[HN Gopher] Stripe has decided to nuke my entire business
___________________________________________________________________
Stripe has decided to nuke my entire business
Saw https://news.ycombinator.com/item?id=32261868 from a couple
weeks ago and figured I'd share my own story. 3 weeks ago, I woke
up to a pissed off customer telling me her payments were broken. My
startup uses Stripe Connect to accept payments on behalf of our
clients, and when I looked into it, I found that Stripe had decided
to deactivate her account. Reason listed: 'Other'. Great. I
contact Stripe via chat, and I learn nothing. Frontline support
says "we'll look into it." Days go by, still nothing. Meanwhile,
this customer is losing a massive amount of business and suffering.
After a few days, my team and I go at them from as many angles as
possible. We're on the phone, we're on Twitter, we're reaching out
to connections who work there / used to work there, and of course,
we reach out to patio11. All of these support channels give us
nothing except "we've got a team looking into it". But Stripe's
frontline seems to be prohibited from offering any other info, I
assume for liability reasons. "We wouldn't want to accidentally
tell you the reason this happened, and have it be a bad one." We
ask: 1. Why was this account flagged? "I don't have that
information" 2. What can we do to get this fixed? "I don't have
access to that information. 3. Who does? "I don't have access to
that information" 4. What can you do about this? "I've escalated
your case. It's being reviewed." I should mention at this point
that I've been running this business since 2016, my customers have
been more or less the same since then, and I've had (back when it
was apparently possible) several phone conversations with Stripe
staff about my business model. They know exactly who our customers
are and what services we offer, and have approved it as such.
After a week of templated email responses and endless anxiety, we
finally got an email from Stripe letting us know that they had
reviewed the account and reactivated it. We never got a reason for
why any of this had happened, despite asking for one multiple
times. Oh well, still good news right? Except nope, this was only
the beginning. This morning I woke up to an email that about 35%
of my client accounts had been deactivated and were "Under review",
the kicker here being that one of those accounts is the same one
they already reviewed last week! This is either the work of
incompetent staff or (more likely) a bad algorithm. No reasonable
human could make this mistake after last week's drama. So
currently, my product doesn't work for 35% of my customers. Cue
torrent of pissed off customer emails. And the best part is, this
time I have an email from Stripe this time: Apparently these
accounts are being flagged, despite the notes on our file, and
despite the review completed literally last week, as not in
compliance with Stripe's ToS. They suggest that if I believe this
was done in error, I should reach out to customer support. Oh, you
mean the same customer support that can't give me literally any
information at all other than "We have a team looking into it"? The
same customer support that won't give me any estimates as to how
long it's going to take to put this fire out? The same customer
support that literally looked into this a week ago and found no
issues!? I feel like I'm going crazy over here. These accounts
have hundreds of thousands of dollars in them being held hostage by
an utterly incompetent team / algorithm that seems to lack any and
all empathy for the havoc they wreak on businesses when they pull
the rug out from under them with no warning, nor for the impact
they have on customers when they all of a sudden lose all ability
to make money. And all that for an account that has been using
Stripe for nearly 7 years without issue! This goes so far beyond
"customer support declining at scale." If lack of customer support
means that critical integrations start to fail, that's not a
customer support failure, that's a fundamental business failure.
Author : yaythefuture
Score : 1081 points
Date : 2022-09-15 16:33 UTC (6 hours ago)
| theptip wrote:
| I'd probably use Stripe first if I built another FinTech. But
| it's important to know that it's viable to build your own ACH
| integration too. It took about a month of my engineering time to
| wire this all up for my last startup. (Not including contract
| time from the business side).
|
| As a backup plan I'd suggest talking to a bank like SVB to see if
| you can set that up. (It's always nice to have a warm standby
| payment rail if your business depends on it, though it's really
| annoying to set up fully.)
|
| For context the SVB integration is sending a NACHA file over
| sftp, you could do this manually for a single batch using the
| Python ACH library in an afternoon.
|
| Yes, now you need to hold account/routing info, and collect PII
| like SSN/TIN. This makes infosec more expensive. But not as bad
| an option as going out of business.
|
| On the plus side you can turn around debits much faster, use
| same-day ACH, and pay a few cents per transaction.
|
| (If you need help on scoping/implementing this I happen to be
| available for consulting right now.)
| zxcvbn4038 wrote:
| As central as credit card processing is to many companies, why
| don't those businesses maintain relationships with multiple card
| processors so that if one goes out you have a second ready to
| step in?
| lnxg33k1 wrote:
| I think it has come the time for the internet community to start
| calculating customer service as an integral part of the quality
| of the service, I understand this post is about generating
| momentum and having the issue analysed by them sooner but its
| became silly to have to post on forums in order to get support,
| if a company sucks in terms of support, just look for something
| else
| ilaksh wrote:
| Can you sue them to get the money unlocked, and in the meantime
| switch to cryptocurrency? I recommend using one with fast block
| times, such as Algorand which is going to be 3.7 seconds in a few
| days.
| protomyth wrote:
| I still want to see Congress pass a law requiring any internet
| company that accepts money or fees from you that bans you, must
| give the exact reason, evidence, and where on your contract / ToS
| you violated. Frankly, at a certain size (millions of customers),
| these companies are utilities.
| user3939382 wrote:
| Banks are regulated to death but I see that on the whole as a
| good thing. These payment processors need the same burden.
| They've shown that they won't play fairly without intervention
| and market forces aren't fixing the problem.
| ciguy wrote:
| I was recently banned from Paypal for life, with no reason given.
| I have literally used PayPal for over a decade, usually once or
| twice a year to pay family or friends back from something small.
| I have heard all the horror stories so I intentionally didn't use
| for anything unless the recipient had no other easy way to
| receive funds. I never used to pay for anything shady, or even
| buy anything really. It was almost always to pay someone back for
| dinner or something small like that.
|
| And then one day last month I got an email saying my account had
| been banned. They would not give me a reason, and told me if I
| tried to open a new account it would be banned as well. Good
| riddance, I don't need them anyway, but talk about burning any
| vestige of good will they ever had.
|
| It seems Stripe has gone the same way now. Time to move on to the
| next hot payments processing startup until they get big enough
| that they decide to start fucking their customers too.
| guntab-dan wrote:
| I work for a company that helps a lot of PayPal refugees. We
| hear these stories all the time. In many cases people know
| exactly why they were banned, but it's amazing how often they
| have no clue (like OP). Apparently these mystery bans tend to
| originate from automated systems, and there are too many
| automated bans for it human agents to be able to investigate
| them all.
|
| While it feels like rule of the machines, it's actually rule of
| the fraudsters. If these payment processing platforms weren't
| so broadly vulnerable to fraud, they wouldn't need to rely on
| machines to make these critical decisions. An we can blame the
| credit card and ACH systems for both heavily prioritizing
| convenience over security via "pull" payments. Yes, crypto
| offers "push" payments, but those actually increase the risk of
| fraud for buyers. I think the killer combo is crypto with
| escrow, to protect buyers. But of course escrow has higher
| costs than just blindly transferring funds like the payment
| processors do. That's why this is one of those perennial
| problems of commerce.
| alanh wrote:
| This sounds more like incompetence than censorship at first
| glance, but FYI, there are alternatives with explicit ambitions
| of being more trustworthy partners in payment processing:
| https://www.paralleleconomy.com/
| akagusu wrote:
| How much stories like this do we need to accept that this shit
| must be regulated?
| deepsun wrote:
| > not in compliance with Stripe's ToS
|
| If it's not up to their ToS, they owe you. You can ask for a
| refund, or sue them.
| iio7 wrote:
| So, this is another "drive by" on Hacker News about Stripe, which
| @edwinwee (from Stripe) reacts to and "saves the day".
|
| All the while the rest of us know absolutely nothing about what
| just happened!
|
| What exactly is going on? What is the business model? And why
| does it require that these cases reach Hacker News before they
| are solved by @edwinwee!?
| edwinwee wrote:
| I can't proactively share specifics about a business, but in
| this case, they operate in a regulated space. The banks and
| card networks we work with require some extra checks due to the
| prevalance of scams in this space. A reviewer on our team
| flagged the business, and admittedly, we weren't very clear
| about what was required in order to continue working with us.
| After talking with OP today, we re-enabled the business.
|
| 1. Tomorrow, we're regrouping with the team to see how we can
| improve our processes to prevent a similar case from happening
| again.
|
| 2. We're working on a new version of the Stripe Connect
| dashboard right now. There will be much more detail on which
| connected accounts are restricted and how to resolve the
| issues. We're working to release it soon, which I think will
| provide platforms better visibility into the state of their
| accounts.
| gfodor wrote:
| This is why we need a decentralized Internet payment system, like
| email.
|
| This was a non-controversial opinion not long ago.
| cwkoss wrote:
| Isn't that what cryptocurrency is?
| politelemon wrote:
| Your sentence caught me off guard, maybe I am reading it wrong.
| Do you mean email as a payment system, or do you mean email as
| an example of a decentralized system?
| gfodor wrote:
| The latter - a system that is like e-mail (decentralized) but
| allows people to send money to each other.
|
| We have many such systems being developed, but you get
| downvoted on HN for promoting them, since people assume you
| are a scammer, a criminal, etc.
| ilaksh wrote:
| Lol yeah so you are talking about a cryptocurrency but
| actually afraid to use that word. I know, I just did in my
| other comment and I know I will be attacked here.
| ollien wrote:
| Ironically, email is becoming increasingly centralized. See
| this story from just a few days go
|
| https://news.ycombinator.com/item?id=32715437
| gfodor wrote:
| Yes, as with any protocol email is always subject to
| centralizing forces. But protocols like email (to me)
| represent the best possible approach to trying to
| counteract these forces for Internet applications. They
| aren't a silver bullet but maintain the best forms of
| optionality for undermining and correcting them.
| rchaud wrote:
| How can they still be in development when the underlying
| tech has been available for 12 years or so?
|
| In the real world, there is no anonymous e-money that
| doesn't end up having to be laundered back into good old
| cash.
| aynyc wrote:
| If gmail/outlook/yahoo bans you or mark you as spam, you are
| not gonna get much done.
| gfodor wrote:
| Yes the maximally centralized form of a protocol like email
| is the one we have now where a few large actors can collude
| to cut you off from large swaths of the network.
|
| However, that's different than a singular actor, but more
| importantly, nothing is stopping a counterforce from coming
| in and correcting that regime. It's possible we may see email
| revert to a less centralized form over time as various people
| choose to prioritize working that problem (and can make
| headway, because of how email works.)
| Retric wrote:
| The point is email as a protocol is extremely open, but
| email as a network is quite centralized. There aren't any
| great options here because buildings a system is easy but
| interfacing it with the real world and all it's laws and
| bad actors is hard.
|
| What people forget is interfacing with systems designed to
| operate in the real world is at best an abstraction over
| this difficulty and eventually it gets exposed for the mess
| it actually is.
| sbdncuvh wrote:
| jandrese wrote:
| A payment system like that would run face first into Know Your
| Customer (KYC) laws and bet shut down.
|
| This isn't a hard problem for technical reasons, it's all
| political. It's about preventing money laundering and trying to
| fight crime via financial instruments. But it also means any
| payment system that doesn't implement these restrictions will
| almost instantly be overrun by criminals because they are
| highly motivated to find ways of moving money.
| mindcrime wrote:
| _A payment system like that would run face first into Know
| Your Customer (KYC) laws and bet shut down._
|
| Great, then let's change those laws.
| multiplegeorges wrote:
| Why? They are a net benefit to society and above board
| businesses.
| HeyLaughingBoy wrote:
| Why?
| PeterisP wrote:
| Good luck, not going to happen.
|
| Democratic systems won't change these laws because there is
| no popular support for change - there is a reasonably large
| 'law-and-order' and 'corruption-as-main-concern' voter
| demographic who strongly support these laws, and the niche
| of HN techies and libertarians who'd oppose them is
| insignificantly small in comparison; and authoritarian
| systems won't change these laws because their leadership
| supports them even more.
| mindcrime wrote:
| I acknowledge that that is the prevailing sentiment, and
| the obviously correct conclusion. And yet I can't accept
| that kind of defeatist thinking. To embrace defeatism on
| that level is to basically accept that nothing will ever
| change, and we know that things do, occasionally, change.
| It's not always clear exactly what it takes to create
| wide-scale societal change, and yes one could easily
| spend their whole life engaging in activism and die with
| nothing to show for it. Yet people do still persist, for
| their own reasons. And sometimes the good guys do win.
| PeterisP wrote:
| It's not passive giving up - many people, including me,
| consider the social change you want to drive as harmful
| in aggregate, and would fight against it; and I'm
| asserting that at the moment we are in the majority.
|
| I understand the idealistic benefits of freedom of
| payments, however, the KYC/AML restrictions are there for
| valid reasons that simply have much more magnitude of
| importance (for example, the scale of corruption and its
| social harm is so big that even a slight decrease in that
| due to KYC/AML enforcement far outweighs all the current
| social costs of KYC/AML) and removing them would mean
| that in aggregate the bad guys have won. I'm not saying
| that you're a bad guy, but you are an "ally of
| convenience" to them as achieving your position would let
| the bad guys win and I would consider it immoral to allow
| that.
|
| We definitely should strive for better, more accurate
| AML/KYC implementations that have less impact on
| legitimate trade. But arguing for _removing_ AML /KYC
| just because of that is effectively throwing out the baby
| with the bathwater.
| mindcrime wrote:
| Fair enough.
| mmerlin wrote:
| I wonder if criminals didn't have so much money to launder,
| would bitcoin have ever managed to jump the "belief gap" to
| the extreme degee it did, from computational bits of
| cryptographically unique data into actual spendable dollars?
| jollybean wrote:
| We should, but the problem is consumers want the protections
| offered by PayPal and VISA who do fraud analysis and can
| clawback money etc. etc..
|
| There's definitely a space for 'digital cash', for sure, but
| consumers will prefer the former.
|
| When it comes to money, there are just deeply inherent issues
| of dealing with fraud, spam, goods not delivered etc. etc..
| which adds significant overhead to the whole system.
|
| Most people playing above-above board don't have a problem.
|
| Usually in these cases, it's because something semi-shady is
| being sold, and it usually contravenes one of the T&Cs of
| Stripe.
|
| The OP here didn't tell us what line of business they were in.
| gfodor wrote:
| Yes, of course this is a huge challenge. That's the point
| tho, the high order bit is we should want to solve these
| problems and support good faith actors who are actually
| trying to.
| alphabettsy wrote:
| What problems? There are organizations that are not Stripe
| where they have much better support.
| redmen wrote:
| 2OEH8eoCRo0 wrote:
| After all the talk of disruption and innovation that we are
| subjected to these universe brains suddenly turn into troglodytes
| when it comes to these things. I wonder why.
| yuan43 wrote:
| > I feel like I'm going crazy over here. These accounts have
| hundreds of thousands of dollars in them being held hostage by an
| utterly incompetent team / algorithm that seems to lack any and
| all empathy for the havoc they wreak on businesses when they pull
| the rug out from under them with no warning, nor for the impact
| they have on customers when they all of a sudden lose all ability
| to make money. And all that for an account that has been using
| Stripe for nearly 7 years without issue!
|
| When people on HN swear up and down that Bitcoin has zero use
| cases, I think some may be voluntarily forgetting stuff like
| this.
|
| Is Bitcoin a perfect fit here? Probably not. Does it eliminate
| the problem of arbitrary algorithms blocking payments for no
| discernible reason? Yes.
| porquilho wrote:
| My account was disable for dealing with "controlled substances" I
| told them, ok name one, they cant name one because i dont deal
| with any controlled substance, im just a market-market. They saw
| some molecules in my site, saw some weird looking website, and
| thats it this is too wierd for us. and took it down. now im
| calling them stupid over the emails
| spaceribs wrote:
| Could a report to the CFPB move the needle?
| tobinfekkes wrote:
| We are in the process of moving off of Stripe Connect (with 60+
| accounts) for this very reason. It's one big black box. They are
| a liability, not a service.
|
| Very sorry to hear of your situation, but it's because of people
| sharing stories like this that we've been planning our migration
| away to a more responsible (and responsive) processor for awhile.
|
| It's a ton of work to build new integrations, migrate data, and
| disrupt customers. Which tells you just how bad of an experience
| it is with Stripe when we'd rather spend a 6-8 months moving
| away.
| Jiger104 wrote:
| Could you share the reasons you decided to move off it?
| hnburnsy wrote:
| A little off topic but just like the suggestions here to have
| multiple payment processors, in your personal life have multiple
| checking accounts at different banks. Many banks are shutting
| down accounts for no apparent reason most likely due to AML and
| KYC. Your money can be tied up and you have no way to pay bills
| or get cash.
| asasidh wrote:
| BTCPay Server is a self-hosted, open-source cryptocurrency
| payment processor. It's secure, private, censorship-resistant and
| free.
| ta3411 wrote:
| Thank you for sharing this. This is definitely among our
| marketplace existential threat as well. We have a few Stripe
| Connect clients account that got shutdown with zero visibility
| for us the platform account.
|
| I am wondering if anyone has experience with exploring
| alternatives other than Stripe Connect. Our use case involves
| multiple payouts: buyer -> seller -> [us and referral person].
| Especially if you involve multiple payment providers, how do you
| go about handling vault and card data. Stripe Connect and PayPal
| separately have their own vault features. Would it be annoying
| for the buyer to have to re-enter payment information several
| times to save cards on file.
| edwinwee wrote:
| I work at Stripe. Could you email me at edwin@stripe.com and I
| can dig into this?
| smt88 wrote:
| In case this helps, this thread (and others like it) have
| convinced me never to use Stripe. There needs to be an
| official, public policy posted to Stripe's website that
| outlines transparency over deactivations and the process for
| resolution.
| MonkeyMalarky wrote:
| Here it is! The raison d'etre of these posts to HN!
| bee_rider wrote:
| It is nice that people can get a quick fix by hitting the
| front page here, but for the rest of the community we have to
| realize that this is does nothing to fix the systemic issue
| (of course I'm just stating the obvious here, but might as
| well make it explicit).
| aliqot wrote:
| Bless Edwin for being here for us, always, time after time,
| but what a sad state of affairs.
| jlbbellefeuille wrote:
| Edwin has saved me before too. Love Edwin.
| yaythefuture wrote:
| I'm proud to announce that Edwin officially pulled
| through for us today. All our accounts have been
| reactivated.
|
| There are clearly problems at Stripe. But this kind human
| is not one of them.
| trollied wrote:
| You need to explain what happened, and what sector you
| operate in. Doing this support stuff on HN as a last
| resort & getting on the front page is crap in the first
| place, not feeding back is even worse.
| mikece wrote:
| Someone reaching out in this case is nice but what about
| folks who can't get their complaint to the top of the HN
| front page? I'm hopeful the OP gets everything sorted out but
| these no-warning, no-explanation, no-recourse suspensions
| need to be prohibited when the only thing a company says is
| "TOS violation."
| MonkeyMalarky wrote:
| Completely agreed. In the past, my employer has been in the
| same position with a different platform and to say it is an
| existential and Kafkesque nightmare is an understatement.
| ball_of_lint wrote:
| There's a variety of cases where the only legal messaging
| around the suspension is approximately that. Whether or not
| Stripe is doing wrong here, they do have to comply with US
| law and that type of law will result in that shape of
| suspension and therefore this type of story appearing on
| HN.
| fallat wrote:
| You should ask OP first for their email; right now anyone can
| email you claiming to be OP.
| nrmitchi wrote:
| Does that really matter much? There will be additional
| account authentication after an email is sent, and half of
| hacker news at this point already knows "email patio11 or
| Edwin for stripe support"
| nomel wrote:
| They could verify by having OP change their "about" text,
| here on HN.
| moralestapia wrote:
| Or just anyone with an issue actually ...
|
| .. and then it would become a bit unmanageable for 'edwin',
| and then they would have to create support@stripe.com or
| whatever (like literally every other company on earth) and
| set up an appropriate way of dealing with customer
| complaints.
| 55555 wrote:
| You're a nice guy to try and solve OP's problem. But OP's
| problem isn't really the problem. The problem is that OP's
| problem is reposted here weekly by someone new and they have to
| pray that you or someone else use backchannels to solve their
| hellish issue. There's a meta-problem. Can you just dig into
| that problem instead? Then you won't have to dig into these
| sub-problems once a week.
| wswope wrote:
| darepublic wrote:
| I'm sure OP would prefer he dig into the specific problem
| first
| 3pt14159 wrote:
| What we really need is some sort of default arbitrator for
| cases like this. Support gives no answers because "reasons"
| too frequently for too many business critical applications
| and the courts are too slow to fix the problem and building
| in redundancy too costly to compete for most integrations.
| RainaRelanah wrote:
| Your support process shouldn't be so fundamentally broken that
| it requires this to get a resolution. I'm sure this same
| situation has played out with thousands of devs/merchants that
| don't even know HN exists.
| agrippanux wrote:
| I wonder how much you're being caught by protections set up
| against bad actors.
|
| Bad actors have massive incentive to try all sorts of insanely
| advance schemes to ensure their cash flow (I saw this both at
| MP3.com and Zynga early days). As a company, Stripe has massive
| incentive to stop them. If you stop 95% of bad actors and cause
| .01% of good actors to get caught up in the enforcement, that's a
| net win for the company. If I was running Stripe, you'd be an
| acceptable casualty.
|
| Of course to you, you're not an acceptable casualty and this is a
| shitty situation. The advice in this thread about having multiple
| processors you can switch between is a technical and financial
| headache for you to implement, but it's really your best bet.
|
| I'm sorry you're going through this, I hope it works out, but the
| tough love call here is you are an acceptable casualty and need
| to plan accordingly.
| lyptt wrote:
| One option may be to investigate migrating rather than continuing
| to wait on Stripe's lack of customer service. When I was
| investigating Stripe Connect alternatives I found Square to be a
| good option. It was easy to migrate our billing code over and it
| acts essentially the same. The only key difference is the end
| user would access their own Square dashboard and manage their
| funds, rather than it all being managed by you.
| [deleted]
| oussama-gmd wrote:
| On a similar note, my 12 years old active account with payoneer
| has been blocked for a month and half now, same customer support,
| no explanation. There needs to be a law that at least forces them
| to resolve the issue in a timely manner.
| ajhurliman wrote:
| I'm really surprised that they're allowed to operate this
| opaquely as a money transmitter. I'm not familiar with the
| specific regulations of holding a MTL, but you'd think with the
| amount of tight regulation we have in other areas (eg real
| estate) that money transmission would at least require disclosure
| of account status in a timely manner.
| parsnips wrote:
| This problem is endemic in Stripe. I wanted to enable issuing on
| my account to test card issuing, but there was a bug where the ui
| was looping, not allowing me to sign up.
|
| Asked support, got 2 weeks of "we're working on it"'... And
| finally a "You're using Opal, you can't enable issuing".
|
| They're losing thread fast.
| tcoff91 wrote:
| If only there were some kind of permissionless, censorship
| resistant payments system, so that we could operate our
| businesses without being arbitrarily crushed by faceless
| corporations.
| mirzap wrote:
| There is none. Everything can be censured, including Bitcoin to
| which you implied with this comment.
| orionint wrote:
| Used to work for a "high risk" payment processor, we inherited
| tons of accounts that were terminated by Stripe, Square, and
| PayPal. Here's one small bit of inside info that may help the
| newer businesses out there:
|
| Most real payment processors (e.g. banks, merchant services
| companies) "underwrite" a company BEFORE allowing them to
| process. Underwriting means they look over the business model,
| financials, etc and make sure the business is an acceptable risk,
| not doing anything illegal or against their terms, etc. So you're
| more likely to be declined initially, but if you're lit up, you
| should be good for the future because the underwriters actually
| saw the deal and approved it.
|
| While I haven't worked for these other companies, a lot of
| experience seems to show that Stripe, Square and PayPal operate
| differently: they light up ANYONE, and then only underwrite when
| the account hits a critical threshold of revenue. So it's easy to
| get an account there, but if you scale up, that's when you'll be
| scrutinized and potentially terminated. It's a very unethical
| practice because it ends up hitting businesses at the worst
| possible time, when the termination or suspension causes a huge
| financial hit.
|
| So basically, always have a backup processor and use these web
| based services at small scale to prove out your model, but NEVER
| rely on them as your sole payment solution.
| smoovb wrote:
| So if Stripe is one of the best "low risk" processors, who is
| the Stripe of "high risk" payment processors?
| elliekelly wrote:
| Cash.
| pc86 wrote:
| There is no such thing. High risk means high transaction
| costs, high underwriting costs, and lots of
| insurance/legal/compliance work.
|
| Your best bet is to pay the slightly higher fees by going
| directly through your actual bank.
| renewiltord wrote:
| Right, but who's got all that and an easy API and SDK? i.e.
| if you were willing to trade off higher fees for safety and
| slowness of ramping up in a compliance sense, but you do
| want quick dev ramp-up, who do you use?
| bjacobt wrote:
| You can try CenPOS [1] or tempus [2]. Both are easy and
| fairly quick to implement.
|
| [1]https://www.elavon.com/industries/cenpos.html [2]
| https://www.tempuspayment.com/default.aspx
| renewiltord wrote:
| Thank you. Definitely a bit harder than Stripe. I
| understand the difference now.
| abigail95 wrote:
| CCBill
| max51 wrote:
| >It's a very unethical practice because it ends up hitting
| businesses at the worst possible time, when the termination or
| suspension causes a huge financial hit.
|
| You forgot the part where Paypal get to keep your money when
| they close your account. And it's not like they only keep it
| temporarily in case of lawsuits/chargebacks, they just keep it
| forever. I still can't believe that crap is legal.
| vlod wrote:
| Are you saying you should empty your account constantly
| (nightly?) in case paypal gets shut down your account, for
| unknown and un-communicated reasons?
| thewebcount wrote:
| Yes, absolutely. Some banks offer "sweep accounts" that do
| this automatically. If they have to come to you to claw
| back some money, they're more likely to tell you why.
| remus wrote:
| > Are you saying you should empty your account constantly.
|
| When I was involved with taking payments through paypal
| that's what we did. For us there was no value in keeping
| payments in there but there was plenty of risk. We stopped
| using them very quickly though, their fees were ridiculous.
| [deleted]
| synchrone wrote:
| There is even a feature called auto-sweeps that can be
| requested via support to enable automatic daily payouts
| pas wrote:
| yes. the paypal horror stories were very common and
| frequent ~10 years ago. that's how Braintree, Stripe, etc.
| got started.
| yamtaddle wrote:
| Nb PayPal has owned BrainTree since 2013.
|
| You probably already knew that, but for the benefit of
| anyone reading this who didn't.
| donedealomg wrote:
| joecot wrote:
| The difference is between the company having their own merchant
| account with a bank (which is what most large companies do)
| using an online payment gateway, and not having one and
| leveraging the processor's instead (which is what Stripe,
| Paypal, etc provide). When you apply for a merchant account you
| get that approval and underwriting, but with a hefty
| application fee for obvious reasons. If your payment gateway
| shut you down, you can just switch to a different one, but
| there'd be little reason for them to do so. Your bank is much
| less likely to shut you down, because you were preapproved. The
| main reason would be for high fraud/chargeback percentages.
|
| When you use Stripe or Paypal or similar, you don't apply for
| your own merchant account. You make transactions using their
| merchant account. If there's a fraud or chargeback percentage
| issue, the banks will have a problem with _them_ , not _you_ ,
| but it also means the service needs to be proactive in policing
| their clients so the banks never come after their merchant
| accounts.
|
| When starting up a company, use a Stripe or a Paypal to get up
| quickly, but probably ramp up to using multiple quickly, so you
| have backups. As your revenue increases, apply for a merchant
| account and move your transactions over to that. There is an
| upfront cost, but the processing fees are significantly
| cheaper, and no one will pull the rug out from under you
| without quite a bit of correspondence. Even when using your own
| merchant account, you can find processors who will handle all
| the credit card input and transmission on their end instead of
| on your site, which greatly limits your PCI compliance
| requirements. Regardless, when you build your service, abstract
| the payment process such that you can easily add or switch
| providers. Don't be married to a single one, because at the
| least you should be switching to a merchant account when the
| application fee is lower than the transaction fee percentage
| difference.
|
| Source: I also worked for (and was the principle developer of)
| a high risk payment processor, providing a processing gateway
| for individual merchant accounts serviced by an ISO. We tried
| to look at becoming an IPSP (I think that's the acronym),
| letting customers leverage our merchant accounts like Stripe or
| Paypal do, but it was significantly more work and process with
| credit card companies than we wanted to deal with.
| bslorence wrote:
| What is a "large company" in this context? My employer is on
| track to run about $5m through Stripe this year, which will
| be our fourth full year using Stripe. Our first year we did
| about $2.75m. This year I've been getting occasional emails
| from a Stripe sales rep for the first time, which suggests
| that we've crossed some sort of threshold...
| hartator wrote:
| Interesting. What will be the provider you recommend? Any
| local banks?
| joecot wrote:
| Unfortunately I know little about the process for actually
| applying for a merchant account or where to get it from.
| That's what the ISO we partnered with handled. Also it was
| "high risk" accounts ( _cough_ adult _cough_ ), that is
| different banks than you'd be using. Same with the
| competitor payment processors I'm aware of. If you're
| unfamiliar with the process and can't find a bank to walk
| you through it, an ISO is not a bad idea. They'll walk you
| through the process and help you find a bank, and also a
| processing gateway. They'll also add a margin on the
| processing fee, but it's not a big one, and certainly less
| than paypal or stripe.
|
| For processors starting out, there's nothing wrong with
| using Stripe or Paypal etc. When you ramp up to using your
| own Merchant Account, Authorize.net isn't too bad as long
| as you're not doing recurring payments (those get tricky),
| or maybe even Rocketgate.
| tough wrote:
| I think the best solution here, is add a payments
| orchestration solution to your stack.
|
| There are others, I know of this spanish startup
| integrating with stripe.
|
| In this way,you can have both your bank TPV/ Payments and
| Stripe working alongside, if any fails just put the other,
| or the one giving better prices by default, etc
|
| https://monei.com/es/features/payments-orchestration/
| mnahkies wrote:
| This seems sound for one off transactions, but I'd be
| interested in how to make this work with subscriptions,
| assuming you don't want to take the PCI burden of holding
| the raw card details - is it a case of asking all your
| customers to resubmit their details to the new payment
| processor?
|
| I guess in the case of the orchestrator you linked they
| retain the card details and can then charge using any of
| n processors, though I'd be interested in thoughts from
| the overall thread where people are advising to be ready
| to change payment processor
| joecot wrote:
| If someone uses WooCommerce for their store, they have 79
| different payment integrations, including Stripe, Paypal,
| Amazon Payments, along with merchant account gateways
| like Authorize.net. Some of them are paid extensions but
| rather cheap considering the use.
|
| https://woocommerce.com/product-category/woocommerce-
| extensi...
| tough wrote:
| What Im talking about is to add another abstraction
| layer, so you can have both payment processors and decide
| which use on the fly, both integrated with any ecommerce
| framework you use
| ecommerceguy wrote:
| If in fact High risk is necessary then NMI is the most
| common gateway. Be careful they require a rolling reserve
| and can require multiple buckets capped at a certain
| amount, commonly 50k / month.
|
| We write a few a high risk accounts per month. As a
| matter of fact I just had a call center run across my
| desk a few hours ago.
|
| Exhaust all underwriting options as each processor has a
| different risk tolerance. For instance this call center
| is now using NMI and a rolling reserve, I've found
| another processor (one of the big 5) that will not fall
| under the High Risk thus saving a boat load not to
| mention negating the accounting nightmare that comes with
| rolling reserves and high risk processing.
| justinc8687 wrote:
| Spreedly is a very good provider for this.
| subhro wrote:
| American Express and Chase. I have both and they are
| awesome... so far.
| [deleted]
| hn_user2 wrote:
| One thing that is almost impossible to do on your own is to
| get a merchant account that you will be using to process
| payments on behalf of others. So if that is your business
| model, you are almost certainly in for the fight of your life
| with banks and merchant providers, along with some stupidly
| high reserve funds.
|
| Stripe makes this super easy, but it is a house of cards
| based on stories like this one. So I agree, you still need to
| get your own merchant account, and not rely on stripe as you
| get larger, but depending on your business model it might be
| taking more of your time generating due diligence documents
| than an acquisition.
| joecot wrote:
| Yes, this is why my previous company never went the IPSP
| route (letting customers accept payments with your merchant
| account). They are incredibly arduous to get approved, you
| practically need to have a bank CEO as your godfather to
| get it. Also you need to be at least PCI Level 1, which
| involves actual auditors going through your business and
| policies. That part is significantly easier than the IPSP
| though. OP doesn't sound like they were trying to do that
| though. They talk about their client's individual Stripe
| accounts being turned off.
|
| This is probably what a business like OP's would need to
| do. When their customers are small, use a processor like
| Paypal or Stripe. But as customers get larger, OP should
| probably do what we did: partner with an ISO, who can get
| the customer their own merchant account. OP still does the
| processing for them, but the risk and finances run directly
| through the client, not OP. The ISO can also add in a
| margin on the transaction fees for OP if that's part of
| their business model.
| shadowgovt wrote:
| More specifically: if you're in the business of processing
| payments on behalf of others, you actually have "bank" as a
| core competency / requirement of your business model and
| need to make your plans accordingly (or carry the added
| risk of having your core business model outsourced).
| sudden_dystopia wrote:
| This is how an auto insurance company I used to work for wrote
| policies. They didn't underwrite them until there was a claim
| and then they would rescind the policy and deny the claim when
| they found a "material misrepresentation". They called it
| underwriting on the back end.
| ddalex wrote:
| This seems like straight fraud.
| [deleted]
| jtbayly wrote:
| What company!!!??? Please don't just leave all of us hoping
| we aren't the unlucky guy that is using that company.
| encryptluks2 wrote:
| I wouldn't be surprised to find it is most insurance
| companies. The insurance industry as a whole is seriously
| messed up and congress seems unwilling to do anything about
| it.
| tharne wrote:
| > I wouldn't be surprised to find it is most insurance
| companies.
|
| In the U.S. I guarantee you that most insurance companies
| are NOT doing this. What this company is doing is called
| "Bad Faith" in insurance jargon. And the penalties for
| this sort of behavior are enormous, and can even include
| the possibility of the company losing its license to sell
| insurance in a particular state.
|
| > The insurance industry as a whole is seriously messed
| up and congress seems unwilling to do anything about it.
|
| Congress doesn't do much with insurance because insurance
| in the U.S. is regulated at the state level, not the
| federal level.
| encryptluks2 wrote:
| LOL, wait until you hear about ERISA and learn that
| everything you just said is wrong for most employee
| insurance plans and that you can't even get damages when
| they act in bad faith.
| tharne wrote:
| > LOL, wait until you hear about ERISA and learn that
| everything you just said is wrong for most employee
| insurance plans and that you can't even get damages when
| they act in bad faith.
|
| We may be talking past each other here. I was referring
| to property and casualty insurance in my comment, while
| it sounds like you're talking about health and disability
| insurance. Two completely different worlds and regulatory
| frameworks.
| treis wrote:
| It's half true. There's not really underwriting for auto
| policies like there is with life or home insurance. You
| register your rating rules with the state and anyone who
| qualifies gets a policy. All the risk calculations and
| pricing are just look up tables and done automatically.
|
| Now if you are in line for a large payout the insurance
| company will definitely review your application to see if
| you lied. Significant lies will get your policy cancelled
| and no payout. So don't lie on any insurance
| applications.
| hnburnsy wrote:
| Come on give us a hint or maybe just the company mascot?
| caeril wrote:
| Costco Merchant Services did exactly this to us way back in the
| day( 2007-ish?). We switched from our previous merchant account
| bank due to better rates near the beginning of that year.
|
| Everything was fine, up until right after Thanksgiving. This
| was an ecommerce company, so a sudden 500% increase in
| authorization volume is pretty normal and expected. Well, not
| to Costco ( or rather, the bank whose services they were
| reselling ). Our account was immediately deactivated, and we
| ended up having to spend a week begging our previous bank to
| reactivate our previous account.
|
| That first night was, personally, an all-nighter writing janky
| code to encrypt cardholder data with ephemeral keys and store
| it off-database on an isolated, firewalled host (in order to
| pass the PCI-DSS SAQ coming to us in January), ship the product
| anyway, and hope that we'd be able to authorize a reasonable
| percentage of that unauthenticated cardholder data in the
| future.
|
| This is what happens when you make business decisions based
| purely on price -- or in the case of Stripe, developer
| convenience.
| dangerboysteve wrote:
| Costco or Elavon ?
| zerr wrote:
| Why those web services don't leverage from the fact/data that a
| real bank has already vetted you? And you use a real visa/mc/ae
| cards. They anyway block you.
| rchaud wrote:
| > a lot of experience seems to show that Stripe, Square and
| PayPal operate differently: they light up ANYONE, and then only
| underwrite when the account hits a critical threshold of
| revenue.
|
| Sounds similar to how subprime lenders doled out the mortgages
| without any due diligence. They skimmed their bit off the top
| in transaction commissions, but later dumped them before they
| became a compliance hassle.
| suzzer99 wrote:
| It's also the exact same model that private health insurers
| used before Obamacare. Do minimal underwriting unless someone
| gets really sick, then scrutinize the hell out of it, even
| offer bonuses to employees based on how many claims they find
| reasons to deny.
| marcosdumay wrote:
| As a rule, there's nothing wrong about a default to accepting
| making deals with strangers.
|
| And that's the only thing similar in here. The payment
| processors are not selling anything by fraudulent claiming
| they evaluated their quality.
|
| What they do have is a very bad customers service that is
| prone to a different kind of crime (withholding people's
| money) and create a very unique kind of risk they don't
| communicate to their customers.
| illumin8 wrote:
| I'm pretty sure this would be considered a deceptive
| business practice by most courts of law. You can't just
| straight up lie about the terms of a business agreement -
| i.e. if you say you've evaluated a customer's
| creditworthiness but you really haven't I think there is a
| very good argument that any agreement was not made in good
| faith, however, Stripe's ToS probably requires mandatory
| arbitration, etc, so I'm not sure what recourse you have as
| a customer.
| jacobr1 wrote:
| Arbitration doesn't mean no-recourse or bias toward to
| the provider.
| marcosdumay wrote:
| Arbitration does absolutely means a bias to the party
| that requires it. You can't have a long-term relationship
| with a company and not acquire some bias.
| bombcar wrote:
| Even if the arbiter is pure and just the company will
| learn how to represent its side in the best light before
| the arbiter; it has many chances to learn.
|
| The other side has one chance to learn.
| jacobr1 wrote:
| Right, think about it as a consumer. I don't want a gas
| station to run a credit check, or ask for proof of
| employment before I fill my tank. They just accept the
| card. But that does mean they bear risk for chargebacks if
| the card was stolen.
| tootie wrote:
| My company uses Stripe among others. We do on the order of 8
| figures of transactions over all our payment channels. Not a
| whale by Stripe's standards, but not nothing either. We also
| have enterprise agreements in writing and signed contracts with
| all of them. It wasn't necessarily an underwriting process as
| far as I know, more of an enterprise software licensing
| agreement. But either way, they are obligated to provide
| services under the terms of the contract. The terms include
| some commitment to future use and get us at least a smidge of
| discount off their fees. As much as startups love buying
| services with transparent pricing where you just pick a service
| level and plunk down a credit card, when it's business
| critical, just call their biz dev team and ask for a contract.
| smrtinsert wrote:
| Agreed this deserves a blog post. Very interested in best
| practices around providing payments.
| saurik wrote:
| FWIW, PayPal tells you that if you expect to run a large
| business with them you should call them and escalate yourself
| to underwriting BEFORE you massively scale something up that
| might cause them to flag your account; and so, unlike with
| Amazon Flexible Payments--which did screw me over soon after I
| started operating--I never had issues with PayPal, as I
| followed their process and thereby had an assigned sales agent
| who could negotiate with underwriting from the get-go.
| trollied wrote:
| Great post, thank you. Makes sense. Have applied for stripe
| myself, and was amazed there weren't more hoops to jump
| through. I guess they eat the risk until a threshold, as you
| say.
| ahmedalsudani wrote:
| This explains all the mysterious and opaque decisions that are
| regularly posted here by affected businesses.
|
| Thank you for sharing your insight!
| awinter-py wrote:
| seriously you should write this as a blog
|
| (or if you are trying to be pseud, let me interview you and
| I'll write it)
|
| if this is SOP it's important information
| toomuchtodo wrote:
| Would appreciate this blog or further deep dives; I'd like to
| take it to legislators and regulators demonstrating a
| regulatory gap.
| atlasunshrugged wrote:
| What specifically is the regulatory gap here?
| awinter-py wrote:
| 'due process' concerns around sudden blocking of routine
| traffic -- should platforms give notice, are they
| required to justify the ban in terms of their TOS +
| enforcement history, what is the time scale of appeals,
| can customers appeal to an independent body, and
| reporting transparency for enforcement
| toomuchtodo wrote:
| This. If you're providing financial infrastructure, there
| should be exception recourse versus customers having to
| come to public forums to beg for help. You know, like
| banking regulation.
| sroussey wrote:
| The "gap" is a customer choice though. I ran payments
| myself in 1999 and had to get a merchant account and deal
| with the bad APIs of the time. People can do this today. Or
| use Stripe. Not a great choice, but still a choice.
| layer8 wrote:
| I'm curious what benefit you think publishing the comment as
| a blog post would provide over the existent HN comment (which
| also has its own URL:
| https://news.ycombinator.com/item?id=32855106). Possibly
| better SEO?
| AkshatJ27 wrote:
| More detail?
| i_am_jl wrote:
| I don't think it's unreasonable to think that a blog post
| has an easier time gaining traction than a HN comment
| outside of HN users.
| layer8 wrote:
| How, other than SEO? If you want to share a link to it,
| you already can.
| cubecul wrote:
| More that you can go deeper in context / detail, with
| images, styling, better links
| collyw wrote:
| Name a blog post that has stuck with you because you
| learned something useful. Could you search for it and
| find it easily? Now do the same for an HN comment.
| pessimizer wrote:
| I'm pretty confident I could find any HN post that I
| remember with the search box at the bottom, or by
| googling it with site:news.ycombinator.com.
|
| With, half of the blogs that I liked I can't remember the
| name of the blog, it's probably either been dropped from
| search engine indexes for being older than a year or two
| or pushed to the 10th page by better SEO, or the site has
| simply vanished.
| layer8 wrote:
| That's usually easy using Algolia when you have
| sufficiently unique search terms, but otherwise that's
| what I meant by SEO. Any other reasons?
| humanistbot wrote:
| I've literally never seen a link to an HN comment go viral
| on social media, such that my non-HN friends would read it.
| It happens for blog/medium/substack posts all the time.
| layer8 wrote:
| But for what reason? The styling?
| elliekelly wrote:
| Definitely. HN is suspiciously devoid images. To most
| people on the internet in 2022 that alone makes it wholly
| uninteresting.
| klyrs wrote:
| I often wonder how the site survives without sticky
| autoplay videos popping up halfway down the page and
| covering 80% of the content...
| dotancohen wrote:
| Surely it's due to the mobile application that HN is
| always pushing. And the invasive tracking. And the
| paywall. And the ads, the ads go without saying.
| bombcar wrote:
| The ads keep HN alive. But because each one only needs to
| sell "one product" (the job they're hiring for) nobody
| hardly notices them.
| easrng wrote:
| It uses images for the upvote/downvote arrows, the Y in
| the header, and the spacer gifs in the table layout (yes,
| HN uses table layouts)
| codehalo wrote:
| HN reads like grumpy old tech and finance guys in Dockers
| pants and Alligator t-shirts stuck in 2000.
| Tao3300 wrote:
| They're alligator polos, you rugrat!
| q7xvh97o2pDhNrh wrote:
| > I've literally never seen a link to an HN comment go
| viral on social media
|
| I've never thought about this, but now that you've
| pointed it out, I'm realizing this is genuinely a
| _fantastic_ feature.
|
| Sounds like yet another of the many perks of the spartan
| design here. All substance, with just a hint of
| (cascading) style.
| awinter-py wrote:
| Good question. Feels like there's two Qs in there: 1) when
| is long-form better than short form, 2) why write about
| problems at all?
|
| 2. Why write at all: consensus drives policy change, and
| information drives consensus. Writing, of any length,
| assembles information, bundles it into an argument, and (if
| the argument lands) becomes a 'capsule' around which
| consensus can form.
|
| 1. Why long form: room for nuance and research. Long form
| can include different perspectives (including stripe's --
| perhaps they have a reason for these practices). It can
| address questions like 'what % of the industry behaves this
| way, what are the downsides to the banks' approach'. The
| interview + editing process can tease out anecdotes that
| sharpen the argument, or uncover new aspects of the
| problem.
|
| This part is selfish, but for the writer, long form lets
| you improve your own knowledge of the topic, and your
| ability to make arguments around it.
| layer8 wrote:
| Ok, I thought you meant publishing the same text as in
| the comment, but as a blog post. So what you actually
| meant was "please expand on this in longer form". So
| "blog" not necessarily as a publishing medium, but as a
| genre of text.
| [deleted]
| nibbleshifter wrote:
| People outside of HN are more likely to click on and read a
| link to a blog post than a link to a random HN comment.
|
| A blog post also feels more trustworthy than a random
| social media site comment.
|
| Shocking, I know.
| downrightmike wrote:
| And don't they use a bank's services so they don't have to go
| through the normal 'if you're going to be a bank' scrutiny? I'm
| guessing that they have a requirement from the banking service
| to vet anything that would normally need underwriting
| otherwise.
| hef19898 wrote:
| Added benefit, those real service providers, banks, cannot let
| you hang for that long without repercussions. Especially if it
| is reasonably sized business accounts and clients they have
| quite an incentive not to. Not all rosy of course, but much
| better it seems than those oyhet payment providers.
| WalterBright wrote:
| I also learned the hard way to never rely on a single payment
| processor. It was an expensive lesson. Of course, being thick-
| headed, I had to learn this lesson twice before it stuck.
|
| Always have at least two payment processors. If you've got a
| lot of money on the line, get a third lined up, too.
| ryandrake wrote:
| Yep, as I was reading OP's story I kept waiting to get to the
| part where he switched to his backup payment processor and
| life went on. My brain: "You do have a backup payment
| processor, don't you? Don't you??"
|
| If you're running a business and you find that it is utterly
| dependent on some single point of failure, you'd think that
| would be something you'd want to correct ASAP.
| zhengyi13 wrote:
| I used to work in technical/customer support for an
| internet payment gateway. The esoterica of internet
| payments are pretty out there; most of the people who
| called us just wanted to sell their widgets -- they
| _barely_ understood what we were talking about when we 'd
| ask them where they had their merchant bank account.
|
| ... which is to say that, yes, you and I as people who work
| deeply in a space, of course we know this thing is a SPOF.
| Everyone else? They don't know that. It took me a long time
| to acquire the empathy needed to talk them through this
| stuff, but it made me a better communicator, and it helped
| an awful lot of them understand.
| rstupek wrote:
| I think the part you missed is he's using Stripe Connect
| and its 35% of the merchants through him that lost the
| ability to process cards?
| candiddevmike wrote:
| How do you handle recurring subscriptions with this setup?
| justinc8687 wrote:
| You use a 3rd party payment orchestration platform.
| Spreedly and Very Good Security both offer this and we use
| them for our business.
| sgc wrote:
| I am not familiar with this. What makes them less of a
| single point of failure?
| collegeburner wrote:
| Presumably you have to get certified with SAQ D for
| actually storing your custopmers payment info instead of
| tokenizing. Huge hassle.
| jjeaff wrote:
| It is a hard lesson with an expensive solution.
|
| I agree with you, as you grow, you have to diversify.
| However, services like Stripe Connect are more difficult and
| time consuming to replicate. Stripe connect handles the
| processing of many different accounts and handles skimming
| the commissions and then depositing the proceeds into the
| individual bank accounts of your users after doing some
| cursory KYC. This service is of course not compatible with
| similar services offered by other processors, so you will
| have to write all the handling logic and integrate with the
| KYC providers and possibly separate ACH deposit providers on
| your own.
|
| In other words, there is a lot of lock-in with services like
| Stripe Connect.
| ianhawes wrote:
| I will take the OP's story at face value, but I think a common
| theme in these sort of posts is the "Stripe not happy with my
| business model" angle which typically does not actually include
| any details about the business model.
|
| For example, a few weeks ago the founder of Tailwind tweeted [0]
| about how Stripe had shut down their account when they were set
| to launch the Tailwind Job Board, despite many other job boards
| also using Stripe and there being no obvious increased risk. Any
| rational person would protest the fact that Stripe does not
| approve of this business.
|
| Compare that to what I've seen on various Facebook groups about
| Stripe shutting down accounts. People aren't descriptive about
| what exactly they're selling and it usually boils down to
| "coaching" or some other gray area.
|
| [0] https://twitter.com/adamwathan/status/1550092016242946049
| elicash wrote:
| > Any rational person could see the issue with Stripe not
| approving of that business.
|
| Genuinely can't tell what you're suggesting the business model
| problem is with Tailwind Jobs?
|
| According to the CEO at Stripe, the issue with the Tailwind
| example you listed was "a major uptick in attempted fraud over
| the first half of this year that necessitated making our
| systems stricter. But have an idea for a structural fix here.
| More soon." And then Tailwind Jobs was reactivated.
| [deleted]
| CharlesW wrote:
| Stripe reactivated the Tailwind account the same day, which
| means something at Stripe was broken in that case.
|
| How is "coaching" an obvious gray area?
| Tomte wrote:
| No, it means the case got enough attention on social media.
|
| Just like here. We have those "Stripe shut me down" posts on
| HN regularly.
|
| Oh look! 49 days ago:
| https://news.ycombinator.com/item?id=32263421
| treis wrote:
| There's no real product so they're easy to spin up and run a
| bunch of stolen CC numbers through.
|
| ETA: Either the site all together or as an individual coach
| on the platform.
| cronix wrote:
| I'd wager if Adam didn't have over 100k followers on Twitter,
| and wasn't a big deal in the web development community (most
| have heard of either him, or at least TailwindCSS), he'd get
| the same treatment as the OP, which is "you did one or more
| things wrong that's listed on this huge page of conditions,
| go figure it out."
| mritchie712 wrote:
| I'd imagine many "coaches" promise the world and deliver very
| little. They likely have very high chargebacks / returns /
| disputes that Stripe would rather not deal with.
| multiplegeorges wrote:
| When I bought the All-Access pass from Tailwind Labs last
| night it went through Paddle.
|
| Looks like this erroneous holds/deactivations are costing
| Stripe real business.
| teraflop wrote:
| > Any rational person could see the issue with Stripe not
| approving of that business.
|
| I think of myself as a fairly rational person, and I don't see
| the issue. Would you mind spelling out whatever you're trying
| to imply?
| ddevault wrote:
| The comment was phrased poorly and is difficult to parse.
| Better worded, same meaning: any rational person would
| protest the fact that Stripe does not approve of this
| business.
| ianhawes wrote:
| It sounded OK in my head :-)
| Ancalagon wrote:
| I think they're saying Stripe thinks those businesses are
| scams, illegal, or otherwise in gray areas that Stripe would
| rather not support. There's probably some automated decision-
| making happening on the backend so there are edge cases where
| good business are getting shut down on accident.
| toss1 wrote:
| If that is the case, that is fine.
|
| Then Stripe can FORKING SAY SO UP FRONT.
|
| And those businesses can grumble but go elsewhere
|
| Implying that you are happy to take on responsibility for
| infrastructure of someone's business, then unilaterally and
| without notice or opportunity to cure any issue, is pretty
| much tantamount to theft. Stripe in this case appears to be
| accepting money, then failing to provide service, and in
| this case is even holding onto money paid to their
| customers. This causes a lot more damage to others than it
| does to Stripe.
|
| I don't like externalizing problems to other parties as a
| business model.
| donmaq wrote:
| > I don't like externalizing problems to other parties as
| a business model
|
| You just described the entire gig economy
| toss1 wrote:
| YES! I have no idea why you are being downvoted on that -
| while it wasn't in mind while I wrote it, it does indeed
| apply! All the problems are at placed on the gig worker
| and the Ubers/AirBnBs/Instacarts of the world provide the
| software and work to shed as much responsibility as
| possible onto the drivers/hosts/workers. Apparently,
| there's a fair number of ppl on here who either do not
| see that or whose salary depends on them not seeing it.
| marckohlbrugge wrote:
| I think the author refers to "Stripe not approving the
| business" as an issue.
| anigbrowl wrote:
| A Job Board not being approved, despite many other job boards
| also using Stripe and there being no obvious increased risk.
| zzzbra wrote:
| my thoughts exactly
| tlb wrote:
| Yes, they almost always fail to mention it. Then it turns out
| they're selling cannabis to Iran or something. And (rightly so)
| payment processors can't tell us what the problem is. So I'm
| inclined to flag all such stories missing the obviously key
| information.
| Judgmentality wrote:
| This really sounds like you're biased since your YC
| affiliation means you're invested in Stripe, and your
| statement essentially reads as "the (YC company) is always
| right, and the customer must prove otherwise." This mentality
| is largely the reason people hate tech/SV in the first place.
| cm42 wrote:
| "rightly so"
|
| What possible benefit could there be to _anyone_ in "golly
| gee, who could possibly know?" vs. "It's because you're
| selling cannabis to Iran, stupid"?
|
| My guess is that it's because most people _aren 't_ selling
| cannabis to Iran, and the Real Problem is the liability they
| [Stripe, et al] would be exposed to if they admitted their
| billion-dollar system (and/or call center employees) can't
| distinguish between Cuba and a cubano.
| zzzbra wrote:
| maybe I'm not a rational person but could you explain why they
| would not approve of that business?
| multiplegeorges wrote:
| > Any rational person could see the issue with Stripe not
| approving of that business.
|
| I guess I'm not rational. What's the issue with running a job
| board and charging for posts through Stripe?
| rco8786 wrote:
| What is wrong with a job board or a coaching business?
| manquer wrote:
| Nothing is wrong.
|
| The risk profiles are different. That is only thing the
| payment processor cares about, same reason why adult services
| get shunned. Not because they are puritans, it is because of
| risk of frauds and chargebacks etc are much higher .
|
| Coaching is a service unlike Tailwind the software that can
| varying success and satisfaction levels customers probably do
| higher chargebacks and stripe's automated systems or low
| level staff with a playbook likely rejected it until someone
| senior got to see the bad press and got it fixed.
| posguy wrote:
| Unless you get a decision overridden by Edwin your pretty much
| stuck using an alternate payment process. I have been thankful
| Edwin was available here on HN, and Stripe definitely has a
| much more reliable product than competitors.
| leobg wrote:
| Who's Edwin? Is that the username here? I'm having the same
| issue. Was hoping to resolve this using customer service
| rather than through social media. But I just can't seem to
| talk to any real human at Stripe.
| edwinwee wrote:
| What issue are you seeing? Could you email me at
| edwin@stripe.com?
| leobg wrote:
| Thanks Edwin for reaching out. I'm on mobile right now,
| but I'll email you tomorrow.
| posguy wrote:
| See this comment:
| https://news.ycombinator.com/item?id=32854831
|
| Email Edwin and also reply to their comment on HN conveying
| the high level summary of what you think is going on with
| your account.
|
| Normal Stripe support reps seem to stick to the script no
| matter what. Edwin has fixed edge cases for HN users in the
| past thankfully.
| TigeriusKirk wrote:
| There's actually a response from Patrick Collison in that
| thread that may shed some light on OP's case.
|
| https://twitter.com/patrickc/status/1550136569482252289
|
| ""What is happening?" => basically, a major uptick in attempted
| fraud over the first half of this year that necessitated making
| our systems stricter. But have an idea for a structural fix
| here. More soon. (DM me if you've had problems on this front.)"
|
| The DM part may only apply to the high profile person he's
| responding to. :-)
| KennyBlanken wrote:
| Making your systems stricter will have the obvious side
| effect of increasing false negatives. Not scaling support, or
| fixing what is clearly a fundamentally broken support system,
| is incompetent.
| leobg wrote:
| Exactly. Especially when your decision is hitting a
| business right where it hurts: Cutting off revenue and
| invalidating customer-facing payment links.
|
| How can any founder rely on Stripe, much less recommend the
| platform, if you need to have a backup system in place
| "just in case".
| technick wrote:
| Check out Recurly as a alternative to stripe.
| trollied wrote:
| This is not a support forum. If you wanted some sympathy or
| actual decent conversation about what's happened to you, then
| you'd include the industries involved / products etc. I do wonder
| why you didn't.
| dsr_ wrote:
| Counterpoint: HN (and Twitter) certainly seems to be the
| complaint forum of last resort for Stripe, Google, some AWS
| issues, and so forth.
| sergiotapia wrote:
| Huge warning signal to not use Stripe if this is their level of
| support for large business. If you're this large how do you not
| have one guy right accessible through a direct phone call?
| Stripe's slipping.
| hot_gril wrote:
| Happened to my startup too. But the alternatives turned out to be
| even worse. We capitulated.
| mikece wrote:
| At what point does it make sense to sue these companies to compel
| them to answer these questions? I know, that's expensive... but
| I'm willing to contribute to a legal fund to make payment
| processors answer questions.
| yakorevivan wrote:
| Same here... from a developing country, but still will
| contribute. These kind of actions by such monopolies piss me
| off badly.
|
| Go sue them. Also, cannot a class-action lawsuit be initiated
| against them? We already have many people going through such
| cases...?
| dmitrygr wrote:
| I'll contribute a few hundred bucks too
| dt3ft wrote:
| Hint: at this point. Right here. Right now.
| mikece wrote:
| Of course a logical question is: with whom do you set up a
| "Fund me" drive to sue the likes of PayPal and Stripe?
| snowwrestler wrote:
| Usually you would start with a "lawyer letter" and hope it
| adds some urgency to resolving your issue. Those are way
| faster and cheaper than actually filing suit.
| aynyc wrote:
| A law firm probably has an escrow account set up for this.
| [deleted]
| data_maan wrote:
| I second this!
|
| Also, a lobbying effort should be funded, to compel these
| companies by law to provide detailed feedback.
| [deleted]
| aliljet wrote:
| Corporations that provide critical services that would
| otherwise be hard to find elsewhere (Stripe, perhaps) use these
| legal threats to completely shut their customers out of their
| closed ecosystems. If you hold them to account, you pay a stiff
| penalty on the other end being denied access to the services
| they monopolize. And you are very likely compelled to operate
| using their arbitration schemes and you will have no path to
| swift action. I don't know how to get around this and it
| remains the primary reason I walk away from companies that
| operate terribly with their customers (I see you, AirBnB --
| https://www.airbnbhell.com/), but who provide services that I
| sometimes really need. I'd love to understand from a lawyer
| what REAL paths customers have to finding swift and fair (I
| should lose sometimes too!) justice without an extra-judicial
| penalty put down by a company operating a semi-monopoly.
| JohnHaugeland wrote:
| > If you hold them to account, you pay a stiff penalty on the
| other end being denied access to the services they
| monopolize.
|
| Looks like they've already paid that penalty
| PeterisP wrote:
| I'm not sure if suing is a reasonable way to go - suing would
| work if there's a legal right to continued service or "answers"
| but IMHO there is not, technically for such B2B deals Stripe
| has the legal right to say "you haven't broken any explicit
| restriction or terms of service, but we simply decided to
| terminate the contract because we didn't like your business" or
| "we threw a bunch of dice and arbitrarily chose to".
| anovikov wrote:
| Maybe it's just some competitor using bots to falsely report you
| and/or your customers to ruin your business intentionally?
| pookha wrote:
| I'm about 90% certain it's an algorithm. This sounds like the
| classic PFA vs PD tradeoff...Stripe either lets the bad guys
| get away with using their "platform" for ill gotten gains or
| stripe stops the cretins while at the same time ruining
| people's lives.
|
| And it looks like Stripe has been targeted by US State
| Attorneys frequently https://decrypt.co/42444/stripe-
| pays-120000-to-steer-clear-o.... So I can't fault them. They've
| got hundreds of thousands of irate algorithm victims that
| they're dealing with but those victims can't throw them in jail
| or seize their assets.
| MonkeyMalarky wrote:
| I've heard accusations of companies purposefully hiring bot
| farms to click on their competitors' ads and blow their budgets
| / get them dropped for excessive click fraud. It's rough out
| there.
| pier25 wrote:
| This kind of stuff really scares me. I'm bootstrapping a SaaS
| and my big competitors could crush me real easy with stuff like
| this.
| boringg wrote:
| Can I ask what the line of business is? I'm not victim blaming I
| am curious if this is part of the issue.
| blahyawnblah wrote:
| Don't wait for a response. Swap out stripe for something else so
| that you can process payments. If they give a satisfactory
| response and restore you could switch back
| imdsm wrote:
| Stripe CEO Patrick Collison:
|
| "What is happening?" => basically, a major uptick in attempted
| fraud over the first half of this year that necessitated making
| our systems stricter. But have an idea for a structural fix here.
| More soon. (DM me if you've had problems on this front.)
|
| https://twitter.com/patrickc/status/1550136569482252289
| sschueller wrote:
| Why is it still possible to commit so much fraud with credit
| cards? Where is the second factor for CC use online or some
| other more secure way?
|
| When I use my VISA chip and pin credit card online I sometimes
| depending on merchant/amount/etc have to approve the
| transaction via the credit card app. Should this be the defacto
| standard?
| tdeck wrote:
| It's because merchants tolerate a certain amount of fraud
| loss in order to reduce friction for the customer when making
| a payment. The same reason nobody ever checks you ID when you
| pay with a credit card in a store (unless you're in Vegas
| where they seem to do that, for some reason).
| neonate wrote:
| That tweet was posted in July about a different case. At least
| I assume it was different.
| spape wrote:
| How about none-custodial payments?
|
| https://depay.com
| wbraunstein wrote:
| As you are, I'd focus on my business first. How do you get Stripe
| out of the equation? Stripe exists, in part, because of how bad
| the incumbents were, and could never innovate. But now that they
| have competition, could you switch?
|
| I mean I love supporting startups, and YC, but Stripe has a $100b
| or whatever valuation... They'll be cool.
| droopyEyelids wrote:
| It sucks this happened to you, but like with all the PayPal hate
| stories, I notice you're very careful not to describe what type
| of business you operate.
| awinter-py wrote:
| you're implying the business is illegal or violates TOS?
|
| if it's egregious, I'm assuming someone from stripe could get
| in here and ask permission from the OP to explain to the
| community what happened?
| cwkoss wrote:
| The overwhelming majority of stories I hear about paypal
| fucking over businesses are about benign transactions.
|
| I don't think your judgmental paranoia is founded.
| derbOac wrote:
| FWIW, there was a story about this sort of issue on national
| radio (in the US) a few weeks ago. The gist of it was "I can't
| rely on Stripe for my payment system because they vanish too
| much for too long."
|
| The businesses were very not shady, and nowhere near morally
| controversial.
|
| My impression from that piece and these stories is that Stripe
| is having some technical problems and it's wreaking havoc
| everywhere.
| yaythefuture wrote:
| I'd be curious to listen to this if you have a link?
| derbOac wrote:
| I was trying to find it but can't... I thought it was on
| Planet Money but might not have been. I'm pretty sure it
| was a program on NPR because that and college radio are
| about all I listen to on the radio, and it wasn't a
| podcast.
|
| I wish I could remember the details better. They were
| focused on small business owners, retail mostly. I think
| they started out with an interview of someone with an
| interior design-related business.
| chernevik wrote:
| The post does note that Stripe has been supporting this
| business and these customers for years.
|
| If for some reason Stripe wants to withdraw that support, they
| must give their reasons and a proper period for transition to
| another provider.
| mikece wrote:
| Does it matter? PayPal and Stripe don't advertise that they
| will only do business with organizations with which they agree.
| To accept a business as a client for a mission critical service
| like payment processing and then summarily cancel or suspend
| service without notice should be able to be prosecuted the same
| as someone who vandalizes a physical storefront to the point
| they cannot open for business. This is non-trivial and PayPal
| and others are acting like rat bastards to accept a client, get
| them dependent, and then dump them without warning.
| wpietri wrote:
| Is it all companies that can no longer decide who they do
| business with in accordance with the terms of the contracts
| in place?
| jabroni_salad wrote:
| https://www.paypal.com/us/legalhub/acceptableuse-full
|
| always read the fine print
| deng wrote:
| > PayPal and Stripe don't advertise that they will only do
| business with organizations with which they agree.
|
| Huh? Of course they do. Just one example:
|
| https://www.paypal.com/us/smarthelp/article/what-is-
| paypal%E...
| bagels wrote:
| It does matter if it actually violates the TOS, or could be
| vaguely interpreted to do so I guess?
| incone123 wrote:
| They did say they had been running the business for several
| years and have prior discussions with Stripe about TOS on
| file.
| snowwrestler wrote:
| Ok but is that a green flag or a yellow flag?
|
| How many companies using Stripe have had multiple
| conversations about the TOS? I would guess it's a
| minority. Not a topic anyone is usually excited to talk
| about.
| scsh wrote:
| The TOS can be updated/changed/clarified over time and
| they could end up falling outside of what they cover as a
| result. It's not great and sucks as a customer but it can
| happen.
| toss1 wrote:
| NO, it does not in this case
|
| They can determine up front if it violates the TOS
|
| They can notify the customer of the SPECIFIC violation IN
| DETAIL, and what can be done to cure it, and provide time
| to do so.
|
| They can deny access to the transaction instead of nuking
| the entire business for some algorithmic flag.
|
| The Stripes and PayPals of the world do NONE of this.
| Instead, they act like they accept almost all businesses,
| get them dependent on that piece of infrastructure, then
| willfully trash the business on a whim.
| bagels wrote:
| The type of business matters if we're trying to guess
| whether they violated the TOS or not.
|
| I completely agree with you that how these companies
| handle these issues is completely wrong, if not
| fraudulent.
| toss1 wrote:
| I agree that in general, it matters.
|
| However, by a long series of deliberate actions, Stripe
| has made it irrelevant to the fact that they are now
| deliberately, unilaterally, and with zero notice
| whatsoever shutting down that biz' critical
| infrastructure.
|
| They could have, and should have as a part of KYC
| compliance, already figured out what type of business it
| is. If they failed at that, then fine, give them 60 days
| notice to find other infrastructure. Stripe is taking its
| OWN FAILURE to properly vet their customers according to
| their own standards and dumping the consequences onto the
| ex-customers. Sorry, but unless we're talking actual
| provable international criminal/autocratic money-
| laundering, that's just wrong.
| mikece wrote:
| And how many times does a company claim you have violated
| TOS and then refuse to tell you how you violated the TOS?
| To act in this manner nullifies the TOS in my opinion.
| wpietri wrote:
| It definitely sucks for the merchant companies ending up
| on the pointy end of the TOS. But you also need to
| consider the payment company side of things. They face a
| relentless tide of fraud and shady merchants. If they are
| too transparent about exactly how they detect a problem,
| that makes it much easier for the criminals, scam
| artists, and dodgy merchants to get around TOS
| enforcement.
|
| The real culprits here are the people trying to violate
| the TOS, plus everybody's desire for cheap services and
| easy onboarding. The historical alternative was very
| expensive setup (e.g., spend a few years building a
| relationship with your local bank branch manager and
| establishing a financial track record). Making it easy to
| get started means that most problems will show up down
| the road, and the lower merchant costs means less money
| to pay for smart people to carefully untangle the truly
| dodgy from accounts that just look that way.
| JohnFen wrote:
| > If they are too transparent about exactly how they
| detect a problem, that makes it much easier for the
| criminals, scam artists, and dodgy merchants to get
| around TOS enforcement.
|
| I get that, but I don't see how actually telling people
| what term of service was violated gives too much leverage
| to the bad guys.
| wpietri wrote:
| Neither do I, but I wouldn't expect to see it without
| really understanding the bad actors and what they're up
| to. So this could be their best effort. Or it could be
| that they're just going with a blanket "say nothing"
| policy because it's too hard to create a more nuanced
| policy that the CSRs can apply consistently. Or it could
| just be laziness and a lack of customer focus. It's
| impossible to say from the outside.
| adolph wrote:
| Maybe there is a market for insurance to initiate a
| "Wrongful ToS Ban Lawsuit." I take no right/wrong
| position on the below gentleman but note that he did
| bring a lawsuit against Twitter for being banned and his
| account reinstatement coincides with a settlement of the
| suit. Right now the payment facilitators only have loss
| of an account in terms of incentive to reduce false
| positives in detecting fraud.
|
| _One year ago this month, Twitter permanently suspended
| a 340,000-follower account for "repeated violations of
| our COVID-19 misinformation rules." The owner of that
| account, the former New York Times reporter and vaccine
| skeptic Alex Berenson, responded with a lawsuit demanding
| reinstatement. . . ._
|
| _. . . Earlier this summer, Twitter put Berenson's
| account back online, noting that "the parties have come
| to a mutually acceptable resolution." Berenson wasted
| little time in calling out mainstream media for failing
| to cover the "pathbreaking settlement" that led to his
| return. . . ._
|
| https://www.theatlantic.com/technology/archive/2022/08/al
| ex-...
| iLoveOncall wrote:
| Never. In 20+ years of using Internet I have never been
| banned unduly from any service.
|
| I have seen way to many stories about people claiming to
| have been banned for no reasons from services (online
| video games are a popular one) before it is revealed the
| ban was 100% legitimate, to take any new story like this
| at face value.
| mikece wrote:
| I was banned by PayPal once because I didn't sign up with
| an SSN or EIN and proceeded to make enough to trigger a
| review because they couldn't file a proper 1099-K on me.
| This was an oversight on my part and I offered to correct
| the situation by submitting any documentation they needed
| -- photo ID, SSN, prior year tax returns to PROVE that I
| was paying tax on the revenue coming from PayPal, the new
| LLC and EIN I had for that company's activity. They
| refused to update my account, told me to start over with
| a new account, and then similarly ban-hammered me again
| (probably because I started an account after getting
| banned even though it's what they told me to do!).
|
| I made a mistake out of inexperience, was refused the
| chance to correct that mistake, and all of my PayPal
| accounts -- including my PERSONAL account that I had had
| for years -- were banned because they were started by a
| person (me) who had an account frozen or banned. Is that
| a legitimate enough story?
| JohnFen wrote:
| But at least you knew why you got banned!
| mikece wrote:
| Only the first time. They never told me why my other
| accounts -- which were following all of the rules -- were
| frozen.
| mring33621 wrote:
| guilt by association
| iLoveOncall wrote:
| No, not legitimate at all.
|
| PayPal had banned me because I was under 18 when I opened
| my account, they then allowed me to open a new one (right
| after this one got suspended) and it has been working
| fine without any issue since then (10 years+).
|
| Stop doing shady stuff.
| [deleted]
| wtetzner wrote:
| > Stop doing shady stuff.
|
| If PayPal requires an SSN or EIN, why do they even allow
| you to create an account without one?
| kube-system wrote:
| Somewhere between occasionally and almost always,
| depending on the reason.
|
| In most cases, you will not be given details if fraud is
| suspected. The reason being that companies don't want to
| tell fraudsters how they got caught.
| irvingprime wrote:
| Whether or not the TOS can be said to be legally
| nullified (not being a lawyer, I have no idea) canceling
| or suspending someone's account without telling them some
| kind of reason they can do something about is absolutely
| unethical.
|
| It is also very common.
| nicce wrote:
| It is very common because it is not benefial for the
| company to clarify reasons. It includes many risks.
|
| They can be proved to be incorrect, for exmpale if they
| refer into their own ToS, which is public information and
| binding. And then some legal expert says that this is not
| how it goes and it ends up into court, because customer
| sees risks being lower.
|
| If they made a mistake or there was a software failure,
| it is bad PR.
|
| If they ban someone for some specific reason but not
| someone else, there will be drama.
|
| It is very beneficial to just say nothing.
| Dylan16807 wrote:
| The part where they said everything was fine and then re-
| locked so much a week later is completely unacceptable even
| if the business _does_ violate the TOS.
| ceejayoz wrote:
| > PayPal and Stripe don't advertise that they will only do
| business with organizations with which they agree.
|
| https://stripe.com/legal/restricted-businesses
| systemvoltage wrote:
| > Firearms, explosives and dangerous materials
|
| > Guns, gunpowders, ammunitions, weapons, fireworks and
| other explosives. Peptides, research chemicals, and other
| toxic, flammable and radioactive materials
|
| Why does the payment processor get to dictate whether I can
| run a defense ordnance company or run a scientific chemical
| supplies store?
|
| Some of this stuff needs to be challenged in the court or
| regulated so that payment processor has no say whatsoever
| in whatever their belief system says about legitimacy of a
| business.
| ceejayoz wrote:
| > Why does the fucking payment processor get to dictate
| whether I can run a defense ordnance company or run a
| scientific chemical supplies store?
|
| Because they have the legal right to do so? They could
| ban companies run by redheads, if they like. As long as
| they're not discriminating based on very specific sets of
| criteria established by law, they get to choose who they
| do business with.
|
| The government _requiring_ private citizenry to associate
| with _everyone_ who wishes to associate with them seems
| like a very dark path to go down.
| mminer237 wrote:
| While I agree with your point, I think banning redheads
| would violate Title II of the Civil Rights Act of 1964.
| ceejayoz wrote:
| No; _hair_ color is not what that legislation covers.
|
| It is entirely legal in the United States to discriminate
| against redheads, or people whose names start with B, or
| Hacker News users, or people who enjoy skiing.
| mminer237 wrote:
| You could discriminate against people with dyed hair
| colors, but I find it hard to believe that any court
| would say that a person's natural hair is not a physical
| characteristic of a national origin group.
| encryptluks2 wrote:
| I do believe that there could be an argument that
| discrimination on hair color could fall under national
| origin or color:
|
| Under 29 CFR SS 1606.1, national origin is defined as but
| not limited to: An individual's, or his or her
| ancestor's, place of origin; or because an individual has
| the physical, cultural or linguistic characteristics of a
| national origin group.
| ceejayoz wrote:
| With the current court, almost certainly not; they're not
| inclined to expand the definition of "disparate impact"
| like that.
|
| If a future Court ever decides hair color denotes
| national origin, fall back to a different example of your
| choosing; people with tattoos, Mac users, viola players.
| encryptluks2 wrote:
| Hair color is something you're born with and is a genetic
| mutation based off lineage and other factors. I don't
| think they directly corelate and it wouldn't necessarily
| even make it to the Supreme Court. Most businesses aren't
| going to appeal to say that they can discriminate based
| on hair color nor willingly admit to doing so, nor would
| they ever likely make the argument that they did it and
| that it is okay.
| JPL7 wrote:
| https://www.fwlaw.com/insights/is-hair-a-protected-
| class#:~:....
| ceejayoz wrote:
| If you read that closely, it doesn't apply in the
| slightest to the example.
| wpietri wrote:
| Why do you believe that private companies shouldn't have
| freedom of association? Or put differently, why should
| the government be able to force Stripe to do business
| with people who Stripe thinks would not be good for their
| business?
| marcinzm wrote:
| You mean the belief system of wanting to not get sued by
| someone who get's hurt or killed?
| systemvoltage wrote:
| I was considering starting a weapons ordnance company,
| getting federal ATF license and bid on a contract to USG
| and NATO forces. I guess Stripe billing isn't going to be
| our choice of service. Stripe has really good invoice/PO
| processing APIs.
| makoz wrote:
| On the off chance there are more regulatory requirements
| to accept this sort of business and they don't want to
| build out the support necessary to do so? Maybe there's
| different risk profiles that they're not willing to
| accept
| abigail95 wrote:
| Stripe has an internal list of "instant ban, no questions
| allowed" activities/triggers.
|
| Think about how they can accept 100+ currencies without a
| relationship with some dodgy central banks in developing
| countries.
|
| There are absolutely items on that list for political
| reasons.
| yaythefuture wrote:
| This is more a function of the fact that I don't want my
| business to be identifiable from this post than that it's a
| sketchy business. You'll have to take my word for it, but it's
| exceedingly benign.
| jessaustin wrote:
| Since HN is a community, you might have more luck getting
| this fixed if you posted this with your regular username?
| Never mind this suggestion if you have previously posted
| "sketchy" opinions that would harm your business, although
| you may be past that point now...
| trollied wrote:
| Agree. The OP account was created today. If it was a long-
| standing user with lots of comment history, then I'd be
| more inclined to wonder what was going on etc.
|
| Creating a new account on here to potentially get support
| is just plain wrong, and needs dealing with IMO. Should
| never hit the front page.
| yaythefuture wrote:
| The problem is that my real HN account is my actual name.
| It'd be like 2 clicks to figure out what my business is.
| jessaustin wrote:
| Yeah, me too. I was wrong to suspect that you wanted to
| avoid associating your business with your HN content. So,
| are you trying to avoid leaving an online record of "this
| business helped Stripe screw over its customers"? Unless
| your customers have _strong_ incentives not to talk
| publicly about their experiences, that ship has sailed...
| yaythefuture wrote:
| Ha, not quite. It's more I'm concerned that people
| considering using my product will see this in the future
| (hopefully when this issue is resolved) and be wary of
| doing business with us.
| anigbrowl wrote:
| Totally understandable, but what kind of business is it?
| If you just keep saying 'it's a business' but refuse to
| provide any further details then people are gonna make
| assumptions, eg adult entertainment. Nobody's asking what
| your specific business model is.
|
| Also consider that if the situation continues your
| pissed-off downstream customers will ID you sooner or
| later.
| trollied wrote:
| He's ignoring the "what type of business" questions. I'm
| getting downvoted. I don't care. He's ignoring it for a
| reason still.
| Exuma wrote:
| Are you sure it's not a medium risk business that IS benign,
| but STILL is considered medium to high risk?
|
| For example, selling video game digital products like a
| strategy guide is benign, but gaming industry is ripe with
| fraud so most processors will give you shit if you're in the
| gaming niche, let alone (non-crypto) digital currencies,
| crypto, health products, non-snakeoil supplements, etc.
| pmx wrote:
| Even if this is the case, it doesn't mean that Stripe
| should just be able to turn off a 3rd of the guy's business
| with no warning or reason. If they don't like what he's
| doing, tell him and give him notice to switch to another
| provider rather than just tanking his business over night.
| m4jor wrote:
| Yeah that isn't how payment processors work. If his
| clients are in breach of Stripes TOS it puts Stripe at
| odds with the compliance teams at Visa/MC/Amex
| immediately if they are processing his payments.
|
| Source: I used to run adult websites which is considered
| 'high risk' and also these days responsible for
| overseeing 1M/m in CC processing for a state agency.
| deng wrote:
| I believe you, but I was also triggered by this line here
|
| > They know exactly who our customers are and what services
| we offer, and have approved it as such.
|
| which sounds like you offer services out of the ordinary.
| politelemon wrote:
| Which is besides the point.
| deng wrote:
| It is not. A company like Stripe is free to decide it
| does not want to be associated with certain services. You
| may disagree with that, and I would certainly agree they
| should at least be upfront about it, but it is not beside
| the point.
| bombcar wrote:
| It certainly sounds like it's some sort of e-pimp
| business based on what we know so far.
| bogwog wrote:
| Source for that? OP is usign a throwaway account and
| hasn't said anything about the business.
| bombcar wrote:
| That's most of it; having clients that have their own
| sub-stripe accounts that are triggering fraud detection
| and not mentioning the business.
|
| It's not much to go on but it's all we have.
| jacknews wrote:
| Assuming it's legal, should it matter?
| tptacek wrote:
| Yes, it matters deeply, because some product categories are
| so rife with fraud (or are positioned so prominently in the
| fraud value chain, from carders to cashers) that they can't
| be served cost-effectively by conventional payment
| processors.
| tremon wrote:
| That still does not excuse the total information blackout.
| tptacek wrote:
| I don't know what that statement has to do with my
| comment or the comment I replied to.
| m4jor wrote:
| Just switch to a different merchant. This entire post seems weird
| to me because it seems like you are doing nothing here but just
| being a middleman in between Stripe and people who need to
| process payments lol. Why cant they just enable Stripe
| themselves?
|
| >So currently, my product doesn't work for 35% of my customers.
| Cue torrent of pissed off customer emails.
|
| Okay? You should have always had a plan for this bc its bound to
| happen eventually. Switch them to a new merchant or drop them as
| clients and take the heat. The cost of just being a middleman.
| Ensorceled wrote:
| I presume they are using Stripe Connect and are trying to help
| their customers who have their individual Stripe accounts
| blocked.
| joshstrange wrote:
| > Just switch to a different merchant.
|
| Yes because that is so simple and there are so many competitors
| that provide the same level of service /s. Also there is no
| guarantee anyone else in this space is better than Stripe (when
| it comes to customer service). I can tell you the company I
| attempted to switch to had terrible docs, a bad API, horrible
| support, oh, and their shit just didn't work randomly. This is
| not clear-cut or simple.
|
| > You should have always had a plan for this bc its bound to
| happen eventually.
|
| Throw some victim blaming in as well for good measure.
|
| > The cost of just being a middleman.
|
| Middleman, aka providing a platform that uses payments? That's
| what we are calling a "middleman" now?
| Kalanos wrote:
| yikes. i never really thought about backup vendors
| [deleted]
| garrickvanburen wrote:
| Something similar happened to me last month.
| edwinwee wrote:
| Did you get this resolved? If not, could you forward to me at
| edwin@stripe.com?
| hattmall wrote:
| I wish there were better advise but after years of e-commerce
| experience all anyone will ever tell you is don't use Stripe.
| Don't use Square,don't use PayPal. Don't use any of the faceless
| companies for anything remotely critical and for anything that is
| critical have two backups. Basically that goes for things like
| hosting, payment processor or anything else your business depends
| on.
| arjvik wrote:
| So what do you use instead?
| comprev wrote:
| Payment processors exist for customers who were rejected by
| Stripe/PayPal/etc.
|
| I had a client who was a processor and they used banks in
| Malta at the back end.
| vikR0001 wrote:
| What payment processors are safe to rely on?
| senko wrote:
| This is bad.
|
| There are more and more Stripe horror stories like this, and from
| an outsider perspective it looks awfully like PayPal behaved back
| in the day (probably still does but I'd never touch it again as a
| merchant).
|
| I have positive experiences with using Stripe in my last startup
| and we're currently building Stripe integration on another, which
| will process about 50% of our revenue (the other payment method
| being direct wire transfer).
|
| There might be just a tiny minority of people that end up treated
| like this, but with every story, I'm less confident about our
| move.
| redeeman wrote:
| I have personal knowledge of more than one instance where
| stripe totally screwed over small companies and simply decided
| to ignore any contact for more than half a year, withholding
| the money and putting everyone in limbo.
|
| yeah, im sure its a minority of accounts at stripe, but
| seriously, do not take the chance!
| rsync wrote:
| There is no way they ignored legal service.
|
| Op speaks of calling and emailing and reaching out ...
| instead, pay your lawyer 30 minutes and have the letter hand
| delivered to their legal department.
|
| I can't predict what will happen but it won't be ignored.
| devwastaken wrote:
| In the contract with stripe I can guarantee there's a "we
| can do anything we want" clause. The solution to these
| issues is functional government so we can regulate out that
| language and hold entities responsible.
| pc86 wrote:
| Not to mention the several instances where pc will come into
| threads like this and outright lie about reaching out to
| customers, or will ask them to reach out then ghost them
| again, etc.
| llanowarelves wrote:
| I'm glad to see that from comments on threads like these that the
| cargo-cult worship of Stripe is starting to crack.
|
| Same goes for PayPal, Google, Mailchimp, and all the others.
| brightball wrote:
| Stuff like this is why I think a business should have a system
| that abstracts away the payment processor.
|
| I use Stripe for invoices, but I can easily send an invoice
| through another platform if needed.
|
| For processing transactions on the web, I would always lean
| toward using a service like ChargeBee that allows me to setup
| multiple payment gateways.
|
| Getting off the ground quickly is one thing, but the moment that
| you have reliable revenue is the moment that you need to put some
| serious emphasis on redundancy across your business to plan for
| disasters, outages, etc. It's worth it to pay the fees to
| maintain a 2nd (or 3rd) payment processor once you have that type
| of revenue coming in.
| canadiantim wrote:
| I'm just starting to use Lago (getlago.com) for this. I'm not
| affiliated with them, but it solves the need for me for an
| open-source payment-processor-agnostic billing system that can
| easily swap between processors while maintaining a single
| source of truth.
| manquer wrote:
| You still have a Single Point of Failure. ChargeBee could shut
| you down too.
|
| You are right that redundancy is important, but redundancy
| either in cloud vendors , payment processors or even high
| availability of your app takes time and effort with no
| immediate ROI as apposed to buliding features , better customer
| service.
|
| When running a small business you always take lot of risks by
| cutting short processes large organisations will have. Judging
| which ones to take and which to mitigate is a not a easy skill,
| many times people get it wrong .
| yaythefuture wrote:
| We're built on Rails which has the extreme luxury of being able
| to use ActiveMerchant, which does exactly this. The problem is,
| abstraction falls apart when you're using functions that are
| specific to a product. Stripe Connect is is nearly impossible
| to replicate with an adapter.
| symfrog wrote:
| This is one of the reasons that I usually use
| https://killbill.io/
| brightball wrote:
| I will definitely look into that.
| canadiantim wrote:
| Have you tried or considered lago? (getlago.com) I haven't
| heard of killbill, so will definitely look into them. Love
| that they're open-source as well and seems like they've been
| at it a long while.
| chromatin wrote:
| Lago looks interesting, and promising if development
| continues, but nowhere near as feature complete or battle
| tested as Kill Bill.
| gingerlime wrote:
| Thank you! First I hear about either of those, but
| definitely interesting. Are there paid / hosted versions of
| lago? after a sub-par experience trying to switch to
| ChargeBee I'm looking for alternatives, but struggle to
| find something that fits our needs.
| mattbee wrote:
| Yup I did this at my last business in 2008; instead of changing
| payment processors we abstracted them away behind a pretty
| small API that also stored and charged card numbers. We could
| flip back and forth between two. PCI DSS gradually became a
| bummer around that time but it was a very slow introduction
| which we were able to cope with.
| jstummbillig wrote:
| > Stuff like this is why I think a business should have a
| system that abstracts away the payment processor.
|
| Realistically, more humanly, payment processors and other big
| tech companies that are basically societies digital gum and
| infrastructure can simply not be tasked with making these
| calls. I also don't think they are very keen to do it but in
| the absence of timely regulation they must.
|
| There have to be more rigorous ground rules (what is the
| business allowed to do, what must they do, what is the user
| allowed to do, and what are they entitled to), by law, and
| quickly.
| carrotcarrot wrote:
| You think stripe and PayPal are not keen to control the flow
| of information and business success?
| mardifoufs wrote:
| But there are tons of rules and laws around payments already,
| and they are often the reason why providers are so trigger
| happy and conservative even if it means losing clients.
| Regulatory requirements (KYC, money laundering, sanctions)
| usually force them to make those calls, quickly and by
| design. It's very clear that most financial regulations are
| customer/client unfriendly, and inherently treat them with
| distrust.
|
| I'm not saying that's an inherently good or bad thing... But
| it sure would be hard to fit both customer protections laws
| and service guarantees while at the same time having laws
| that explicitly force providers to do the opposite.
| spaceywilly wrote:
| Yeah my "business" (just a small app) uses a third party API
| for tracking packages. You better believe I abstracted that API
| and programmed to the abstraction, so in case I ever need to
| move off that API I can do it very easily.
|
| It's not just getting banned, they could change their pricing
| on you or just straight up close their doors. You never want
| your business to be totally dependent on another company. If it
| can't be avoided, get on a service contract with them.
| BiteCode_dev wrote:
| And if ChargeBee bans you, you are still dead because that's a
| single point of failure. No, you should have several payment
| processors, and rotate them regularly to check they work.
| eropple wrote:
| It's been a while since I dealt with this side of ecommerce -
| how can you have several payment processors, and rotate them,
| without having to handle card data yourself? (Most folks
| aren't really equipped to do that.)
| [deleted]
| BiteCode_dev wrote:
| You use several API, attach one provider per customer to
| divide the risks. When one provider bails out, you onboard
| new customers and new payment on the other payment
| provider.
|
| Then you only loose the recurring payments on the lost
| provider that are on hold, and you are not dying, so you
| can resolve that problem using a lawyer.
|
| This is crisis management, not technical perfection that
| you need for those situations.
| [deleted]
| yamtaddle wrote:
| display_cc_form_that_handles_cc_data_so_we_do_not_have_to()
| { which_one = random_number(3)
| switch which_one { case 1:
| display_authorizedotnet_form() break
| case 2: display_stripe_form()
| break default:
| display_paypal_form() } }
|
| Plus the same integration work for each one that you'd have
| to do anyway (which may be little or none if you're using a
| platform that integrates all of them via plugins or
| settings or whatever)
|
| Like maybe don't literally randomize it request-by-request,
| but that's how you'd be ready to use multiple processors,
| and you could do something a little more complex to, say,
| rotate which one you're on every Wednesday, or whatever. Or
| just have it ready so a one-line code change or config
| toggle switches which one you're on (that's only worse
| because if something's not used frequently in prod, there's
| a good chance it doesn't actually work, even if it once
| did)
| pc86 wrote:
| It's been a long time since I've worked in eCommerce but
| at my last ecom role we used two payment processors and
| simply stored the card data with both for every customer,
| and the relevant IDs in the customer record in the
| database. Whenever anything got charged we'd check which
| processor we were supposed to use and off we went.
|
| Yes this has an increased cost if your processor charges
| by number of customers, but I don't think that's
| particularly common - these two were just revenue +
| monthly fee.
| exhilaration wrote:
| Great solution, I wouldn't have thought of this. Did you
| ever get complaints about the charge description looking
| different month to month, or did both processors pass the
| same description to the customer's credit card?
| pc86 wrote:
| I don't remember for sure (this was pushing 10 years ago
| and early in my career), but I don't recall any
| complaints of that type.
| eropple wrote:
| This isn't "rotating payment providers", though, this is
| sharding customers across them. Which may be a good idea,
| insofar as it could reduce your blast radius, but it
| doesn't allow for portable customers--which seemed to be
| what the GGP was implying.
|
| 'pc86 has an interesting solution in a sibling comment,
| but I don't think you can do this across the high-touch
| providers, eg Stripe+Paypal.
| PeterisP wrote:
| The problem is with recurring payments. If you used this
| approach and 1/3 of your customers were initially billed
| through Stripe, then if Stripe bans you then you can't
| charge the next month's bill through something else
| because you don't have the stored data for it, you have
| to ask them to re-enter data in another processor's
| system.
| yamtaddle wrote:
| Another wrinkle, in practice, is that you can often
| negotiate _significant_ discounts on fees, based on
| volume, if you 've got enough of it. Yes, including with
| Stripe and other places that have fairly-transparent
| public pricing--the big-boys don't pay those rates, they
| pay lower ones negotiated with a sales rep.
|
| Splitting up your payments reduces your volume with each
| one, which can mean you're paying higher rates overall.
| Or, if you go the "keep an unused alternative on standby"
| route, you'll likely at least have some initial traffic
| that pays higher public-pricing rates until you can
| convince them to give you a better rate, and put it in
| effect.
|
| Still might be worth it as a kind of insurance premium,
| but it's something to consider.
| brightball wrote:
| Under ChargeBee's terms, they must provide you with your data
| for up to 120 days following any termination. So there's that
| at least.
|
| > 7.2.3. Data Export Following termination or expiration of a
| Subscription, We will retain that Account's Service Data for
| one hundred twenty (120) days from such date of termination
| or expiration ("Data Retention Period").
|
| I mean, ideally we need an open source PCI compliant
| equivalent of ChargeBee so that you can 100% own your
| customers payment information.
|
| That's the way this problem really gets solved, but the
| security surface for that open source project is going to be
| a challenge.
| hinkley wrote:
| SLAs only entitle you to a refund, not compensation for
| lost income. If you're not making at least four times as
| much off a service as you pay for it, you really need to
| think about why you use that service.
|
| Power can go out. Promises from the power company don't fix
| that. Only backup power does.
| brightball wrote:
| Point here was that you'd hypothetically be able to get
| all of your data to setup an alternative if you had to,
| rather than just being shut down and waiting for them to
| fix it.
| connordoner wrote:
| The problem with that idea is that PCI compliance doesn't
| just include the software you're running, but the
| infrastructure you run it on, various elements of
| organisational security and, of course, certification
| costs.
| gingerlime wrote:
| Besides being a single point of failure, we tried to switch
| to ChargeBee and found them to be pretty lacking (to put it
| mildly). The platform looks nice and has lots of options, but
| under the hood things seem pretty fragile. Horrible docs,
| random 500 errors that weren't showing on the status page
| (and support ignored until more customers reported it), our
| Stripe gateway disconnected and the system still appeared to
| be working (partly, partly failing) with no alerts, plus lots
| of other odd behaviour. To be fair, all of this was on the
| test system, but we didn't feel confident to go live so we
| put the migration on hold. YMMV of course.
| brightball wrote:
| Fwiw, I'm just using them as an example. There are likely
| plenty of other options.
| phendrenad2 wrote:
| According to previous posts* this company sells something related
| to cannibis.
|
| I'd love to know why certain categories are always flagged or
| silently banned. Cannibis, sex toys, porn, crypto, etc. Payment
| processors seem to always give these categories the worst service
| and whenever a company is nuked like this, it's usually one of
| these categories. Why is that? It almost feels like there's some
| secret government organization tasked with upholding religious
| values telling payment processors to fuck with random accounts
| and swearing them to secrecy. I obviously don't believe that, but
| it's equivalent to the scale of whatever is going on due to
| natural causes. I don't believe that these industries are prone
| to higher than usual fraud. So what is it?
|
| * - https://news.ycombinator.com/item?id=32263429
| carrotcarrot wrote:
| "whatever is going on due to natural causes" lol
| soared wrote:
| In addition to the other comment about cannabis, crypto is
| financial and comes with many laws and regulations that a
| payment process would need to be very aware of and follow.
|
| Porn is ripe with fraud/theft/bad actors/etc.
|
| It's not a shadow government, it's common sense.
| pas wrote:
| It is a shadow government but it also makes sense.
| jdminhbg wrote:
| Re: cannabis, it's federally illegal and you can get into
| serious legal trouble for facilitating payments. There have
| been several attempts to write legislation to fix this so
| state-legal cannabis operations don't have to work entirely
| with cash, but none have passed yet.
|
| Re: porn, the issue is its sky-high chargeback rates.
| themoonisachees wrote:
| Cannabis is federally illegal, sex toys and porn have
| incredibly high chargeback rates and crypto has this handy
| thing where since you can't reverse anything, as soon as the
| crypto you bought is out of the custody wallet you cant get the
| thing back so the chargeback rates are also very high.
|
| Don't believe me? Ask anyone at the front desk of a hotel the
| rate of attempted chargebacks for ppv porn.
|
| You can get vetted by banks, visa and co for those things
| (maybe not cannabis with US companies) but the fees are
| considerably higher because of the chargeback rates. This is
| why onlyfans announced then backtracked the porn ban, visa told
| them "either you're paying us like you distribute porn, or you
| stop doing it".
| mellavora wrote:
| re: sex toys, potential felony in texas
|
| https://en.wikipedia.org/wiki/Texas_obscenity_statute
|
| or google "texas six dildoes"
|
| <edit>
| https://www.theregister.com/2016/12/13/us_purchase_governmen...
|
| and https://onwardtexas.org/trending/is-it-illegal-to-own-
| more-t...
|
| which was posted on HN about 3 months ago and flagged.
|
| </edit>
| thro388 wrote:
| You could rape someone with a dildo, it is basically a gun
| and should be banned as such!
| dflock wrote:
| > I don't believe that these industries are prone to higher
| than usual fraud.
|
| This belief might be wrong - or at least not shared by payment
| processors?
| jabart wrote:
| Credit card processing requires a sponsor bank, and that
| sponsor bank sets what categories they want to process for. If
| you fall out of that, or the account gets reviewed a second
| time and someone thinks it falls into one of those categories,
| the account is shut down. OF almost had this happen to them
| because of their sponsor bank and I've seen it happen for other
| companies from the underwriting department (not stripe, another
| processor).
| awinter-py wrote:
| Even if there's a legit reason for this, the lack of support
| bandwidth to resolve it is a key platform governance issue. Like
| if there's nobody on the other end of the fax machine, at scale,
| that's bad for everyone who touches the stripe ecosystem.
|
| Inability to explain it is infuriating. Absent an explanation,
| everyone's default assumption should be that they did it
| randomly, by mistake, or maliciously, and that they're liable for
| damages. If S is being told by law enforcement to do this, fine,
| I get it, but at least do an EOY report like everyone else saying
| '90% of our unexplained holds were court orders, stop blaming us
| and help us reform this'.
|
| 'Governance through obscurity' isn't going to be any better than
| security through obscurity
| tmpz22 wrote:
| Just a reminder while this may seem like a Good vs. Evil clash
| between OP and Stripe we will never have all the facts. OP does
| not enumerate their business model or go into details about their
| customers and transactions. Stripe absolutely should not share
| internal customer information.
|
| While we may see Stripe chime in the thread, and make summary
| judgements, we will almost surely not have total visibility (and
| thus closure) in this case.
| chihuahua wrote:
| It's easy to forget the firehose of fraud attempts that
| platforms like Stripe, PayPal, etc must be dealing with 24
| hours a day. I assume that's what's behind most of these
| unfortunate incidents. Not that there is fraud in this case,
| but this could be one false positive among billions of true
| positives.
| engineeringwoke wrote:
| Sure, but the government should legislate that companies be
| given a reason and not stonewall customers. The absurdity of
| allowing companies to giga-scale and not have real customer
| service is just dumb and bad for society
| idontpost wrote:
| > Stripe absolutely should not share internal customer
| information
|
| Not even with that customer?
|
| That's a really dumb take.
| mixmastamyk wrote:
| True, yet not an excuse for lack of communication with a long
| term customer.
| faangiq wrote:
| You are the product not a customer. The customer is their
| investors, you just provide transactions to skim on their behalf.
| numtel wrote:
| Reading about these kinds of issues strengthens my belief that
| ecommerce using stablecoins is the way forward.
| elliekelly wrote:
| If only the blockchain were powered by crypto users' endless
| supply of confirmation bias.
| numtel wrote:
| Please do tell your alternative plan for allowing anyone to
| join the market (permissionless) while also preventing
| counterfeiting
| hosh wrote:
| That sounds a lot like the stories I heard about Paypal, and
| their fraud detection team. There was an article interviewing
| someone about it. Back in the day, Paypal had to build tools to
| detect fraud because no one else was doing it at scale, at the
| time. I recall something about investigators outside of Paypal
| started to use those tools as well. I would not be surprised if
| Stripe had to create similar tools for themselves as well.
| Without transparency, it's hard to say what the false positive
| rates are, or what has changed in internal processes or in the
| regulatory landscape that might have triggered something
| different.
|
| Stripe abstracts away a lot of the complexities involved in the
| payment and banking world, but there's a ton of infrastructure
| there related to detecting fraud and money laundering.
| Unfortunately, the lack of transparency makes what might be a
| leaky abstraction look like a Kafkaesque bureaucratic nightmare.
| nova22033 wrote:
| _Back in the day, Paypal had to build tools to detect fraud
| because no one else was doing it at scale, at the time. I
| recall something about investigators outside of Paypal started
| to use those tools as well_
|
| Palantir came out of Paypal fraud detection
|
| https://thehustle.co/%F0%9F%92%B3-how-paypal-fraud-made-pala...
| batch12 wrote:
| > currently, my product doesn't work for 35% of my customers. Cue
| torrent of pissed off customer emails.
|
| Maybe fail open until you fix the payment processor issues? Seems
| it would be better to take the short term hit monetarily for long
| term gains and retain your customers than lose 1/3 of your user
| base.
| altairprime wrote:
| Where can we read your marketing copy? Where is the link to your
| website?
| rchaud wrote:
| I can understand the need for anonymity. It wouldn't fill
| customers with confidence to Google the seller and find a giant
| thread about how his payments service cut off 35% of his
| customers.
| [deleted]
| idontpost wrote:
| Welcome to the world of anti-crime finance rules.
|
| You are guilty until someone decides otherwise on their whim.
| lostgame wrote:
| This is bad - but the worst part is that due to this trending on
| HN, I'm willing to put $50 down on that you've received some sort
| of personal or special message from Stripe support; for PR's
| sake, so you can say someone reached out and resolved the issue.
|
| Which is total bullshit. If you hadn't, or didn't really have the
| means to; create such a hubbub on social media about this - your
| issue would never have been resolved.
|
| I actually think it's worse when companies do this, rather than
| fix the clear, underlying support problem.
| ddevault wrote:
| I also noticed the suspiciously absent description of OP's
| business model. That said, though Stripe has never wronged my
| business, our dependence on them is such a large liability that
| it obviously has to be treated as such in our business planning.
| Our integration with Stripe is kept light and somewhat abstract,
| and we're able to replace it without putting a ton of work into
| overhauling our billing system. Naturally, this rules out the
| full use of Stripe's offerings, but the risk/reward trade-off is
| overwhelmingly in favor of a light integration. I would strongly
| advise a similar approach for anyone else integrating with any
| payment processor.
|
| Side note: the cryptocurrency shills in this thread are pathetic.
| linuxftw wrote:
| My first thought is this is a paycam business of some kind, or
| something very similar.
| buscoquadnary wrote:
| Just out of curiosity does stripe offer a paid support model? Are
| you guys paying for it?
| noncoml wrote:
| May I ask what your business and business model is, just to get a
| better understanding of the whole situation?
| stevievee wrote:
| [Insert name] from Stripe here... [Insert apology] [Insert vague
| explanation] [Insert promise to investigate and resolve]
| KennyBlanken wrote:
| He beat you by about 5 minutes!
| https://news.ycombinator.com/item?id=32854831
| stevievee wrote:
| Who says it will only be Edwin?
| tb_technical wrote:
| This happened to NewProject2 awhile ago - but the owners were
| hated for being political dissidents, so no one helped them. Now
| that it's happening to you... Sucks, doesn't it?
| thaumaturgy wrote:
| It looks like there's a common flaw in modern abuse detection
| systems: they have no long-term memory.
|
| Stripe's abuse detection _should_ be factoring in the age and
| long-term activity of the account, and support staff _should_ be
| able to provide additional information to customers with
| established histories. Some of Stripe 's policies make sense when
| dealing with new accounts, but a recurring factor in these
| complaints is that the account isn't new.
|
| (Google's spam detection is broken in a similar way.)
|
| I've been a low-volume Stripe customer for years. Posts like this
| are really increasing the urgency for me to come up with a new
| card processor, because I'd rather take an additional percentage
| haircut to get access to a dispute resolution process that
| recognizes me as an established customer.
| belinder wrote:
| long-term active accounts can get hacked. I absolutely agree
| with support staff needing to provide more information, but
| they can't just blanket whitelist any old account
| raverbashing wrote:
| Yes but then you can help get the account owners back in the
| account (another thing that companies are bad at)
|
| Care for the customer can make or break a company. If stripe
| wanted big customers they can't be this careless
|
| (and just to be fair to Stripe there seems to be a lot of
| customers as well that know crap about best
| financial/accounting/compliance practices and don't know why
| Stripe might have an issue with somethings)
| ceejayoz wrote:
| They could significantly raise the _threshold_ for automated
| action, though.
|
| Did a ten year old account that does $1k a year suddenly bill
| $1M? Sure, flag that... but maybe give them a phone call,
| too.
| x86_64Ubuntu wrote:
| A long term memory is nice. But we see such similar things get
| exploited. Like how people will get a high seller rating on
| Amazon selling one product, and then switch it out for a lesser
| product while keeping the old seller/product ratings. So the
| user looks at the seller and product ratings over the past
| year, but at the point and time they choose to buy, they are
| going to be burned and the bad seller makes off with the money.
| phpthrowaway99 wrote:
| Stripe has an office in San Francisco. I definitely don't
| recommend trying to go inside, but I really wish people would
| organize protests at these business locations. If hundreds of
| people protested outside stripe for canceling customers with zero
| communication, maybe the employees would notice.
| rglover wrote:
| While I typically support the "punk rock" approach, this isn't
| good to suggest. All it takes is one unstable person going
| cocoa puffs for someone to get hurt or something bad to happen.
| phpthrowaway99 wrote:
| Do you feel this way about all protests? Or just ones based
| around protecting people's incomes?
| colinbartlett wrote:
| Avoid Stripe at all costs.
| didgetmaster wrote:
| Welcome to the cloud! This is the kind of thing that happens when
| everyone follows the siren song of cloud computing. I certainly
| understand the draw of these offerings (access, easy
| configuration, scalability, low initial cost, etc.) but you are
| handing control of all your processes and data to a centralized
| entity who can jerk you around any time they want and doesn't
| have to account when they make a mistake.
|
| The pendulum of centralized vs de-centralized architectures has
| been swinging full tilt in the direction of centralized for some
| time. It is stuff like this which will eventually swing it back
| the other way.
| multiplegeorges wrote:
| Is there a self-hosted payment gateway that just works?
|
| I hear you about cloud dependencies, but this isn't one of
| those cases.
| didgetmaster wrote:
| I wasn't suggesting that there are decentralized options for
| every cloud dependency that is viable today. I am just saying
| that it is issues like this one which will drive innovation
| toward solutions that do not require you to put your fate in
| the hands of some central authority.
| multiplegeorges wrote:
| Fair enough, payments (credit cards, in particular) is a
| particularly hard area to decentralize... or at least
| democratize a bit more.
|
| I'd love for an open payment standard for p2p payments and
| individual-to-business/institution payments to become
| available so that individuals could establish their own
| connection point to a fair payment exchange network.
|
| This will only come with regulation that forces it, though.
| See India's UPI system, for example.
| justaka wrote:
| What is the alternative? I had the same issue with Paypal.
| welder wrote:
| You didn't say how it ended, is it still ongoing?
| rabidonrails wrote:
| I assume it's still happening since he posted this 13 minutes
| ago (at my posting of this).
| vertis wrote:
| The worst part about these type of cases is not being able to get
| a straight answer. There is a whole subset of big tech that has
| taken the "you must be a fraudster therefore we can't unfuck the
| situation" approach to customer support.
|
| It's an arms race with fraudsters that eventually sucks in
| legitimate businesses.
| elliekelly wrote:
| I hate seeing comments like this because Stripe's hands are
| tied here. Anytime a bank or payment processor has frozen or
| shut down an account and you're getting stonewalled it's almost
| _guaranteed_ to be an AML related issue and it's against the
| law for them to tip a customer off that their account is being
| or might be investigated for suspicious activity. This isn't
| Stripe deciding that you're a fraudster and so you're
| undeserving of help. This is Stripe doing business in
| compliance with the law. I'm not saying that makes it
| acceptable but if you're upset about the behavior described in
| this post call your Senators and Representative to complain
| about the Bank Secrecy Act and the USA PATRIOT Act; they're to
| blame for this sort of frustrating non-response.
| theptip wrote:
| > it's against the law for them to tip a customer off that
| their account is being or might be investigated for
| suspicious activity
|
| What law do you think forbids this? In my experience running
| global payments through multiple rails, on an OFAC/risk ping
| you typically get a request for enhanced due diligence, which
| normally looks to the payee like "send me a picture of your
| drivers license".
|
| The most common result is that O Bin Laden (matching the OFAC
| list) is actually Oscar bin Laden; with further info you
| disambiguate the payee from the OFAC listed entity and are
| allowed to transact.
|
| I have never encountered a reg that says you are obliged to
| ghost your customer.
| iso20022 wrote:
| In the UK at least, section 333A of the Proceeds of Crime
| Act 2002? (Disclaimer: not a lawyer)
|
| See https://www.lawsociety.org.uk/topics/anti-money-
| laundering/t...
| [deleted]
| elliekelly wrote:
| The Bank Secrecy Act. And I don't "think" it. I know it.
| theptip wrote:
| Which bit of the BSA?
|
| edit: As I re-read the thread I see that I am thinking
| more of onboarding KYC, as opposed to this case which
| would be ongoing-activity investigation. So that would
| explain the difference in expectations here. Still
| interested in learning more about the regs for ongoing
| investigations if you have time to share!
| elliekelly wrote:
| The bit at 31 USC SS 5318(g)(2)(A) under the title
| "Notification prohibited." FinCEN has also promulgated
| confidentiality rules thereunder. I don't have a pincite
| for that but I believe it's tucked amongst their record
| keeping rules.
| vertis wrote:
| Sure, and my experience is outside finance (more spam and
| fraud prevention).
|
| Even if it is government under the hood you have to know what
| you're accused of. Not American so I doubt the US political
| system is interested in hearing from me, but I agree that's
| the only way of solving the deeper AML problems.
| elliekelly wrote:
| > Even if it is government under the hood you have to know
| what you're accused of.
|
| This is exactly why the whole process is suspect. The
| government farms out the policing of certain financial
| crimes onto the financial institutions as a prerequisite
| for operating the business. If the government came along
| and froze your bank account you'd have a right to ask why
| and a right to get some answers. But instead the government
| pawns the responsibility off onto businesses and _then_
| prohibits those businesses from telling you why.
|
| And so the BSA and Patriot Act effectively allow the
| government to take your property _and_ take away your right
| to confront the government about why they took your
| property. And it's all on merely a vague suspicion of
| misconduct. No proof whatsoever.
|
| I can't help but laugh at the irony-- the federal
| government laundering their otherwise unconstitutional
| activities through the banks.
| abigail95 wrote:
| I'm trying to understand your position here:
|
| You think AML/KYC laws, as they currently exist, are
| unconstitutional?
|
| edit:
|
| That's a fine position to have, but it's a fringe one,
| and I don't think you should be offering it as a reason
| why Stripe does what it does that's generally accepted by
| everyone else.
| hnburnsy wrote:
| Those laws certainly feel like guilty until proven
| innocent or in many cases, guilty no chance to prove
| innocence.
| elliekelly wrote:
| No. I don't think it's unconstitutional which is why I
| said " _otherwise_ unconstitutional". And you're (perhaps
| deliberately) completely misunderstanding and conflating
| my two comments. I am quite confident that OP's problems
| with Stripe are AML related which is not at all a
| "fringe" position.
| smsm42 wrote:
| Interesting to notice the censorship of speech on social
| media is implemented the same way. The government does
| not remove undesirable information directly, instead it
| calls up all major platforms "for a chat" and tells them
| to voluntarily remove it, or face Congressional hearings
| and likely further unpleasantries down the road. An offer
| they can not refuse. Looks like they think they found a
| loophole in the Constitution and they are going to mine
| it for all the power they can get from it.
| abigail95 wrote:
| I don't think that's accurate.
|
| I do some payments that are ridiculously suspect but legal.
|
| I have _never_ been completely blackholed and given robot
| responses, any time a problem comes up.
|
| Stripe is lower margin than other banks/payment providers, so
| they don't look very hard.
|
| They have a very strong incentive to throw away troublesome
| customers, which they do.
|
| I don't think it's right to say Stripe's "hands are tied".
|
| They could spend more to identify false positives, but they
| don't.
|
| If I used Stripe for all of my transactions I would be
| blocked. I know this because I have 100% confirmed this from
| an inside source at Stripe and at a countries central bank.
|
| Yet somehow I have and continue to maintain accounts with
| other banks without breaking the law.
| CogitoCogito wrote:
| Wouldn't that only apply to investigations by e.g. Fincen?
| How many of these are just internal risk triggers by Stripe?
| Why would they have to stonewall you in those cases?
|
| (Obviously it's quite difficult to know the ratio of cases
| like these involving government investigations and those
| involving their own internal risk procedures.)
| [deleted]
| btilly wrote:
| The problem is that Stripe has identified you as _possibly_
| being a fraudster. Any information that they give you about
| what they suspect and why is information that a real fraudster
| could use next time to try and evade the detection algorithms.
|
| It is like this with virtually any security system. Adding
| feedback you can use for debugging also makes the system much
| easier to compromise.
| donmcronald wrote:
| How many fraudsters are maintaining a business relationship
| for 6 years? 6 years! And the OP doesn't even get a courtesy
| phone call before termination. That's messed up.
| shitlord wrote:
| Part of what makes these situations so frustrating is that
| there's no due process, and there are significant ramifications
| to your livelihood. You aren't told what you're being accused
| of, you have no way to contest the allegation, and you might
| lose your entire business over a clerical mistake.
| gamblor956 wrote:
| It's the YCombinator startup way: scale large enough so that
| you don't have to worry about customer complaints until they
| threaten to go public and generate enough press to cause real
| damage.
|
| But in all seriousness, being a YCombinator startup is now a
| big red flag outside of the VC-funded bubble. My current
| employer, and the previous one, have strict no-YC policy for
| SaaS due to numerous issues with previous YC companies. And
| these are both tech-friendly/tech-adjacent companies.
|
| It's even worse at stodgier companies; an executive sees
| "Stripe froze my payments" and that's what they remember when a
| Stripe salesman tries to pitch them on using stripe for their
| online store. Stripe is quickly becoming Google, in the bad
| way: it's a name people are learning to avoid, and if that hits
| critical mass they're dead.
| pc86 wrote:
| This is the first I've heard about a "no-YC policy for SaaS"
| outside of my own employer (after three back-to-back horrible
| experiences) but glad to see it's catching on.
|
| As executives and purchasing managers get more tech-aware I
| think we're going to see an increase in due diligence into
| who is running companies, who their investors are, what other
| companies they've invested in, etc. Brands like YC will end
| up getting punished (and all their portfolio companies, by
| extension) for the bad actors.
| jtbayly wrote:
| At which point YC will come up with an algorithm to
| evaluate companies and blackhol certain companies without
| warning or process and we'll see HN posts "YC just
| blackholes my business!" but on Reddit, since they won't be
| able to post here.
| pc86 wrote:
| And the inevitable calls for HN to be made a public
| utility.
| brk wrote:
| IMO it is not the "you must be a fraudster" logic as much as
| "we have enough other customers that we can burn you without
| much worry of repercussions".
|
| As much as I hate government intervention in business, it
| really seems like there needs to be a way to force companies to
| actually be direct, accessible, and reactive in cases like
| this. I went through something similar with Venmo randomly
| locking my account after I received a large-ish payment, and
| not getting any real action or sense of urgency on their side.
| vertis wrote:
| Yeah, I had a trouble with Wise (formerly transferwise), with
| a rather large payment. The annoying thing was they delayed
| the payment of the 10% deposit, I sent the contract,
| approved, and then a month later they held up the balance as
| well.
|
| I still love them. That issue aside they allow me to have a
| personal and business account in multiple currencies, and
| don't screw me on the exchange rates.
| mellavora wrote:
| I think it is called GDPR in Europe
|
| Depending on amounts, small claims in the US might be viable.
| smsm42 wrote:
| > we have enough other customers that we can burn you without
| much worry of repercussions
|
| This. This is a common tune to about 100% of "BigSomething
| killed my business" stories that appear on HN almost weekly.
| If you go to BigSomething, you get a polished, automated,
| convenient, cheap service that would not hesitate to kill you
| account the moment something looks wrong to any of the robots
| watching it, and the customer support (the non-robotic kind,
| I don't count "we are working on it" auto-replies) is not
| part of the package because it doesn't scale. You have to
| either accept this as the risk for doing business, or not use
| BigSomething as you primary or critical vendor.
| whiplash451 wrote:
| Being direct, accessible and reactive at scale when you're
| processing billions of dollars of transactions simply is not
| possible.
|
| Stripe and other companies are doing their best, but they are
| in an arms race with more and more elaborate fraudsters. At
| planet scale.
| Buttons840 wrote:
| This seems similar to anti-trust in a way. Taking a wider
| view of anti-trust, the goal is to keep the market healthy by
| ensuring there are choices available to consumers; there are
| no unhealthy monopolies and anti-competitive practices. Well,
| as a consumer I would like to be able to choose tech products
| where I can get effective support. Customer support is
| lacking in some markets, it's not healthy. The anti-trust fix
| is to bust up a company, but I don't see how that would help
| here. This is a new economic problem where dominant companies
| are run by computers and algorithms that serve 95% of the
| people, but if you're in the unlucky 5% you're screwed.
| FredPret wrote:
| This could be a simple regulation - put a burden of proof on
| the company, and a prescribe escalation process with comment
| from the customer at each stage.
| naasking wrote:
| Making competition easier in this space is another way to
| solve it. If Stripe had 15 competitors all of whom were API
| compatible so you could switch in 5 minutes, any bad PR would
| drive customers away in droves.
|
| Government has made entry to this space hard which is why
| there aren't enough competitors, so they're really the source
| of the problem.
| borski wrote:
| Might be time to build an analytics.js equivalent, but for
| payment processing. A single API lib that you can then use
| to process payments with Stripe, Braintree, etc.
| vkou wrote:
| Government hasn't made entry to this space hard, the banks
| that Stripe partners with have. Because they don't want to
| deal with high-risk transactions. They are the gatekeepers
| here, and Stripe has to bend over backwards to make them
| happy. They'd much rather burn individual customers, than
| jeopardize their entire business.
| naasking wrote:
| Certain banking regulations make those transactions "high
| risk".
| vkou wrote:
| Some of them are due to government regulations like
| 'don't launder money' and 'don't process money for
| illegal activities'. Which are, like, basic operations of
| society 101 level stuff.
|
| Others (adult services) are not due to government
| regulations, they are there simply there because banks
| don't want to deal with chargebacks.
| scohesc wrote:
| From what I understand, the government introduced
| legislation sometime in the past 20-30 years (Was it the
| PATRIOT act? I can't remember) - which I believe put the
| onus of blame on the credit card processing companies
| instead of the government when it came to fighting fraud.
|
| I assume the government didn't want to put all the work in
| of making sure the currency they've societally coerced the
| world to use isn't being used for fraudulent transactions,
| they'd rather pawn it off onto the banks because it's
| easier for the government to not do anything about it.
|
| Now the banks have been shooting anything and everything
| that has even a semblance of fraud with account locks/funds
| freezing/etc., because if they don't the government will go
| after them.
|
| How does this system make any sense to anybody? So
| frustrating. Let me exchange currency with anybody for any
| reason at any time.
| aksss wrote:
| Not to put on too much tinfoil but the government probably
| benefits from opaque ban processes in large oligopolistic
| private companies. "It's private enterprise, sure we may
| request it periodically but their cooperation is entirely
| voluntary based on their civic pride."
| bobsmooth wrote:
| >it really seems like there needs to be a way to force
| companies to actually be direct, accessible, and reactive in
| cases like this
|
| That's what SLAs/contracts are for.
| notch656a wrote:
| froggertoaster wrote:
| An incredibly unhelpful comment.
| notch656a wrote:
| If I were helpful, I'd probably drop a comment on HN for the
| first time in a week to shit on someone's advice for moving
| forward with no advice of my own and nothing else to say.
|
| Talk about the ultimate hypocrite.
| forchune3 wrote:
| [deleted]
| dang wrote:
| Would you please stop posting flamewar comments to HN?
| We've already had to ask you this multiple times:
|
| https://news.ycombinator.com/item?id=30363800 (Feb 2022)
|
| https://news.ycombinator.com/item?id=30106006 (Jan 2022)
|
| https://news.ycombinator.com/item?id=30105990 (Jan 2022)
|
| If you keep doing it, we're going to have to ban you, so if
| you'd please review
| https://news.ycombinator.com/newsguidelines.html and stick
| to the rules when posting here, we'd appreciate it.
| pmx wrote:
| This victim blaming has to stop. These companies shouldn't be
| able to just shut down an account like this, especially for
| something so critical and core to a business survival. We
| shouldn't have to live in a world where you need multiple
| backups for every service you use in case one decides to fuck
| you over for no good reason!
| devman0 wrote:
| I guess the response to this is, "it depends." Like I agree
| with you on an some level, but really it depends on what kind
| of SLA you have with the vendor. If you are not paying for
| one, you really are not owed an explanation, and you should
| be multi vendored on that function to prevent outages.
| notch656a wrote:
| incone123 wrote:
| Not to agree with the grandparent comment, but we do live in
| exactly that world. Even as a private citizen I deliberately
| carry more than one kind of payment card.
| polski-g wrote:
| You have a large selection to pick from! You can use Visa
| or you can use Mastercard.
| catapart wrote:
| No - this would be an example of GETTING fucked by a company,
| BECAUSE you trusted them. Which is exactly the kind of thing we
| write laws about; you shouldn't be able to get fucked because
| you believed what a company told you. You should only be able
| to get fucked by a company because you agreed to the penalties
| of how they intended to fuck you, should you break that
| agreement, and proceeded to intentionally and/or maliciously
| break that agreement.
|
| Consumer protection is "good, actually", and while a
| financially robust entity is always better served by having
| options and backups, it's reasonable to assume that those
| luxuries are not available to everyone and should thus not be
| the expected modus operandi of a standard enterprise.
|
| Charitably, I'll assume you meant "you should have other
| methods, as backup", which is decent advice. It's just really
| shitty when you frame it as a default expectation that was
| "fucked up".
| notch656a wrote:
| Sometimes when fucking happens, both parties did the fucking.
|
| Betting the farm on Stripe should never be the modus operando
| of a 'standard enterprise' and thank god I have never worked
| with anyone in any position of power over money that shared
| your beliefs. That is just insanity.
| catapart wrote:
| Running a successful business that is intrinsically tied to
| a well-known or well-trusted institution is not only
| common, it's the case for the majority of businesses. Which
| is WHY we have consumer protection (it's not to protect
| your typical "consumer", it's to protect the money
| interests of business people). How many businesses do you
| think could survive a disruption to their banking access?
| Or maybe their internet access? Electricity access? These
| things get laws to guarantee their functionality, even
| though they're private industry, because keeping businesses
| running is pretty important.
|
| So no, in no universe is it rational to believe that
| trusting a resource to deliver on their promises is, in any
| way, "fucking yourself". You're just projecting your
| paranoia onto others as a mechanism for rationalization.
| You have the privilege of living with backups, and pretend
| that it makes you more reasonable than others, because it
| boosts your ego while simultaneously satiating your
| paranoia. It's fine - I always carry a full sized spare
| tire in my compact car. Inconvenient and hardly used, sure.
| But it stifles my paranoia about the many times I've needed
| to ad-hoc replace a tire. And has saved me more trouble
| than I can quantify. That doesn't mean people who can't
| afford a full-sized spare are 'fucking themselves' by not
| prioritizing it over, say, other or less-costly needs. It
| just means that I have privileges they don't.
| notch656a wrote:
| Yes, I'm paranoid and privileged, that's why a single
| point of failure doesn't result in me going bankrupt. Can
| I cry into some $100 bills? You can dish out the hate and
| I can keep on keepin on enjoying my lavish privilege of
| having backup plans. The only thing better than boosting
| my ego is boosting my bank account as I draw pictures of
| Scrooge McDuck.
| tyingq wrote:
| Worth noting that he's using Stripe Connect, which is more
| complicated than just a regular "payment pathway". Having a
| second provider for that is decent advice, but it's not as
| simple as your pretty flippant comment would suggest.
| alphabettsy wrote:
| What is the business model? There's a lot of detail here for that
| to be given a passing mention.
|
| Is there a common theme between these posts?
| desindol wrote:
| From my experience it sounds like one of your clients or even you
| are considered for doing fraudulent transactions... a bank would
| do the same.
| innocentoldguy wrote:
| Stripe did something similar to our company so we switched to
| Parallel Economy (https://www.paralleleconomy.com). We've been
| happy with it so far.
| rglover wrote:
| Do they have API docs you're aware of? Started the application
| process but they want to lock you into a monthly
| fee/termination fee scheme without really explaining how their
| service works.
| aspectmin wrote:
| Sounds like it may be time for some legislation requiring payment
| processors and other service providers (eg hosting/email) to
| provide an escalation process - probably human review - in cases
| such as these.
|
| Although I agree that there are a lot of TOS violators out there,
| there are also legitimate businesses suffering real and tangible
| harm from these actions.
|
| This case in particular sounds interesting. They were reviewed
| and the problem was fixed, and they were then again given the big
| ban hammer. In this case, I suspect the liability must shift to
| the provider for causing harm through failed processes/systems
| under their control.
|
| Just my 2c
| llanowarelves wrote:
| These are essentially utilities in today's world.
|
| And with that you cannot turn off someone's electricity (which
| they don't "need": see Amish) just because you don't like them.
| And definitely not while hiding behind an algorithm.
| timnetworks wrote:
| Step 1: Find a new payments processor, get the customers back
| online, and then see if it's worth switching <em>back</em> to
| Stripe.
| tannerbrockwell wrote:
| Stories like this are why ultimately all payments will transition
| to crypto based and self custody. Having your livelihood at the
| whim of an algorithm is not only not cool. It is not sustainable.
| None of the legacy payment rails can be trusted to run without
| interruption. This includes Stripe, paypal and even the expected
| FedNOW service being introduced next year.
| jimcavel888 wrote:
| rini17 wrote:
| Self custody means having/being a custodian that does not make
| mistakes, ever. That is not sustainable either.
| Tao3300 wrote:
| > Having your livelihood at the whim of an algorithm is not
| only not cool. It is not sustainable.
|
| Yeah!
|
| > all payments will transition to crypto based and self custody
|
| But... but... you said...
| tannhaeuser wrote:
| You'd think stories like this call for standardization of
| payment processors (using APIs such that changing providers is
| possible in an instant), as an extension of monetary
| sovereignty, mandated by law.
| miketery wrote:
| Agreed, the no intermediary for a payment is a beautiful use
| case.
|
| However I acknowledge the issue with volatility (to be
| solved!).
| serverholic wrote:
| I think volatility will go down over time as crypto becomes
| more normal and boring.
| apeace wrote:
| I had a very similar experience, except it was _on our launch
| day_.
|
| We hadn't charged a single live customer yet, but we had done
| plenty of tests using the Stripe testing environment. So we go
| live with a huge launch event, and we have customers signing up
| in droves. When they get to the last step -- payment -- they get
| an error.
|
| Logging in to the dashboard I didn't see any indication that
| there was anything wrong with our account. No alerts or notices.
| We had already gone through the approval process you go through
| when signing up, and been told we were approved.
|
| The thing that surprised me the most was that there was just no
| indication anywhere that our account would not be able to charge
| cards. Wouldn't it make sense for there to be an indicator
| _somewhere_ that just says "Not ready yet"?
|
| Apparently, they had never even begun reviewing/vetting us since
| the time we signed up for the account months earlier. We reached
| out to customer support and it took them about two weeks to get
| us activated. And, similar to OP, they never gave us a shred of
| information about what was going on. I still don't know to this
| day what the issue was.
|
| Next time I build something with Stripe I'm going to test it in
| production before launching, with my own real credit card!
| mgkimsal wrote:
| > Next time I build something with Stripe I'm going to test it
| in production before launching
|
| I'm genuinely curious why you wouldn't have done that anyway? I
| pretty much always do, precisely so I can experience a full end
| to end user experience.
| londons_explore wrote:
| Buying your own products inflates revenue figures (and is
| therefore pretty much prohibited in listed companies). Many
| investors don't like it either.
|
| Sure, you can do it, but you'll have to forever have a note
| in your accounts package saying 'this revenue isn't actual
| revenue'.
|
| It really upsets those who want the accounts to match up to
| the cent at the end of the year...
| imperfect_blue wrote:
| Debit revenue, credit employee expense claims, journal
| entry: adjustment for test purchases made. Pretty standard,
| doesn't affect your numbers at all, no need to make any
| note in your statement (which you wouldn't have to do
| anyway because it'll never meet the threshold for
| materiality). Its not some sort of difficult accounting
| problem.
| ansible wrote:
| Yes, exactly. I would think that reversing charges raises
| a flag with whatever payment processor or bank that sees
| it.
| imperfect_blue wrote:
| There's no need to reverse it even, just go through your
| standard expense claims procedure or product refund
| procedure.
| krisoft wrote:
| I smell a made up problem. Do you really think the CEO of
| Chipotle can't buy a burrito from one of their branches
| without accountants getting a heart attack?
|
| They just walk in and buy one. They in their personal
| capacity end up richer by a burrito and some invaluable
| experience. The company ends up richer by the price of a
| burrito. If this kind of "revenue inflation" matters to
| anyone then either the CEO has a bad burrito addiction or
| the company wasn't transacting enough anyway or both.
| londons_explore wrote:
| Where I worked, the CEO would walk in and get a free
| burrito. It's another kind of headache (technically that
| burrito is pay, and needs to be taxed and declared as CEO
| pay), but that was considered preferable to revenue
| inflation which is fraud rather than dodging taxes.
| dylan604 wrote:
| This is were some fucking common sense needs to break
| out. If the CEO at a food chain cannot legitimately eat
| there like a regular customer, then we've got some jacked
| up bullshit regulations. If the CEO is driving to each
| branch and order 1000 items, then sure, that again should
| be common sense of something.
|
| More and more, we just keep acting dumber as "tech" is
| more and more engrained
| mtmail wrote:
| Stripe advises against that (I'm not saying it makes sense)
|
| "Do not use real card details. Testing in live mode using
| real payment method details is prohibited by the Stripe
| Services Agreement. Use your test API keys and the card
| numbers below."
|
| https://stripe.com/docs/testing
| yamtaddle wrote:
| It's bullshit. Anyone with experience testing things in
| this area is 100% gonna try a real card _at least_ after
| any major changes (and certainly before a launch of a new
| product). You aren 't _actually_ sure it 's right (and so,
| with something so _entirely_ connected to revenue, can 't
| go the fuck to sleep) until a real charge has gone through.
|
| They probably mainly just don't want people running
| shitloads of automated-test charges and issuing refunds for
| all of them. It may technically be against the TOS but
| there's no way they actually care if you run the occasional
| real-credentials test, especially if you don't refund it.
| remus wrote:
| Frankly that's a ridiculous clause. If you make a change
| (like switching from testing to live in the stripe
| dashboard) it needs to be tested, as OP's comment nicely
| demonstrates.
| apeace wrote:
| The funny part is, I thought that if I did a bunch of real
| transactions and then reversed them all, that our account
| might get flagged!
|
| That's in addition to explaining to our investors that we
| ended our launch day at -$1,000 due to all the chargeback
| fees because some dumb developer doesn't know what a testing
| environment is. And in addition to the fact that Stripe
| recommends against you testing in that way.
|
| I did get a full end-to-end experience, in my production
| environment, with literally one variable changed: using the
| testing Stripe API key instead of the production one.
|
| I don't know, it didn't seem like a crazy way of testing at
| the time. When you consider that the testing environment
| worked perfectly, and there was _no indication, whatsoever,
| anywhere_ that we would not be able to charge cards, it kind
| of felt like how you 're supposed to do it.
|
| But clearly I was wrong :) The way you find out if your
| account has any issues is by charging a real card, and if it
| works, reversing it, and if it doesn't work, waiting a couple
| weeks with no information on what's going on. Lesson learned!
| krisoft wrote:
| > charging a real card, and if it works, reversing it
|
| Why would you reverse it? If you can't afford to consume
| one unit of whatever you are selling are you really in a
| good place to be in that business?
|
| I guess there can be rare exceptions where the business
| sell only a handfull of high ticket items. But then again
| probably Fincantieri does not let you put your bespoke mega
| yacht on a card through a web transaction.
| apeace wrote:
| We are an internet service provider and we charge a
| monthly fee for our service. So the real thing I would've
| been doing was reversing the first month's charge and
| then cancelling the recurring subscription. Which is
| exactly what I'd recommend you do if you are launching a
| new subscription service on Stripe!
| sgc wrote:
| Just make a hidden $1 subscription and cancel it without
| reversing it, then deactivate the item.
| bcrosby95 wrote:
| Yes. When interfacing with a complex system, especially one
| you don't control, always do at least one live test.
| pc86 wrote:
| I mean yes, shame on them for not charging themselves $1 or
| something in production, but still, it's _insane_ for Stripe
| to have no indication on the dashboard that you 're not
| actually able to charge real cards real money.
| tremon wrote:
| _Next time I build something with Stripe_
|
| I'm curious why you would still consider them a trustworthy
| business partner after what happened?
| cpurdy wrote:
| Exactly. After reading this thread, the chance that I would
| ever choose to use Stripe is exactly 0%.
|
| What a disaster.
| demarq wrote:
| I'm surprised there is a next time.
|
| I think that's the biggest thing I see on this thread. That
| Stripe gets the chance of a next time. This validates what
| Stripe is doing to developers.
| theflyingkiwi42 wrote:
| That's how AMEX shut us our corporate credit card account
| overnight. We launched a new shopping cart and tested it live
| in production with our own AMEX card. Mind you that we used
| that card for over $250k a month (never a late payment) and
| this was a $99 charge that we simply forgot to refund.
|
| No appeal process, nothing. Caused significant short term cash
| flow issues. So be very careful using your own card.
| ValentineC wrote:
| AMEX used to have major issues with consumers trying to "pay"
| themselves -- the Singapore version put me in financial
| review for a PayPal transaction that I had accidentally paid
| to the wrong address, and was subsequently cancelled and
| refunded -- which to AMEX looked like I was trying to "pay"
| myself.
|
| I don't know if that's still the case, but these days I'm
| wary about using AMEX on any sort of money transfer service.
| coding123 wrote:
| Well, never using stripe then. never recommending them either.
| projektfu wrote:
| Are you facilitating the use of Stripe's API for accounts that
| are wholly owned by your customers or are you offering the use of
| your Stripe relationship for managing multiple accounts that you
| hold in custody for your customers? For the former, I think you
| shouldn't take responsibility for Stripe's behavior toward your
| customers, but you should have them set up an additional merchant
| account somewhere else. For the latter, I can see how that would
| put someone into a situation that might be both open to abuse and
| against the TOS.
| fredamaral wrote:
| there is someone sanitizing its kyc. simple as that, hehehe
| thallium205 wrote:
| What's your business model? Sounds like you're a high risk
| merchant. You don't get to use nice things like Stripe.
| rickitan wrote:
| Suffering with a very similar situation but from Facebook. This
| hyper growth companies don't give a shit about customer support.
| They let their AIs and Machine learning models do all the work,
| which inevitably flags healthy businesses.
|
| Reminds me of collateral damage and kills in a war.
| fourstar wrote:
| iLoveOncall wrote:
| It was just last month that all of the big players in the
| cryptocurrency space blacklisted all addresses that have ever
| interacted with TornadoCash from using their services,
| essentially transforming that monopoly money into even less
| than monopoly money.
|
| Crypto is not at all decentralized.
| fourstar wrote:
| Uh, yes if you use Circle (centralized), Coinbase
| (centralized), etc etc. Get your coins off of exchanges and
| learn how to actually use crypto with the way it was
| intended.
| Dylan16807 wrote:
| Sure, you can sell the coins off an exchange. But they're
| worth a lot less if so many entities won't touch them.
| _vertigo wrote:
| With defi, if your money falls through the cracks of automation
| you can kiss it goodbye -- it's gone for good. At least here
| there's a chance of a resolution.
| fourstar wrote:
| That's the trade-off and it's a feature, not a bug.
| wikitopian wrote:
| We've got to learn that this is an inevitable consequence of our
| appetite for automation and scale.
|
| If your business is important enough that it can't risk falling
| into the endless hellpit of automated, anonymous, hyperscaled
| infrastructure, then don't build your business on automated,
| anonymous, hyperscaled infrastructure.
| sokoloff wrote:
| I'm sorry this is impacting your business, but I can't help but
| notice something missing from your account: a clear claim that
| your business (and your customers' businesses) are fully
| compliant [to the best of your knowledge] with Stripe's ToS.
|
| That might be an oversight on your part or "something that goes
| without saying", but when your counter to the accounts being
| flagged "as not in compliance with Stripe's ToS" does not include
| "hell yes, they're/we're in compliance with the ToS", it leaves
| me wondering whether you're in a grey or dark grey area here.
| intrasight wrote:
| So drop the Stripe intermediation and just send your customers
| invoices as people have doing for dozens of years.
| lolinder wrote:
| This person is using Stripe Connect, which means their
| customers are people who are paying them to charge other people
| through Stripe. So they can't just send invoices, they have to
| convince their customers to send invoices when (presumably)
| part of the service they were supposed to be providing was
| avoiding that.
| jwblackwell wrote:
| It's becoming increasingly clear that we cannot rely on big
| centralized payment processors. First it was PayPal, now it's
| Stripe.
|
| I know HN has a natural dislike to anything crypto, but I really
| hope crypto can eventually bypass this bullshit
| jimcavel888 wrote:
___________________________________________________________________
(page generated 2022-09-15 23:01 UTC)