| approximately 25% of orders we received.
|
| After a few years I shut the site down as it was just barely
| making a profit as the fraud costs escalated and I felt I was
| wasting my time screening every order with my own (imperfect)
| hand-rolled fuzzy logic fraud detection algorithms and manual
| investigation of every single order.
|
| I false-rejected a lot of legit customers in the final year,
| vowing to stamp out the scammers I drove some customers away...
| it's hard to be perfect when card fraud is easy to achieve.
|
| Actually what the final straw was for me, that made me delete
| the server, was not the regular identity fraud stolen-card
| scumbags, but the pathological liars who you could validate as
| 100% legitimate, but after they received and signed for the
| goods, would call their bank and lodge a chargeback to get a
| full refund, because he banks ALWAYS take the customers side
| and ALWAYS charged me an extra $35 penalty for every dispute I
| lost (which was every single one, despite sending pages of
| strong proof showing the customer was a baldfaced lying thief)
| Aeolun wrote:
| I'm just not sure what to think about practices surrounding
| these chargebacks any more. When I was working at a company
| where they were a thing, I don't think we ever lost one. Does
| the whole thing just depend on who you are friends with? Or
| does anyone actually look at the proof you send?
| mmerlin wrote:
| The banks in your country sound much more reasonable and
| fair.
|
| I'm in Australia and our 4 banks are way too powerful, and
| some of the worlds most profitable on a percentage basis,
| with nearly the highest paid executives globally.
|
| In the decade since I deleted that site in despair, there
| have been several royal commissions / public inquiries into
| the shocking unfair and outright illegal actions all the 4
| banks systematically entrenched, including forging customer
| signatures, ripping off customers at every opportunity,
| including siphoning customers money when the bank knew they
| had died, facilitating money laundering of cash earned from
| drugs on vast scales, influencing our captured politicians
| to roll back recently-legislated consumer protection laws
| the previous govt enacted, to absolve them from any
| culpability whatsoever by writing larger "liar loans" they
| knew people would struggle to live with, and these are
| which still going strongly (approx 1 in 3 recently
| admitting to this in a follow-up survey).
|
| The AUD$35 per chargeback was an easy profit centre for
| them a decade ago, and no way would they ever take my side
| when it was free money for them.
|
| I had a USD bank with them for the ecommerce dropship
| account. Our average order was around USD$51 with a little
| over 10% gross profit.
|
| I was the only one losing out. The bank, my dropship
| supplier, and the card fraudsters all got paid and received
| their goods.
| rajeevk wrote:
| The next priority in my project is to integrate payment. I
| decided to use Stripe. Given this, now I think I should review my
| decision. I am checking with HN users, what alternatives are out
| there and what is your experience with them.
| meylis wrote:
| Dead Justuseapp were all of functions suspended for now? I can't
| make a payment with your card for now :(
| Swenrekcah wrote:
| >We had worked hard to make sure we pose to risk to Stripe or
| card networks and it had worked! Our efforts had paid off. But
| that was not enough for Stripe.
|
| Unfortunately a word there.
|
| I hope this all works out for you!
| StLCylone wrote:
| Sounds exactly like Stripe and PayPal. Arbitrarily turn you off
| anytime they feel like it for any reason they please.
|
| Never build your whole business on using either or you are just a
| daily dice throw from being turned off.
|
| The difference between you and TrueBill or Ramp is they have
| legal teams and founders/backers that have inside access and
| special approvals that ordinary start ups do not. Certain start
| ups get special treatment by the banks and payment processors
| because of behind the scenes actions you cannot take.
|
| Banks and payment processors currently have the power to decide
| which companies can exist and which cannot. Sometimes for
| perceived moral or risk reasons and sometimes for random reasons.
| We really could use some sort of uniform legal appeals process
| rather than the standard of going to social media to beg for
| reinstatement.
| artembugara wrote:
| 1. I find the title misleading
|
| 2. Stripe did not say "someone asked for a dispute"
|
| 3. Stripe banned your app for not being low-risk. And why not?
| They have the right to decide for themselves
|
| To me, Stripe is showing an outstanding support overall. You can
| even ping anyone on Twitter or send an email, and they respond.
|
| I really don't understand why so many HN users are so freaked
| out.
|
| And yeah, it's not a great case of support by Stripe right here.
| But guess what, thy don't care about you anymore, so they'll
| dedicate their time to existing/potential clients.
| AussieWog93 wrote:
| I went through the same thing. Some ML algorithm at Stripe
| randomly classified my business (bog standard
| WooCommerce/WordPress e-Commerce store selling a single product
| in low volumes) as a risk and I found that the process for
| escalating it was Kafkaesque and slow.
|
| Switched to Pin Payments[1] shortly after that experience and
| have never looked back. Of course, we live in the 2021 century
| and algorithms will flag issues automatically (I ported my phone
| number and changed my bank account on the same day, which was
| fun!), but they've always made sure to contact me and resolve the
| issue within minutes instead of cutting access. The few times
| I've contacted them, a competent person has both understood the
| issue and responded to it appropriately and promptly.
|
| [1]https://pinpayments.com/
| dylan604 wrote:
| >we live in the 2021 century
|
| I know I've been in lockdown for a while now, but what century
| is it?
| burlesona wrote:
| This product was leaning heavily on Stripe's issuing API, so I
| don't think pin payments is a viable alternative. I'm actually
| not sure if anybody else is a viable alternative. Is there
| another service that offers card issuing as an API?
| mtmail wrote:
| https://privacy.com/card-issuing does
| krallja wrote:
| https://docs.adyen.com/issuing
| dubcanada wrote:
| To be completely honest it could be that having
|
| Top Free Best Selling Streaming Softwares Tv Softwares VPN
| Softwares IPTV Softwares Movies Softwares Job Softwares Editing
| Softwares Crypto Softwares Kodi Tv Softwares Video Editors
|
| As categories could trigger some red flags, half of those are
| extremely risky categories. It's also not really obvious what you
| offer and some low paid scanner person reviewing your site for
| information probably had no idea what you do but saw VPN, Crypto,
| streaming, etc and said no.
| burlesona wrote:
| It's disappointing that they didn't give you a clear explanation,
| but it seems like the second email is saying their humans looked
| at your business model, issue US cards to consumers all around
| the world so they can manage subscription spend - and,
| implicitly, so they can dispute charges or cut off cards as a way
| to stop paying a shady subscription service - is high risk and
| Stripe doesn't want to do it.
|
| I can understand that point of view. What I don't understand is
| why they couldn't write a clear email explaining their position
| so you would actually know what's up.
| ceejayoz wrote:
| > What I don't understand is why they couldn't write a clear
| email explaining their position so you would actually know
| what's up.
|
| In some cases, it's forbidden by law to reveal to someone that
| they've been flagged for money laundering.
|
| https://www.law.cornell.edu/cfr/text/31/1020.320
|
| > No bank, and no director, officer, employee, or agent of any
| bank, shall disclose a SAR or any information that would reveal
| the existence of a SAR.
| deadalus wrote:
| Stripe is company that boots people off due to their political
| positions[0]. I would be very careful while doing business with
| them. A few bad news reports and you are gone[1].
|
| [0] https://techcrunch.com/2021/01/10/stripe-reportedly-joins-
| th...
|
| [1] https://reclaimthenet.org/laura-loomer-gets-banned-from-
| paym...
| iconjack wrote:
| Also, censored.tv.
| kayodelycaon wrote:
| > 0: Sources told the Journal that the reason for the company's
| decision was the violation of company policies against
| encouraging violence.
|
| Seems like a valid reason to ban someone from a platform.
| Reading further, Stripe was being used to collect money to make
| hundreds of frivolous lawsuits. (Legal definition thereof)
|
| > 1: The latest payment platform to refuse to accept payments
| made to Loomer is Stripe.
|
| Looks like Stripe is far the first company to do this. Reading
| between the lines, this person is specifically trying to get
| banned to prove a point. At some point, their history of doing
| so becomes the reason for kicking them off, rather than their
| political views.
| rushiadhida wrote:
| Stripe acting up has been issues for a long time now.
| idworks1 wrote:
| I feel for everyone who isn't a good writer and doesn't succeed
| in getting featured on HN homepage. (writing > coding)
|
| Realistically, we need automation to handle most cases. But that
| means false positives. And their needs to be a better channel
| than HN or being famous on twitter to get issues resolved.
| KingOfCoders wrote:
| Last time I've said this, I got -10 Karma, we'll see what you can
| do now.
|
| Over time every payment provider will become Paypal because of
| outside forces.
| diebeforei485 wrote:
| If you cancel somebody's merchant account, give them a phone
| number to call. It's not that complicated.
| collision wrote:
| John from Stripe here. Very sorry about this -- looking into it
| now.
| vdddv wrote:
| Kudos for stepping in. But you should really have a process in
| place where the CEO does not have to look into it based on the
| issue being posted on Hacker News.
| OliverJones wrote:
| The automated email from Stripe is just weird. No, zero,
| disputes? That's uncanny.
|
| I've run a Stripe.com integration (for a SaaS business). A few
| times a year somebody disputes a charge. It's usually because
| they looked at their payment card statement and didn't recognize
| us when we billed for renewal.
|
| Our policy is
|
| 1) try to resolve the dispute in our favor. That mostly works.
| It's good for our reputation score on Stripe.
|
| 2) refund the customer's charge. Always.
|
| 3) contact the customer and ascertain whether they want to
| continue their subscription.
|
| I don't understand zero disputes. That's just not feasible when
| dealing with the public.
| technick wrote:
| Check out Recurly as a alternative to Stripe.
|
| recurly.com
| philliphaydon wrote:
| This must be why majority of websites that support stripe also
| support other payment providers. Because stripe isn't reliable.
| :/
| burnte wrote:
| I had my Square account cancelled a couple of years ago for no
| descernable reason. I'd never had a chargeback or dispute, just
| one day I got an email saying they "couldn't" be my processor
| anymore. Zero reply to emails.
| WhompingWindows wrote:
| This reminds me of the false-positive vs false-negative dilemma
| faced in medical testing. Either you optimize for low cost and
| convenience, or for catching true-positives or true-negatives.
| For HIV testing for instance, if someone does test HIV-positive
| falsely, their changed safer behavior in the short-term wouldn't
| harm anyone, and follow-up tests could catch that they're
| actually negative. But if we falsely say someone does not have
| cancer, when they do, it could grow a lot in the short-term
| before symptoms arise and another test is given. They may also
| use a lot of unnecessary care trying to diagnose the issue after
| that false-negative cancer test.
|
| What's the right solution? It's case by case, down to a mixture
| of morality and expertise to decide.
|
| Seems these tech algorithms often generate a lot of false-
| positives wrongfully, or that's what's posted online afterwards.
| It'd be interesting to dig into the numbers for various
| platforms, see if they're falsely negative for spam accounts and
| bad actors. We wouldn't hear posts on HN about spam bots that cut
| into FB's bottom line, would we?
| ryan29 wrote:
| > What's the right solution? It's case by case, down to a
| mixture of morality and expertise to decide.
|
| I think the idea of minimizing harm is a really good one.
|
| I've never done any machine learning type stuff, but, based on
| my limited understanding, I think there are probably a few
| issues at play that make things difficult.
|
| I think the feedback loop for an algorithm is likely important.
| If you're training an algorithm to match fingerprints, you have
| a few things that work in your favor. First, matching is easier
| with fewer samples, so you can train the model incrementally
| with larger and larger data sets. Second, the process of
| identifying false positives is easy, relatively definitive, and
| isn't influenced by external factors. If the ML algorithm only
| has X% confidence you send it to a human who assesses the match
| and tells the algorithm the answer so it can "learn" for the
| next situation that's similar.
|
| Contrast that with something like payment processing. First,
| you need to scale with demand and it's not easy to
| incrementally train the algorithm. Second, false positives
| don't have a tight feedback loop. A false positive negatively
| affects a customer and every case is different. You need to
| rely on external, subjective data that isn't definitive enough
| to be useful to an algorithm (IMO).
|
| I think matching fingerprints is a good analogy to illustrate
| some of the problems, especially when you hear things along the
| lines of "looked too similar to fraudulent activity." With
| fingerprints, you could give 10 to an amateur and they could
| probably match them accurately. Scale that up to 10,000 and you
| have so many that look similar, but not identical and you need
| a professional to do the matching.
|
| I think ML is similar. It's better on a small scale than it is
| on a large scale and just doesn't scale up as well as the sales
| pitch says ( _unless_ it 's assessing problems with definitive
| solutions). The issue here is that tech companies are treating
| ML like it scales in a linear fashion. Just throw more compute
| at it and 10x the scale, right? Wrong (IMO).
|
| There was another comment here that said something along the
| lines of getting to 98% accuracy and deciding not to serve the
| other 2%. I think that's what's happening everywhere, but
| rather than explicitly telling customers they're not welcome,
| companies are simply letting their ML algorithms run to find
| the equilibrium where they can manage the "not positive" rate.
|
| And that goes back to your idea of minimizing harm. They don't
| want to. They don't care if they promise you service even
| though you're borderline in terms of triggering false
| positives. You're part of the data set for their machine
| learning algorithm and that means you're viewed as acceptable
| collateral damage. They'll ruin your life to train their ML
| algorithm(s).
| redleggedfrog wrote:
| "...a company Stripe recently invested in." Seems like you're
| competing against your provider. Good luck with that.
| edwinwee wrote:
| Edwin from Stripe here. (OP, I've just sent you an email and we
| can talk more over there--I'm terribly sorry for the trouble.) I
| can't get into too many specifics about an individual business
| publicly, but unauthorized charges have high potential to be
| disputed in the near future--and while Stripe itself doesn't have
| a dispute threshold, the card networks require businesses to keep
| disputes low.
|
| Although that email in the post was admittedly a template, a
| human did review the transaction activity and actively sent the
| email. We're digging more into exactly what happened here to
| prevent the confusion from happening again. Over the past few
| weeks, we've been overhauling how we work with businesses in
| situations like these and are rolling out some meaningful
| improvements soon.
| kureikain wrote:
| I just want to echo here that Edwin is superhelpful in the
| past. He proactively reach out and get the problem fix on my
| first post, and on the second time I reached out to him and
| again, he's superhelpful to help me resolve and regain access
| to Stripe.
|
| Thanks a lo for what you did Edwin.
|
| Vinh.
| unixhero wrote:
| Edwin, thanks for reaching out to a community post like this.
| Plus points to you guys.
| MichaelApproved wrote:
| Agreed and more.
|
| Lots of companies monitor HN for negative posts and respond
| to them but few do it as well as Stripe.
|
| While some companies just put out the OPs fire, Stripe seems
| to do better.
|
| I have a rare trust that they're genuine and will actually
| follow through with improvements to prevent the same issue
| from happening to others.
| mdoms wrote:
| > a human did review the transaction activity and actively sent
| the email. We're digging more into exactly what happened here
|
| I can already tell you what happened, Edwin. From your CEO
| himself:
|
| > We actually have an ongoing project to reduce the occurrence
| of these mistaken rejections by 90% by the end of this year. I
| think we'll succeed at it. (They're already down 50% since
| earlier this year.)
|
| Your staff are duking your metrics because you don't understand
| Goodhart's Law.
| ddtaylor wrote:
| So, if I want to disrupt a competitor all I have to do is hire
| a bunch of darknet identify thieves and you'll shut down their
| merchant account?
| gilrain wrote:
| Yes, if you're willing to break the law and risk the
| consequences, you can get up to all sorts of stuff. Same as
| anything?
|
| Like, "So, if I want to disrupt a competitor, all I have to
| do is hire thugs to smash all their stuff?"
|
| Yeah, that'd do it. Good luck.
| ViViDboarder wrote:
| You'd need to come close to 1% in total charges. That's
| roughly what Visa and MasterCard set as limits. This would
| work with anyone who accepts credit cards, not just Stripe
| customers.
| ddtaylor wrote:
| Assuming their a competitor 1% seems like a small tax to
| pay to gain the entire market share.
| notahacker wrote:
| _You_ probably don 't gain the entire market share even
| if the attack succeeds in leaving them permanently
| without a payment gateway, except in situations where the
| answer to "who is attacking us?" is fairly obvious...
| qaq wrote:
| Risk is relative thing the activity has to cross threshold
| for the appropriate gov entity to investigate and since
| they are swamped that threshold keeps going up.
| MichaelApproved wrote:
| I think the point is that this attack vector can be pretty
| anonymous and absolutely deadly to the target company.
|
| This attack is also not protected by insurance, like
| someone setting fire to your office would be.
|
| It's fair to explore just how vulnerable a company can be
| to this type of attack from a malicious competitor.
| BoorishBears wrote:
| It's a weak point.
|
| You can also pull API keys from most apps and get them
| banned from advertising networks.
|
| You can hire people to review bomb.
|
| Hire people to make fake news about a competitor go
| viral.
|
| Someone willing to do illegal things can always hire
| other people to do illegal things for them "anonymously"
| e9 wrote:
| I actually heard of a person who did something along these
| lines to the competition and Stripe shut the competitor down.
| MichaelApproved wrote:
| Great point. This does seem like an important vulnerability.
|
| I think one method of protection would be using Stripes Radar
| service to screen transactions for malicious patterns.
|
| While it probably won't catch all fraudulent charges, it'll
| catch a bunch. You can use that increase in rejected
| transactions as a canary to take a closer look at the other
| transactions coming through.
|
| Does anyone else have ideas on how you can protect yourself
| from this kind of attack?
|
| Edit: thinking about this more, it would be a pretty
| expensive attack to attempt. Stolen credit cards aren't
| cheap, like email addresses are. You'd need a lot of them to
| attempt the attack and you likely wouldn't succeed.
|
| I think you'd need 1% of the target merchant's transactions
| to be chargebacks in order to get them kicked off. I'd assume
| at least 50% of your attempts would get caught before the
| chargeback even happens, so you'd need at least 2% of their
| transactions.
|
| Seems like you'd need a large number of cards. Anyone know
| the value of a stolen card?
| BikiniPrince wrote:
| Actually they are relatively cheap to purchase. It's been a
| while since I saw numbers, but googling around seems like
| 25-50.
|
| I also remember something about bulk sales.
|
| If you never intend to capitalize on the gains other then
| an attack vector it would minimize the risk.
|
| So eliminating someone's business is 2% revenue * 25$ usd
| optimally.
|
| Surely we can build a better service to get these costs
| down.
| burnte wrote:
| Actually, yes. That will absolutely hurt them.
| jeroenhd wrote:
| I understand that you probably don't have the power to directly
| change anything about this, but what does it even mean when a
| company says they're "improving how they work with businesses
| in situations like these".
|
| Every time some big tech company makes promises like these,
| nothing really ends up changing. The emails always remain vague
| templates without details from a seemingly anonymous source.
| Companies end up changing the wording of their email templates,
| but that's about the only noticeable difference.
|
| I have no doubt that a real human verified the problem and
| decided to send the email, but I've never seen any big company
| that swore their dedication to better communication actually
| change their policies to not make these emails look so... auto-
| generated. When you're ending a business relationship, even for
| good reason, you shouldn't come off as a robot.
|
| Such comments on public websites always feel like damage
| control to me. I'm not claiming your comment is part of some
| specific damage control operation or anything, but I do wonder
| if adding that line does much for the credibility of the rest
| of the post. In my opinion, it adds a layer of corporate pixie
| dust on top of the rest of your words.
|
| That being said, responding in public, especially in a place
| like HN, is a pretty brave thing to do, especially with all the
| other negative threads from others here, so I definitely
| appreciate the effort you put into this!
| edwinwee wrote:
| As somebody who helped write that email a while ago, I
| actually agree with you. We think the improvements we're
| working on will be pretty tangible--as pc mentioned above,
| we're not just rewriting the emails, but are working on a
| project to reduce these types of rejections entirely.
| benatkin wrote:
| In this case, would that mean justuseapp's account being
| shut down earlier in the process? Neither your reply nor
| pc's seem to indicate (to me, at least) that justuseapp is
| likely to be reinstated and kept as a customer for a long
| time.
| avianlyric wrote:
| Based on my guess of what's happened (informed by working on
| card dispute systems), is sounds like JustUseApp have been
| exploiting a little loop hole in how card transaction work,
| which creates quite a bit of liability for Stripe if they're
| pushing through a significant amount of transactions.
|
| My guess is that Stripe would work with them to tweak their
| product so it can work without expose Stripe to all this
| risk. Might result in something clunkier and harder to use,
| but at least it'll still work.
| drummer wrote:
| Cryptocurrencies will solve this problem very soon. Middlemen are
| cancer. Ask Satoshi.
| travoc wrote:
| These types of problems could be fixed by doing the three things
| big tech hates:
|
| 1. Hire human beings 2. Empower them to fix problems 3. Let your
| users talk to them
| tiborsaas wrote:
| Hiring humans is not as scalable as technology is. You can't
| just hire 150 more customer support agents _each month_ like
| you can fire up another Kubernetes cluster. They need training,
| middle managers, leads, special training, good tooling, office
| space, adjusted KPI-s, etc.
|
| Ideally, good companies will find a balance with AI and human
| operators that's also sustainable as a business.
| kiklion wrote:
| > Ideally, good companies will find a balance with AI and
| human operators that's also sustainable as a business.
|
| This is the crux of it. What do you define as a balance? In
| this example, Stripe shouldn't be using ML to actually ban
| accounts but instead to flag accounts for manual review.
|
| My company distributes advertisements. We need to watch every
| ad we ever distribute to ensure both its quality and
| legality. We have and still are investigating ML to improve
| this process, but because regulations put the cost on us for
| false negatives, we would use ML only to identify when it
| knows an ad fails our checks. It would then pulls it from the
| QC queue before any tech manually reviews it and emails the
| client informing it was blocked and why it was blocked and a
| link to a form where they can request a manual review if they
| think it was a false positive.
|
| Our contracts allow for a fee to be imposed on the client if
| they challenge a block which is upheld after manual review.
|
| Doing it this way we reduced our tech workload by removing
| clearly violating ads from QC queue and we give the client a
| clear and quick way to challenge the results of the ML.
|
| At least, that is the plan here. It's still in R&D.
| Aeolun wrote:
| If your number of customers and revenue increases by 100%,
| you should be able to scale your customer support by a
| similar amount.
| JasonFruit wrote:
| You're saying, however, "We can scale our tech but not our
| business." If you could scale everything but payroll, that
| wouldn't make it okay to use an automated payroll system that
| left some employees unpaid with no recourse. Leaving your
| customers unjustly banned with no recourse is no more
| justifiable.
| snowwrestler wrote:
| I agree with this sentiment in general, but in this case it
| sounds like a human at Stripe did review the case, and Stripe
| still decided not to do business with them.
|
| Hiring more customer service humans is not a guarantee that
| every customer will get what they want.
| nathanyz wrote:
| Am I correct that the Free Trial Card would essentially allow
| your users to generate a new credit card so that they can repeat
| a service's free trial period over and over and never have any
| intention of actually paying?
|
| I know there are other uses as well, but could definitely see
| this service being a magnet for users who intend to defraud the
| actual services where these cards are being used.
| Tomte wrote:
| Welcome to the Stripe support forum!
|
| No, I don't blame you for trying and I'm glad you've got
| attention, but don't people think it should be possible for all
| those founders, CEOs and other Stripe luminaries to trawl their
| own support channels?
| go_blue_13 wrote:
| Do you have an issue with them reading HackerNews and
| responding to a relevant post? Its not feasible for the CEO of
| a huge company to review every support ticket, no
| Tomte wrote:
| This happens all the time. Go search for Stripe problems
| here.
| meylis wrote:
| Stripe is totally weak. I really hope you will fix it soon and
| never use stripe anymore. There are hundreds of reliable services
| hienyimba wrote:
| We literally don't have the resources to do so at this point.
| namelessoracle wrote:
| Who wants to bet there was an engineer who pointed out all of
| the risks way earlier at the company and whose concerns were
| promptly dismissed....
| 0des wrote:
| Whether or not this is the case here, this statement
| resonates with me on a few uncomfortable levels.
| meylis wrote:
| Maybe if you can create a donation for that that would work.
| I would be really glad if you create a donation to use that
| money for better payment provider than stripe
| fxleach wrote:
| Worked for a supplement company that was forced out of business
| by Stripe these same reasons. Just wasn't enough time to
| integrate a whole new payment system when they shut us down.
| traveler01 wrote:
| Funny how this has beeing a tendency last years. Big american
| corps just banning small users/companies without any reason and
| not giving them support whatsoever.
|
| As a developer this puts a big dent on Stripe's reliability and
| I'm not advising it to any client. Ever.
| kylecordes wrote:
| I think big companies tend to do this by accident, more out of
| incompetence than malice.
|
| Yet this sort of thing just begs for future draconian
| government interference. Seems to me a smart company would find
| a way to not invite that unpleasantness on themselves.
| traveler01 wrote:
| > I think big companies tend to do this by accident, more out
| of incompetence than malice.
|
| They have bots deciding the future of their users. And when
| the bots make some kind of mistake they don't give support
| for the costumer or neither check if the user got wrongly
| banned. It's some kind of sick blind trust they place on
| automated systems. Nothing wrong against these systems, but
| they should have a system in place to check wether these made
| a mistake or not.
| kmfrk wrote:
| Silicon Valley wanting to "disrupt" industries seems to have a
| bad habit of becoming the thing they tried to disrupt. Guess you
| can put some money in an iceblock in front of their HQ and see
| what happens.
|
| Reminds me of when people loved online video like YouTube because
| of the lack of commercials.
| at_a_remove wrote:
| I know machine learning rules us all now, with blackbox
| algorithms handing down _Brazil_ -worthy decisions, but I would
| like to understand how there was not an extremely basic function
| at the end, as a sanity check, that would SELECT from some table
| marked MiscreantEvents WHERE Infraction = 'PaymentDispute',
| totals them up, and then offers that as a comparison against the
| "Too Many Payment Disputes" that has gotten barfed out of said
| Byzantine black box? Surely if that number is _zero_ that would
| be an excellent sanity check.
| [deleted]
| Fnoord wrote:
| My bank (Bunq) also has virtual cards and allows to track
| subscriptions. Pretty nice to have. It doesn't have an easy
| option to cancel subscriptions though, but I actually don't need
| that to be honest. Still, nice niche idea.
|
| Interestingly, because you can get these debit cards and IBANs
| with the subscription, Bunq is often used by money mules and the
| like, giving Bunq a bad name in the process. Wouldn't surprise me
| if something similar happened here, even if just as a preventive
| measure.
|
| I do think its strange Justuseapp.com allows people to get a
| virtual debit card with an address in USA, even when they're not
| in USA (their customer). Either way, if you're using this
| ("financial VPN based in USA") to steer away from US government
| you're doing it wrong. A proper use case would be to avoid PII
| getting leaked on all kind of online services.
| [deleted]
| [deleted]
| [deleted]
| shapefrog wrote:
| So Justuseapp Banned You for Payment Disputes but You Never had
| a Dispute?
| jeroenhd wrote:
| Offtopic but I'm amazed you can legally hand out free (virtual)
| credit cards like these without anything close to a banking
| license.
|
| The sales pitch, to pay for services anonymously, would make it
| trivial to use this service for money laundering. I hope the
| website is lying about how private those transactions really are.
|
| I'm also a little sketched out by the fact the business resides
| in Wyoming while the person writing the blog says that Stripe
| wasn't available "in my country". The company has two directors,
| both of which are a vague "Cloud Peak Law" company which owns a
| bunch of unrelated LLCs, but no reference to any foreign owners.
| That's not very confidence inspiring either, in my opinion. I can
| find a similarly named company from Nigeria but there's no clear
| connection between the two.
|
| Edit: the company's Cloud Peak Law P.C. "director" is a service
| used by a Wyoming company set up specifically to allow anonymous
| registration of a business, set up there specifically because
| anonymous businesses are allowed by the state. I wouldn't be
| surprised if one of this law company's other clients used their
| anonymous-business-as-a-service for something sketchy, causing
| Stripe to go up the chain and mark the entire Cloud Peak Law
| "person" as unreliable and disputed. After all, going by the
| public record, the company is actually run by this law company,
| not the person writing this blog post. That may be why Stripe is
| able to claim a dispute that doesn't exist in their own
| management system. I don't know if that's the reason, of course,
| because there's little transparency from other side here.
|
| I don't think Stripe should be lying about the nonexistent
| disputes, but if I were to design a money laundering detection
| algorithm, this kind of stuff is exactly what I would watch out
| for. I'm guessing Stripe's machine learning triggered on this
| company and that they just picked a random TOS bullet point to
| end the contract by knowing that you won't be able to sue them
| for it anyway.
| seany wrote:
| KYC is going to be the death of privacy as we know it. I really
| wish more people would push back against it.
| avnigo wrote:
| > I'm amazed you can legally hand out free (virtual) credit
| cards like these without anything close to a banking license
|
| As far as I understand it, a lot of those work like VISA gift
| cards.
| Chilinot wrote:
| I'm not entirely sure how you would launder money through this
| service. From what i can tell no money is actually passed
| through it. It just generates a temporary credit card which is
| never billed. It is just used to bypass the "please enter your
| credit card for this free trial" prompts.
| jeroenhd wrote:
| I'm talking specifically about this type of card:
| https://justuseapp.com/privacy-card
|
| That looks like it definitely allows transactions.
| Chilinot wrote:
| Ah, yes that is sketchy.
| 0xdeadb00f wrote:
| Is it? How is it any different from something like
| Privacy.com?
| sofixa wrote:
| I don't see them claiming they don't keep track of the
| transactions, so what's the problem? It's just a temporary
| card so the merchant doesn't know your original one, but in
| case of problems the intermediary still knows who you are,
| what your original card is, and who you paid to.
| illwrks wrote:
| Isn't this just a standard top-up card?
| valdiorn wrote:
| yes, except it is generated and maintained by a faceless,
| nameless holding company in the US.
|
| I'm a businessman trying to hide my wealth, I get one of
| these cards and top it up with 100k from my CAyman
| islands bank account, and use it for all my daily
| spending. That's a very common method of tax evasion.
|
| Strip could now be on the hook for facilitating this,
| which means they need to trust justuseapp to do proper
| KYC that complies with global anti money laundering
| policies, etc. That is a HUGE task, and if they get it
| wrong, the consequences are serious. So, when stripe says
| they're worried; they're right to be.
|
| The intented use of this companies service might be
| altruistic, but it's really easily absued for nefarious
| purposes.
| hienyimba wrote:
| This is not possible. You cannot fund your account with
| more than $30 per day unless you are have the highest
| verification and right now, the limit at those levels is
| just $60.
|
| It will take you years to move $100k at $60 per day.
| fragmede wrote:
| It's entirely possible for an attacker with 100 stolen
| identities to make 100 $30/day accounts and move
| $3,000/day. or $6,000/day if they've stolen the person's
| government ID. It'll take just over 2 weeks to move $100k
| at that rate.
| diebeforei485 wrote:
| They could do this with literally any prepaid card,
| though.
| hienyimba wrote:
| Hey, the blog post says we incorporated in the U.S from abroad.
| We did that with FirstBase.io.
|
| Concerning the cards, we do KYC before the cards are issued and
| we submit same to Stripe. In extreme cases, we ask for users
| Govt-issued IDs. Our service might be anonymous to the outside
| facing world but our users are not anonymous to us and Stripe.
| LurkingPenguin wrote:
| Earlier, your website apparently had the statement:
|
| > Our credit card comes with a U.S. billing address, so you
| can unlock features restricted to the U.S or Western markets
| especially if you don't live there.
|
| Allowing customers to easily "spoof" their billing address
| could be very problematic for me as a merchant. There are
| countries that I don't want to serve customers in, and in
| some cases am even prevented (by law or agreement) from
| serving customers in.
| diebeforei485 wrote:
| This is no different than using any virtual PO Box as a
| billing address.
|
| There is a (very) large number of people who do this,
| especially in Canada, because US credit cards offer vastly
| better rewards even after taking foreign transaction fees
| into consideration.
| Uberphallus wrote:
| Moderation has been proven not to scale with AI, seems like
| payments is the same.
| avvt4avaw wrote:
| Buddy, your business is selling "privacy cards" and "virtual
| cards" which hide the identity of the person making the
| transaction.
|
| It's a massive money laundering red flag, it's not at all
| surprising that Stripe doesn't want to deal with you.
| cascom wrote:
| I "hide my identity" daily when I make transactions, it's
| called cash, guess that's a red flag.
| adventured wrote:
| That's an interesting point, because Stripe also doesn't
| handle cash.
|
| Something can be perfectly fine for people to do, and it can
| be just as fine for Stripe to not want to handle it. They can
| choose what types of businesses they want to allow on their
| network. It potentially creates opportunities for other
| service providers.
| ncallaway wrote:
| Aren't cash businesses well known as money laundering
| opportunities?
|
| Cash transactions above a specific dollar value literally
| generate reports to the government for investigation.
|
| So, I think, yes, cash transactions tend to generate
| suspicion among anti-money laundering efforts.
| hienyimba wrote:
| Privacy cards means the cards protect the user's real cards not
| their identity.
|
| If you have ever been hacked or cannot cancel a renegade
| subscription, you would quickly grasp the need for Privacy
| cards.
| tw04 wrote:
| That would be more believable if you didn't specifically call
| out allowing foreigners to pretend to be from the US to
| "unlock services": aka - violate the TOS of said service and
| likely breaking one or more US laws.
| ddtaylor wrote:
| Gym memberships are notorious for this, btw.
| mikro2nd wrote:
| FWIW I've been fucked over by Standard Bank in South Africa
| for just this. It's not just "shady" operators.
| ceejayoz wrote:
| Said gym memberships tend to be because you signed an
| annual contract, with specific requirements to cancel
| early.
|
| Using one of these one-time-use cards won't get you out of
| the debt itself, and these sorts of gyms will happily wreck
| your credit by sending it to collections.
| Macha wrote:
| I've heard of some cases where the contract auto-renews
| and requires an in-person presence during a limited time
| window to cancel when they're quite busy.
|
| While I'm sure these places have it in their terms, just
| making someone sign a contract to agree to it doesn't
| make it not-unethical or not worth criticising. It just
| makes it "not illegal in some jurisdictions"
| ceejayoz wrote:
| I certainly agree on the ethical front.
|
| On the "use a privacy.com temporary card" front, the
| problem is functional, not ethical. They will sue you or
| send you to collections over the debt.
| thatha7777 wrote:
| OP, I symphatize with your pain. I've been trying to get approved
| for Stripe Issuing for 4+ months now.
|
| I have been "approved" multiple times, but the Issuing-related
| features never get turned on. Every time I complain, there's
| another review cycle. The most kafkaesque experience I have had
| with a business.
| jbschirtzs wrote:
| I had the same thing happen to our church. I do not believe this
| is an "Accident". You can read the blow by blow at
| https://www.jbschirtzinger.com/post/stripe/
|
| You can see very clearly that I also thought this was an
| automated issue, but turned out not to be.
| cantbeserious wrote:
| > What I can tell you, unequivocally, as that these are the End
| of Days and whatever it is you are here doing it is more
| consistent with a discriminatory policy of something like the
| Anti-Christ than anything actually just.
|
| This might be the craziest thing I've ever seen in a support
| email.
| jbschirtzs wrote:
| If you have a more rational explanation for all the craziness
| happening, I'm all ears, pal.
| AhmedMhmed wrote:
| We always work with justuseapp without problems. You can get
| services to work again, please
| tyingq wrote:
| I have a hunch their main concern is this kind of marketing on
| your site:
|
| _" Access the American market Our credit card comes with a U.S.
| billing address, so you can unlock features restricted to the U.S
| or Western markets especially if you don't live there."_
|
| https://justuseapp.com/free-trial-card
| mkr-hn wrote:
| Stripe might not even be allowed to say the reason if they
| brushed up against anti-money laundering policies. This is
| probably the exact reason for the ban, and the reason they
| wouldn't talk to the company about it.
| hienyimba wrote:
| The free trial cards were not offered with Stripe. They were
| offered with Flutterwave. It was launched in March. We started
| with Stripe in June.
| ceejayoz wrote:
| That might not matter.
| 0des wrote:
| As someone with a pre-launch SaaS who just signed up for Stripe,
| reading this has me shook up a little bit. I'm Stripe-integrated
| for payments, and poised to go through Stripe Atlas soon, or at
| least I was.. Now I have no idea what to do. I know that OP's
| story isn't spotless, but what if it's my thing that gets in this
| situation too?
|
| I wish I could say I'm joking but I don't need this right now,
| I'm ~90 days out from launch, I should be tweaking final touches,
| not building just-in-case backup integrations with other
| processors.
| chrisandchris wrote:
| Comment from tyingq:
|
| > I have a hunch their main concern is this kind of marketing
| on your site: ,,Access the American market Our credit card
| comes with a U.S. billing address, so you can unlock features
| restricted to the U.S or Western markets especially if you
| don't live there."
|
| https://justuseapp.com/free-trial-card
| 0des wrote:
| I saw this, and even though my thing is nowhere near what OP
| is doing, the amount of what-ifs going through my mind right
| now is causing undue concern. My SaaS is a podcast host, what
| if someone I'm hosting says something "wrong" in their show
| description and Stripe's algo doesn't like it?
|
| Edit: There's a lot on my mind right now, editing to stop for
| a moment and say thank you, your comment is somewhat
| reassuring which is what I think your intention was.
| fragmede wrote:
| Think about it from their point of view. Stripe's algo
| isn't going to go into your platform and investigate
| podcast guests political opinions - that's some AGI level-5
| self-driving car stuff if their automated flagging system
| could do that. No, their algo is gonna look at the credit
| cards your system is sending them, how much and how
| frequently you're charging them, and how much that looks
| like you're doing bad things (like stealing money from
| people). From your very limited description, you're totally
| in the clear.
| edwinwee wrote:
| I'm really sorry that this has caused you concern--if you'd
| like to chat more before launch, please email me at
| edwin@stripe.com.
| mmerlin wrote:
| Proceed with launch as planned and validate your market first
| of all.
|
| After you have validation of customer buy-in and market
| acceptance, when you have time and/or funds to spend on your
| Stripe-alternative feature sprint, setup and integrate a 2nd
| payment gateway for redundancy.
|
| (as per the commenter above whose biz was banned from Stripe
| for 7 days by the imperfect non-recourse ban-bot)
|
| Maybe even choose a different gateway that is more cost
| effective per transaction for a subset of your global
| customers, and code your system to route customers payments to
| the preferentially lower-priced gateway for their country.
|
| Then if one gateway bans you, it's not a showstopper and your
| business is not severely damaged.
| 0des wrote:
| >code your system to route customers payments to the
| preferentially lower-priced gateway for their country.
|
| This is pretty clever, thanks!
| soco wrote:
| Like another commenter said, think about your payment processor
| like another thing which needs redundancy. Have another one
| prepared - braintree or whatever.
| 0des wrote:
| That's my initial assumption. I'm curious if this is common
| behavior to have two integrations, or if it is prohibited by
| the TOS.
| quesera wrote:
| Very common. Mistakes happen, resolution can be slow.
|
| You might be able to justify a single payment gateway
| integration if you're MVP in a simple consumer retail
| business.
|
| If being unable to take orders for two weeks would be a big
| problem, then make sure you have at least two gateways, and
| keep them all warm.
| EveYoung wrote:
| Yes, this is a very common practice especially for larger
| sites. There are even services like Rebilly and Spreedly
| that simplify this process.
| 0des wrote:
| Thank you! I didn't know these services even existed, but
| it makes sense
| [deleted]
| fragmede wrote:
| You're the customer, but you're a business customer, not a
| consumer customer. B2C vs B2B is different, and the
| contracts involved are different, and it's different way of
| thinking. The Internet I have at my house prohibits
| reselling because I'm buying it as a consumer. If I'm
| buying a business Comcast account, there's an expectation
| by Comcast that I'm going to be reselling the Internet
| access (like if I own a coffee shop or something). Thus,
| imo it's not common, but it's also not prohibited. (But I
| am not a lawyer and this is not legal advice.)
|
| As for having two integrations, what's your opportunity
| cost? You'll want a backup integration, but imo that's in
| the same category as having a backup cloud to run on in
| case AWS goes down. Which, you do, but the time spent
| working on that is time spent not working on the product.
| faeyanpiraat wrote:
| We got rejected by braintree, and went on a multiple month long
| back-and-forth and in the end it got nowhere.
|
| Fixed it by using Fastspring. It is a fully integrated
| solution, with a slightly higher fee, but saves you a lot of
| dev hours. Their support is amazing.
|
| Edit: it might sound clunky, but asking for wire transfers
| costs almost 0 dev hours, but can still used to prove your
| potential clients would really pay.
| arihant wrote:
| Use a middleware like Chargebee. Your subscriptions will be
| saved and there will be no change in UX when you are forced to
| change the underlying payment processor. Even before launch
| (assuming you're a US business) you can have a backup in form
| of PayPal Payflow Pro, which integrates fine with chargebee.
| koreanguy wrote:
| don't use stripe, they withhold your funds and customer funds.
| scandox wrote:
| I think the OP would make a stronger case if they were more
| literal: they had exactly 1 dispute according to the evidence
| provided. In a sense the idea that you could be shut down for one
| dispute would be even more extraordinary.
| jsiepkes wrote:
| I guess stripe wasn't kidding when they said they would disrupt
| online payments.
|
| On a more serious note; How much further is society going to
| allow this kind of thing? Hiding behind templated e-mails without
| any explanation. Disrupting people's lives who become collateral
| damage with no way out.
| afarrell wrote:
| For as long as it permits companies to hire fallible humans and
| to write machine learning models with false positive rates.
| nicoburns wrote:
| The machine learning models with false positives aren't the
| problem. The lack of a timely appeals process that involves a
| human is.
| naasking wrote:
| I'm curious how many human reviews are triggered after ML
| flags a problem. If it's nearly 100%, why have the ML step
| at all?
| colinmhayes wrote:
| Because the algorithm only flags like less than 1% of
| users?
| [deleted]
| naasking wrote:
| Maybe I wasn't clear. I meant, why have the ML algorithm
| _disable the account automatically_ if human review
| happens nearly 100% of the time, rather than simply have
| ML flag the account for _human review_ , and let them
| decide whether to disable the account.
| jtbayly wrote:
| But that's why the prices are so low.
|
| Society will put up with it as long as it works most of the
| time, because algorithms without humans are cheap.
| syshum wrote:
| stripe's prices / fees are not really that much lower,
| they do have great profit margins though
| nicoburns wrote:
| I'm not sure about that. The companies employing these
| kind of techniques are typically making huge profits. I
| suspect supply and demand would dictate that a bunch of
| the cost came out of those
| h0nd wrote:
| I rather trust cryptography (and its currencies) than be
| dependent on VISA or similar.
| _wldu wrote:
| I have considered this too. The issue I have encountered is
| that the vast majority of potential users/customers do not
| have and cannot quickly obtain Monero or Bitcoin or whatever.
|
| Most all of them have VISA cards.
|
| Expecting customers to carefully create a wallet, an exchange
| account (so they can buy the crypto) and considering how
| difficult that can be (even for technical users) is really
| unreasonable. When people can use crypto as easily as they
| can use a credit card, then it would be an alternative.
|
| IMPO, this problem is very similar to the PGP problem. You'll
| get a lot less email if you only accept PGP encrypted and
| signed emails. You cannot expect your customers to do that.
| They won't, but they will send you plaintext emails from
| their Gmail accounts, just as quickly as they will pay using
| a VISA card.
| tonyarkles wrote:
| As a consumer, do you trust cryptocurrencies to get you a
| refund if the seller fails to deliver the product you've
| ordered?
| dustymcp wrote:
| this question always gets avoided, its great for the seller
| but the buyer is in a way wprse spot than before.
| jimmydorry wrote:
| It requires a paradigm shift. Automated escrow services
| could handle almost every dispute where both parties are
| honest, APIs for validating shipping and handling of
| goods/egoods could handle another large chunk, and human
| dispute resolution could handle the remainder.
|
| Such a service could be offered by the legacy payment
| providers.
|
| I have used such services in the past, but still feel the
| field is ripe for disruption.
| amelius wrote:
| > On a more serious note; How much further is society going to
| allow this kind of thing?
|
| https://en.wikipedia.org/wiki/Ombudsman
|
| > The typical duties of an ombudsman are to investigate
| complaints and attempt to resolve them, usually through
| recommendations (binding or not) or mediation. Ombudsmen
| sometimes also aim to identify systemic issues leading to poor
| service or breaches of people's rights. At the national level,
| most ombudsmen have a wide mandate to deal with the entire
| public sector, and sometimes also elements of the private
| sector (for example, contracted service providers). In some
| cases, there is a more restricted mandate, for example with
| particular sectors of society.
| jsiepkes wrote:
| I don't want to sound too cynical but I don't know of an
| ombudsman which has binding authority. Here in the
| Netherlands all ombudsman I know are non-binding.
|
| I personally know of 2 dealings with an Ombudsman in the
| Netherlands. One involved me personally and another one of a
| good friend. In both cases the ombudsman advised in our
| favor. In both cases the reaction on the advice was: "Thanks
| for the advice, ombudsman, but we are not going to act on
| it.".
|
| A non-binding ombudsman is in my experience just a paper
| tiger to make an organization look good and I have never seen
| a binding one.
| maccard wrote:
| Ive had an experience with an Ombudsman in the UK. I was
| stuck in a loop with a major broadband provider in the UK
| who were giving me the run around. I contacted the
| ombudsman and within 14 days of my first email the company
| resolved the issue, (after 4 months of back and forth
| before that). Despite being non binding, the moment they
| were involved my problem was resolved.
| ceejayoz wrote:
| Yup. Sometimes knowing who to talk to (and access to
| them) is more important than legal authority to force
| something.
| Throwawayaerlei wrote:
| _How much further is society going to allow this kind of
| thing?_
|
| "what these corporations are doing is literally destroying the
| basis for a developed economy.... [They] have all collectively
| routed around the rule of law which is necessary for sustained
| economic growth over time.
|
| In countries with strong rule of law:
|
| 1. Property rights over land, equipment, and personal items are
| clear and protected by law.
|
| 2. Contracts between people, businesses, and the government are
| effectively enforced by the legal system.
|
| 3. Political accountability is high and corruption is low.
|
| 4. Business regulations are clear and enforced in a transparent
| manner.
|
| In such environments people make long-term investments and
| build large organizations. In contrast, if the property rights
| and contracts are not enforced and the business regulations are
| not clear, most of the economy consists of small family owned
| firms with little modern equipment. A high-tech, prosperous
| economy would not develop.
|
| Effectively, there are no contracts anymore in the digital
| economy. There is no predictability anymore. There is no
| accountability. There is no responsibility. There are no
| requirements for performance anymore. In sum, the US digital
| economy is rapidly becoming the equivalent of a third-world
| economy, complete with crony capitalism and digital robber
| barons."
| lordlic wrote:
| Why would "society" care whether company A makes money instead
| of company B? This kind of thing is only remotely concerning
| to, like, VCs and tech workers hoping to strike it rich in the
| startup game.
| luckylion wrote:
| That's a weird take. Society wants stability. Having large
| companies companies use a random number generator to
| determine whether they will arbitrarily blacklist (and
| thereby try to destroy) smaller companies isn't leading to
| stability.
|
| Yes, society doesn't break down. Just as it doesn't break
| down if 1% of people were murdered each year. But society
| won't accept 1% being murdered. And once it's public enough,
| they'll also not accept that companies do stuff like that.
| Case in point: banks are tightly regulated exactly because of
| that, we need to rely on them to handle money efficiently, so
| we don't want randomness in their processes. Maybe it's time
| that Stripe & friends get more regulatory oversight as well,
| since they don't seem to be capable of managing themselves.
| protomyth wrote:
| _How are we a "high risk" merchant when our business is not
| different from Truebill.com (subscription tracking) and Ramp Inc
| (spend management) a company Stripe recently invested in?_
|
| The cynical me says there is your answer right there. You are a
| bit to close to something Stripe invested in, or at least close
| enough to something they will offer as a service soon.
| meylis wrote:
| It makes sense. They (stripe) want to get the biggest part of a
| cake and destroy small businesses. Such morones.
| logicchains wrote:
| >Such morones.
|
| Does that mean morons? From their perspective, it's a smart
| thing to do, if they can get away with it. Or does it mean
| like "such big balls?".
| Y_Y wrote:
| At least in Spanish "morones" are little hills.
| Sebb767 wrote:
| If they wanted the biggest part of the cake, the should keep
| the small businesses next to their own. The know their
| competitors and, in the case of them failing, they'd still be
| on the winning side.
|
| As the saying goes, to make money in a gold rush, sell
| pickaxes.
| Razengan wrote:
| So much for alternative payment processors being the messiahs
| to deliver us from the draconian fisting of Apple.
|
| Well at least PayPal has a spotless history of treating their
| users nicely.
| r_singh wrote:
| That's a ridiculous reason for blocking their account though.
| Is everyone learning from the best (cough Amazon)?
| sschueller wrote:
| It would also be illegal but going to court costs a lot of
| money.
| marcinzm wrote:
| >Is everyone learning from the best (cough Amazon)?
|
| You mean learning from the 5th highest market cap company?
| Isn't that sort of expected? The question you should ask if
| why the government doesn't step in since companies will do
| what they can to optimize stock price.
| soco wrote:
| I'm afraid the answer to that question is called "lobby".
| adventured wrote:
| If that actually worked as some people think it does, the
| corporate income tax rate would be 0%, there would be no
| labor laws, no OSHA, no EPA, and so on.
| [deleted]
| oefrha wrote:
| Or, alternatively, the business (issuing virtual credit cards
| to consumers, seemingly worldwide) is pretty different from
| truebill.com (subscription tracking, yes, but doesn't issue
| cards, AFAICT) or Ramp (issues corporate cards instead of
| consumer cards, where I would assume there's a bit more due
| diligence).
|
| https://justuseapp.com/free-trial-card claims that one of their
| main selling points is
|
| > Access the American market
|
| > Our credit card comes with a U.S. billing address, so you can
| unlock features restricted to the U.S or Western markets
| especially if you don't live there.
|
| Isn't this just straight up fraud?
|
| Admittedly I'm not familiar with any of the services mentioned,
| so correction is welcome.
| user-the-name wrote:
| Looking at what service they actually offer, I can easily see why
| Stripe would not want to do business with them. They offer
| private credit card services, which seems like it could easily be
| a magnet for people trying to launder stolen credit cards and the
| like.
|
| Just because they have not _yet_ been hit with this, does not
| mean they are not at risk of becoming a target if they get a bit
| more known. Stripe doesn 't want to have to deal with that.
| hienyimba wrote:
| We preempted this by using Stripe radar along with our own
| tools. The fact we had only one charge-back in 3 months which
| we won, speaks to the efficiency of our protection mechanisms.
|
| Finally, all bigger software shops face this issue so we are
| not unique.
|
| 1. https://kinsta.com/blog/credit-card-fraud-stripe/
| user-the-name wrote:
| But that is just promises from your side. From their side,
| they have no idea how much effort you are or are not making,
| nor whether that effort will be enough or not.
|
| To them, you are a risk. They don't want that risk.
| zhuzhu wrote:
| FUCK PAYPAL
___________________________________________________________________
(page generated 2021-09-14 23:02 UTC)