
Square thinks I don’t exist - kevinchen
http://kevinchen.co/blog/square-identity-verification/
======
steven2012
To the OP:

If I were you, I would check your credit report IMMEDIATELY.

I'm in the same boat as you, except I'm in my 40s. Most companies use Experian
or Equifax to do some sort of credit verification by asking these questions.
However, about 5 years ago, the credit agencies merged my credit record with
someone else with the same name, but entirely different birthday and location.

Evidently, they don't give a fuck because it took me years to get this wrong
information off of my credit records. I don't understand how this isn't libel,
since they are spreading false information about me, and that drastically
affected my credit, and I had to jump through hoops to get everything
corrected.

The thing that really sucks is that Experian STILL has the wrong information
about me, so when I'm asked these credit questions, it's mixed with the other
person's data, so I always fail the credit check. Despite having nearly
perfect credit, I've failed the credit check numerous times, and like you, the
decision has always been final, because no one appears to give a fuck.

The problem is I have no idea how to get Experian to refresh their data, even
though it's several years old now.

It might be the case that the OP's credit history has been merged with someone
else, and if this is the case, they need to fix it as soon as possible. Use
the yearly free credit report to make sure there is no loans or credit cards
associated with your name, and if so, you need to call every single credit
agency and dispute it. It really sucks, and I don't understand how we let the
credit agencies have this much power, where we the consumers have to suffer
like this whenever THEY fuck up.

~~~
ajre
Amazing that companies maintaining credit histories are relying on a person's
name to map financial data to a 'person'.

Don't we have unique identifiers call Social Security Numbers?

~~~
orclev
Social security numbers are most emphatically not identification. The social
security department tried for many years to get people to stop using your
social as a form of identification, but companies (and sometimes even the
government) still keep doing it. Social security cards printed before 1972
actually had a disclaimer printed on them that said "Not for identification
purposes", but the message has since been removed. Although rare, there are
actually duplicate social security numbers as well, and not everyone has a
social security number. A number of religious groups, most notably some sects
of Amish, refuse to get social security numbers and regularly fight legal
cases to prevent having a social security number as a requirement for access
to government services (although obviously not social security).

~~~
ajre
Well that's interesting... Thanks for debunking my notion of SSN as an
identifier. Sounds like a problem that needs to be solved.

~~~
masklinn
It could be solved as pretty much every other country on the planet does it,
with a national ID number (& card). But the US population rises up in outrage
every time this is suggested.

~~~
yen223
My country's government has done a lot of idiotic things, but I don't believe
that instituting a national identification system is one of them.

------
uladzislau
From the recent story - Square faces rancor from merchants over customer
service:

"Barry said she grew so frustrated exchanging e-mails with customer service
representatives that she drove two hours to the company's San Francisco
headquarters to get some help in person.

Instead, she cooled her heels in the lobby for a couple of hours. No one would
speak to her, she said, and the security guards threatened to call the police.
Then Square deactivated her account, saying "high-risk activity was detected."

[http://www.sfgate.com/business/article/Square-faces-
rancor-f...](http://www.sfgate.com/business/article/Square-faces-rancor-from-
merchants-over-customer-5177314.php)

~~~
spacehome
Frankly, if someone came uninvited to my office to settle a dispute, I'd feel
somewhat at risk, too.

~~~
chilldream
That's not what "high-risk" means in this context.

------
nlh
The response "I'm sorry our decision is final and we cannot communicate any
further" that vendors give (Google, Square in this case, etc.) is nothing
short of stomach-clenching maddening. Just reading it fires up rage inside me.

I understand why they do it -- it's pretty clearly related to their anti-fraud
/ anti-spam / security systems, and I understand that by giving any further
information, they're exposing those prevention measures to weakness. And I'm
sure in cases of real fraud / spam / security risk, this is the right
approach.

But man, does it stink for everyone involved when there's a false positive
(i.e. in this case). There's got to be a better way of handling this. Some
sort of escalation / appeal process?

(And if there isn't -- hint hint, companies that haven't gotten big enough to
be immobile on this issue: Implement one.)

~~~
waqf
There are two kinds of companies: companies that are big enough to be immobile
on this issue, and companies that aren't big enough to take on fixing the US's
consumer finance infrastructure.

------
HectorRamos
I went through this almost two years ago, with the key difference being that I
was able to sign up with Square and accept payments around four years ago
(whenever they launched). I even interviewed there at one point, just like
you.

After two months, they closed my account because I was living in Puerto Rico
at that time and there are no partner banks in Puerto Rico. Once I moved to
San Francisco and linked Square with my new California bank account, I was
able to accept payments again.

Then one day I got a notification indicating that my account had been closed,
and that the decision is final. I contacted Support, and they reiterated that
their decision was final, and could not communicate with me any further.

It is the weirdest interaction I've ever had with a company. I still use them
as a payment method and I'm a big fan of the company, but I feel disappointed
whenever I log in and they remind me that my merchant account is disabled.

~~~
ama729
> I still use them as a payment method and I'm a big fan of the company

Why? If you had such a bad relationship with a company, why use them and why
being such a fan? I genuinely don't understand, if I had an interaction like
this, I would never recommend them.

~~~
HectorRamos
They only banned me from accepting payments. I can still use them to pay at
any establishment that uses Square, which, here in the Bay Area, is a very
common sight.

Aside from the refusal to explain why I cannot accept payments, I haven't had
any negative interaction with the company. They just seem unable to provide
any further information, for either legal or policy reasons.

~~~
PhantomGremlin
> They only banned me from accepting payments. I can still use them to pay at
> any establishment that uses Square

Other than that, Mrs. Lincoln, how did you enjoy the play?

I agree with the GP poster, I'm at a loss to comprehend why you continue to
"enable" companies like this to continue bad business practices.

------
siculars
So this is what millions of low income, undesirable customers face every day
when they try to join the financial system by opening a checking account. What
OP has experienced is the next iteration of that. What happens to society when
the gatekeepers of our technologically enhanced future decide for some
arbitrary, non-appealable reason that you are an undesirable and you may not
participate. Everything from accepting payments via a dohickey on your iphone
to even having an iphone. Or maybe the internet. Maybe you can't have the
internet cause the we say so authority says they don't like the neighborhood
you live in or something that was in your credit history.

I'm getting failed on a similar knowledge based identification on coinbase
right now. Failed twice already. At least it's not a final decision, to their
credit.

There needs to be laws against this almost certain dystopia. That's one reason
why I support the EFF.

~~~
protomyth
And people wonder why Walmart is so popular with the working poor. Bluebird
credit cards (even takes direct deposit), prepay phones, low prices, and low
friction. They were advertising health insurance last time I was in there. I
do believe they had minute clinics at some places.

------
JumpCrisscross
File a complaint with the:

(1) Consumer Financial Protection Bureau (CFPB):
[http://www.consumerfinance.gov/complaint/](http://www.consumerfinance.gov/complaint/),
and,

(2) New York State Department of Financial Services (DFS):
[http://www.dfs.ny.gov/consumer/fileacomplaint.htm](http://www.dfs.ny.gov/consumer/fileacomplaint.htm).

This will make it more likely that you see a favourable resolution. Further,
this assists due process in identifying and resolving problems in our
financial system.

~~~
kevinchen
Thanks JumpCrisscross, I'll try that.

~~~
greatdox
If no response try the BBB and find one in your area to file a complaint so
that their management has to answer you.

~~~
chc
How the heck is the BBB supposed to force their management to answer? All they
can really do is try to shake down Square for a fee.

~~~
kevinchen
If they don't respond, the case is marked as unresolved or something like
that. Square's score will get dinged. So they have to say something (assuming
they care about the BBB score).

~~~
aestra
They just have to pay the BBB tax to remove it.

[http://youtu.be/Yo8kfV9kONw](http://youtu.be/Yo8kfV9kONw)

That's the shakedown the GP was referring to. The BBB is a scam.

------
abalone
Just to add some context, this is a not unexpected consequence of Square's
approach, which in many ways parallels what Paypal did in the ecommerce space.

Prior to Square the individual / very small business market was underserved
(for real-world transactions). You had to go through a PITA application and
due diligence process with a processor. And you typically had to pay
significant up-front costs and ongoing fees to maintain your account.

There's a reason for that: the processor is _financially liable_ for any
fraudulent merchant charges. If a merchant signs up and puts through $10K of
fraudulent charges and skips town with the money, it's the processor that
pays.

So Square did two things. First it lowered the upfront costs by piggybacking
mobile devices to turn them into low-cost swipers.

But the second very crucial thing they did is hidden on the back-end: they
streamlined the signup process and support costs. They did that by doing
exactly what you see here, using alternative ID and credit check methods. And
making their customer support largely a self-service operation.

The good news is that the particular case you see here is probably fixable
with continued improvement. But that's why it happened.. they are replacing an
otherwise more costly and burdensome signup process with something largely
automated. And there's a lot of money at stake if they screw it up and let
fraudsters on board.

~~~
kevinchen
I know how it used to work -- I've been following Square from the beginning. I
just don't think it would cost that much to outsource verifying a DL and bank
statement that I upload to their website.

~~~
hobs
"I am sorry, but our automated verification system cannot process your
information, if you wish to continue, we would need to bill you a 25 dollar
verification fee to cover additional information gathering."

Its certainly better than their response.

~~~
patio11
This does not solve the problem "Fraudsters will appeal their denial, happily
pay the $25 fee using a stolen credit card, and then skip town with their
first $X,000 in payments."

~~~
Dylan16807
If the fee is to pay for better checking, then it's a fake $25 payment that
results in a denial. And in this case square is still accepting them to make
payments but not receive them, so there should be no problem with the $25
bouncing. In the general case perhaps they could demand cash for the
verification fee.

~~~
patio11
You'll generally not find out that a credit card was used for a stolen payment
until weeks after the payment goes through. At that point, it's too late for
Square.

~~~
Dylan16807
Sorry did a bit of editing as you replied. But I think you misunderstood the
idea. The $25 is not to prove them trustworthy, it's to incentivize square to
do a better investigation into whether someone is trustworthy.

It doesn't matter very much that someone could use a stolen credit card for
that $25 payment, because square would deny such a person during their deeper
investigation and lose less than $25 dollars total. And there is little reason
for the criminal to do this because it will get one of their nice card numbers
blocked faster.

Or ignore the second paragraph and charge cash for the service of doing a
better investigation with responsive customer support.

------
tptacek
The comparison to Paypal is funny. Paypal has decided that I don't exist, or,
if I do, that I'm somehow ineligible to buy things through Paypal using my
credit card.

 _Buy_. _Things_.

If your site does payment processing through Paypal then, through some
accident of account processing or technology or the history of my account, I
can't use any of my 3 payment cards to buy what you're selling, because Paypal
believes it needs to (for reasons passing understanding) link directly to my
bank account before any card with my name on it can be used through Paypal.

~~~
grrowl
You can purchase through Paypal without logging in, there's a little text link
at the bottom of the purchase page under the "sign in" box. They'll also taunt
you if you enter a [mandatory] email address that matches a known account, but
this is also skippable.

~~~
tptacek
Paypal demands a login when I use any of my cards. Then, when I log in, it
demands that I verify my bank account.

~~~
samspot
It's a trick. The verbiage on the page strongly suggests you have to log in,
but there is a little link or something to skip it. It has been a while since
I bought through paypal, but I always skipped it because it was so much more
of a hassle to log in.

~~~
xorbyte
No, I think this means PayPal recognizes tptacek's CCs and forces a log in.
Even with a new card, perhaps they'll just base it on the name and refuse to
process it without an account login.

~~~
colinbartlett
Even with a new card? Are you sure? That'd be surprising, given the
overwhelming duplication of first name/surname combinations.

~~~
jessaustin
I think you're referring more to the "jlee" and "rsmith" combos than the
"tptacek" ones.

------
DigitalSea
I am seeing some parallels between how Paypal operates and deals with their
customers and how Square deals with their customers, you know the ones that
make them profit from the fees they charge for using their service? Sadly,
this is how big commerce works. You try and try to get a human response and
you're met with the old favourite, "Our decision is final" nonsense.

I recently encountered this with Electronic Arts and their Battlefield 4 game.
I forked out about $150 AUD for the base game and premium addition only to be
informed my account has been permanently banned after coming back from a month
in Europe on holiday because they said I was cheating. Well actually, they
wouldn't give the exact reason, but that was essentially what their response
implied. When I asked for whatever proof they had, they said our decision is
final and we can't show you any proof.

I am in the process of getting a refund as I paid by credit card, but this is
definitely a commonly recurring theme amongst larger companies who struggle to
deal with their customers and ultimately retain them. What kind of business
model punishes their customers?

Good luck, I think you have a real chance of getting some human response now
that this is on the front page of Hacker News. My understanding is that this
is how people get responses from people over at Paypal as well, create a loud
enough noise for someone higher up to respond as to avoid a PR nightmare and
get your problems resolved.

------
mcphilip
From the fine print on the linked Identity Verification Service page [1]:

>Due to the nature of the origin of public record information, the public
records and commercially available data sources used in reports may contain
errors. Source data is sometimes reported or entered inaccurately, processed
poorly or incorrectly, and is generally not free from defect. This product or
service aggregates and reports data, as provided by the public records and
commercially available data sources, and is not the source of the data, nor is
it a comprehensive compilation of the data. Before relying on any data, it
should be independently verified.

I'd guess the failure rate of using this service was deemed an acceptable
trade off to implementing an independently verified service.

[1][http://www.lexisnexis.com/risk/solutions/instantid-
qa.aspx](http://www.lexisnexis.com/risk/solutions/instantid-qa.aspx)

~~~
kevinchen
That's true--every system will fail. I took issue with Square because the
humans supposed to fix things when it fails are not allowed to do anything
(company policy?). Amazon and PayPal people were helpful.

~~~
jusben1369
"Dorsey likes to make fun of PayPal, for people my age, Square’s user
experience is usually orders of magnitude worse."

That will leave a mark.

------
amorphid
TL;DR => go to the top.

First, I had worked for one of California State's departments as a contractor,
but hadn't been paid in two months. I called my State Senator, said I had
working for the California in his district without pay for two months, and
that I needed his help. I got paid the next day.

Second, I had been wrongly charged over $10,000 USD at a city hospital, and
hadn't been able to fix the situation. I contacted the Mayor, explained that I
was being charged for a service I didn't receive, and asked for his help. The
bill went away.

Last, American Express sent me to collections (related to the hospital bill
above), and the collections agency was trying to con me into paying more than
I owed. I called the office of American Express' Chairman of the Board, and
asked if they could help me deal with the collection agency's shenanigans.
They pulled my account of out collections, and started dealing with me
directly.

Recommeneation => track down Jack Dorsey or someone on their board, and
explain the situation. It just might work!

~~~
troels
Getting a blog post on HN is the equivalent, no?

------
pyduan
(Disclaimer: I write fraud detection algorithms for Eventbrite, and work
closely with the team that built the fraud systems at PayPal.)

I'm sorry this happened to you. I personally believe the burden of proof
should be on the company. However, that some choose to err on the side of
caution is perfectly understandable.

The thing is that companies that handle credit card payments are very
vulnerable to fraud because they are liable for consumer chargebacks [1], at
least in the US. This is particularly unfortunate since US cards also happen
to have pretty poor security (which also has probably something to do with the
fact the merchants are liable, and not the banks). Stolen credit card numbers
are _extremely_ easy to obtain (cf. Target breach) [2], and once this is done
fraudsters have basically two main ways to extract money out of it:

1) Use the card number to make purchases online, or better yet, find a self-
service platform that lets you become a merchant then purchase your own
offerings (eBay/PayPal, Eventbrite, etc.).

2) Duplicate the card (made much easier by the US' slowness in adopting chip-
and-pin), and use it to pay for goods or to load the money on some account.
Square is perfect for this since you own the card-reading device, which makes
it much less risky than attempting to use a duplicated card at an ATM or at a
retailer.

Now, the problem is that you potentially need _a lot_ of cushioning to
withstand fraud attacks: while the processor only makes profit from the
transaction fee, they are liable for the entirety of the charge, so one single
fraudulent transaction can wipe out the profit of _thousands_ of good ones.
Being attacked by a fraud ring for hundreds of thousands or even millions of
dollars in a single day is not impossible (in fact we've seen this happen, and
Eventbrite's transaction volume is much smaller than PayPal's or even
Square's), so this is a lot of risk to take on for a company, especially a
startup.

Regarding the bad customer service you've received, there is a specific reason
why companies often decline to comment on fraud security checks: by allowing
you a way of recourse, they would be disclosing information about how their
system works, which makes it potentially vulnerable to attackers. For example,
if they said "sure, just send us a copy of your driver's license and we'll
lift the ban", this would be a signal for fraudsters to try to fake such
documentation.

Overall, it's a complex issue and unfortunately frustration is part of the
game (trust me, if PayPal could have found a way to make operations smoother
and less frustrating, they'd have done it). At Eventbrite we've chosen to
assume this risk and be more liberal with verification because we decided that
providing a good user experience is worth losing some money over (and because
we have faith in our ability to keep up with the fraudsters), but this is a
decision every company that handles money has to make and it's not an easy
one.

[1]
[http://en.wikipedia.org/wiki/Credit_card_fraud#Merchants](http://en.wikipedia.org/wiki/Credit_card_fraud#Merchants)

[2] fun fact: you'd be surprised to see how big this underground economy is;
it's so well-oiled that some sellers even provide customer service on the
credit card numbers they sold, and offer money back guarantees if the card has
already been deactivated

~~~
nathanb
It's attitudes like this that make life miserable for a minority of people.

Google: Our products work for most people. If they don't work for you, we
won't support you. Good luck with our competitors.

Paypal, Square: our fraud prevention metrics are generally reliable. If you're
a false positive, we won't serve you. Good luck getting your money.

Comcast, Time Warner Cable, etc: Our Internet services work pretty well for
most people. If they don't work for you, enjoy spending an hour or more in
customer support hell. They may solve your problem. If not, good luck getting
home internet from our non-existent competitors.

Imagine if the rest of the world worked like this:

* People whose legs work can use the toilets here. In a wheelchair? Good luck finding somewhere else.

* Only people who can drive a car can get state-issued ID. Can't drive? Good luck not officially existing in the eyes of many.

* Only people without a history of chronic illness can get free health care. Pre-existing condition? Good luck with your third job to pay for your treatments.

It is absolutely Square's prerogative to determine who they will and will not
serve. And if you choose not to serve someone because they are an inconvenient
minority, it's your call. And it makes you kind of a jerk. Expect to be called
out on it.

Square: you are PayPal. You are Comcast. You are the old and busted status quo
that the new hotness will usurp one day. Don't like it? Prove it otherwise.

~~~
jedrek
> People whose legs work can use the toilets here. In a wheelchair? Good luck
> finding somewhere else.

Sounds like a lot of Europe.

~~~
namenotrequired
Which part of Europe have you been?

~~~
jedrek
In the last 2 years? Holland, Germany, Austria, Spain, Portugal, Denmark,
Poland, Czech Republic, Slovakia, Slovenia, Croatia, Hungary and Italy.

------
lisper
I had a similar experience recently when I tried to get my free annual credit
report. To verify my identity they asked me questions about my financial
history, mainly about my credit history. Well, I haven't had a loan in many
years, so they had to dig deep into the archives and asked me about the
monthly payment amount on a car loan that my _wife_ had over ten years ago. My
financial records actually go back that far, but hers don't, so I was unable
to "prove" that I am me (with "prove" in scare quote because IMO it's highly
questionable whether getting the right answer on a multiple-choice quiz can
possibly "prove" anything about anyone).

~~~
seanalltogether
I also had a similar issue trying to set up a fedex account over the phone. I
couldn't do it online because their site was down. I called over the phone and
they made me answer a bunch of questions from over 10 years ago. Since I
missed 2 questions they refused to set up an account for me, and refused to
ask a new set of questions. It was infuriating.

------
rpauli
And don't be forgetful or old... I'm way over 60 and since I cannot remember
names and places I lived 30 or 40 years ago, I am constantly locked out.

So if they have the data, why couldn't a pirate, NSA officer or errant banker?

Perhaps a better test is what I choose to forget.

------
geetee
I really dislike these ID verification services. I had my identity stolen
about a decade ago; worked it out with the police and credit bureau. To this
day, I still get verification questions related to the fraudulent credit card
account. Do I answer truthfully and not get verified, or play the game and
choose the "correct" yet wrong answer? (answer: play the game.)

------
tzs
So could I potentially vex an enemy by trying to sign up for Square in his
name, and blowing the questions, so that he gets banned from Square?

(I realize I could possibly answer this experimentally, but I'd rather keep
this theoretical)

~~~
malka
You could even automate it using the white pages I guess.

------
rurounijones
The whole "Prove you are who you say you are by answering questions a fuzzy
computer system says you should know" seems very Kafkaesque.

------
jessaustin
It's sort of funny, that all three verification questions listed would be
answerable by an attacker, but at least two would be easy for normal people to
get wrong.

~~~
pgrote
would they be correct by an attacker?

~~~
jessaustin
If she knows anything about the target (glossing over the fact that the
_actual_ target is square), an attacker could get correct answers with high
probability. Twitter, FB, LI, etc. provide people the target is likely to
know. In many locales you wouldn't even need an exact address to know which
streets cross which other ones (although frankly how hard is it to know
someone's address?). And of course there is a direct mapping from social
security numbers to states, so asking the SS question in that fashion adds no
security.

All of this ignores the fact that these are _multiple choice_ questions.
Attackers don't have to win every time. 1/64 of targets would be vulnerable
given _no knowledge whatsoever_. This is just an upper bound on how useful
this set of questions is for Square, while the rest of TFA constitutes a
convincing lower bound on how harmful they are to those who would legitimately
use Square.

------
cordite
I like how I had no problem, when I was sixteen, setting up Paypal so that I
could buy some random components for some old PDA's from china on ebay.

But this is seriously upsetting, the tone of this writing wants to rip my
heart out for the author. I can only wish that this gets resolved decently.

His comparison also reminds me how Amazon's customer service is absent as much
as possible. Automation and all that. Yet on that topic, it seems people don't
mention Google as much. (I wonder if they filter that out in their results..)

~~~
SyneRyder
Amazon customer service absent? They have some of the greatest customer
service I've ever seen. If I need help with my Kindle, I can click a button to
get a human to call _me_ immediately, so I don't even have to pay for an
international phone call. The one time Amazon sent me an incorrect parcel, I
got connected to a real human who initiated an immediate & instant refund
while I was talking to them _and_ let me keep and/or sell all the items I'd
received mistakenly. For such a large company, Amazon's customer service is
really good. (I agree that Google's is nowhere near as good, though.)

~~~
CalRobert
If you're flagged by them as an unfit marketplace seller (weird that this can
happen when you've never sold a thing on their marketplace before) then their
support is horrendous. They get a person to explain politely that there's no
appeal, they won't say what the matter is, and they just don't care if you're
now tainted for life by the last person who lived in your apartment who
apparently was shady.

~~~
SyneRyder
Ahh I see, I wasn't thinking from the perspective of a marketplace seller on
Amazon.

I do know that in fraud prevention it's common to not explain what the problem
is, because it tells fraudsters which filter they've tripped (and potentially
how to evade it on their next attempt), but it certainly doesn't help genuine
people caught in a false positive.

~~~
FireBeyond
As a customer, yes, they can be (are) great. I have close to 1,000 orders in
seven years, tens of thousands of dollars.

Yet I sold a camera lens on Marketplace. Perhaps the tenth thing I'd sold. I
was willing to be patient to get a better price. Nine items sold, no problem.

This one arrived three days after the "expected delivery date". The buyer
complained, and my Marketplace account was canceled. I could appeal. I pointed
to history, inclement weather. Said I'd be willing to be flagged "Fulfilled By
Amazon-only", if that was possible.

"After review, our decision stands and you will remain permanently
disqualified from using Amazon Marketplace."

------
kevinoconnor7
I ran into a similar issue trying to get verified by Coinbase. I answered all
of the questions truthfully, but still failed. After 2-3 times I just began to
brute force it. It turned out that one question in regards to a duration of
time was completely wrong. Luckily Coinbase let's you do it as many times as
you please, just with a 24 hour pause between each try. Come to think of it,
they should probably send you an e-mail whenever an attempt it started.

------
gtirloni
I enjoyed reading all the explanations for why this is a hard problem to solve
but it really boils down to a simple problem: customer support.

Any decent support operation would actually talk to this guy, provide
workarounds for their broken system (which is clearly broken for this
particular occurrence), apologize and promise to improve things.

The fact they they provided a shitty service would be the top on my root
causes list.

------
adamio
There are also lots of reports online regarding Square holding payments to
sellers, without much info why. Plus they have no phone support, only an email
address.

------
CalRobert
This was much more frustrating than I might have expected when it happened to
me on Amazon marketplace. My girlfriend listed some books for sale and was a
model citizen of the ecosystem, but they killed her account and held her money
for 90 days after the first book sold. When I went to sell some things a few
months later, my account was closed minutes after opening it. I have a stellar
rating on ebay with 15 years' experience, excellent credit, and a long history
as an Amazon customer.

After living in that apartment a bit longer we got some mail for old tenants
that seemed to indicate some sketchy activity. I believe they may have been
fraudsters. However, despite several emails and calls to Amazon I am told
there is no appeal whatsoever any reason, and that's that. The callous
disregard for customers is breathtaking.

Needless to say I use DigitalOcean, ebay (that a company can be more user-
hostile than ebay is shocking) and avoid Amazon whenever possible.

------
pmorici
And people keep asking what the advantages of BitCoin are over
Paypal/Square/Credit Cards/you name it.

~~~
chilldream
At the cost of removing any buyer protection whatsoever.

~~~
drchaos
While agreeing this is a useful feature, it can be offered by marketplaces
just as good, if not better. For example, Silk Road (where everyone was
necessarily anonymous) had an escrow service which worked just fine.

~~~
makomk
At least from the scuttlebutt I heard, almost all sellers on Silk Road
required new buyers to release the money from escrow before they'd ship
anything, and some of them were taking advantage of this to selectively rip
off new buyers.

------
LeicaLatte
As a long term employee at PayPal, it has always amazed me how much of the bad
rep we carry is because of the abstractions we bottle and sell as a company.
Money, banks, credit, identity, regulation, fraud, cash, etc. are all loaded,
fragile and complicated systems on top of which online payments is built and
it is a very different problem as compared to sending and receiving e-mail.
Money itself is thousands of years old and is not an invention of the
internet. It is done differently everywhere and the sheer number of middle men
involved is expected but still mind blowing.

A good payment system has to fix the leaky abstractions below it someday
somehow, to be really great.

------
jayzalowitz
Well crap. I have social data for millions of people. I could put togeather a
backup version of this easily. Does anyone have a use?

------
iamleppert
Square is just another PayPal and I don't understand why people can't see
that.

~~~
nathancahill
Because it has a pretty icon.

------
rdl
You have to be 18 to sign up because you need to be able to sign a legal
contract.

------
ergo14
I would just work with Braintree.

I was implementing payment system for
[https://appenlight.com](https://appenlight.com) from paypal to some other
solution that would not require paypal account. We've evaluated Braintree and
Paymill - as App Enlight is european company, so our options were limited.
Before Paymill took its time to reply to me (~22 days), I already managed to
validate, sign all the papers and actually implement Braintree solution to our
application.

One more thing at first Braintree support told me they might not be able to
work with us because of some restrictions on company legal form by processor
bank, but after I have sent them all the documents, everything went fine and
got approved. Maybe you can try with them.

------
NAFV_P
You mentioned that your name is common, and reminded me reading about the
frequency of certain Chinese surnames. So I looked up this:

[http://en.wikipedia.org/wiki/List_of_common_Chinese_surnames](http://en.wikipedia.org/wiki/List_of_common_Chinese_surnames)

I'm making an assumption that your ancestry is Chinese, I believe it is even
more popular in Taiwan.

Apparently, according to a summary of the 2007 census there were 7 surnames
which were shared by over 20 million people, of which one of them was "Chen".

For a comparison, the article also mentions that the most common surname in
the USA, "Smith", is occupied by 2.4 million people.

Let's look at some population estimates:

[http://en.wikipedia.org/wiki/List_of_countries_by_population](http://en.wikipedia.org/wiki/List_of_countries_by_population)

China is estimated to have 1,360,720,000 people, whereas the USA is estimated
to have 317,559,000. The first article states that the frequency of "Smith" is
about 0.84%. A quick calculation on the old python interpreter gave the
frequency of "Chen" as roughly 1.47%.

What surprised me reading those two articles is that the USA is the third
largest country by population.

I though I'd look to see if my surname, "Tucker" (no prizes for guessing which
expletive it rhymes with) was popular in the UK. I first looked at this:

[http://www.dolltoy.com/uk2.html](http://www.dolltoy.com/uk2.html)

... Listing the 50 most popular surnames. I didn't find it, but the list has a
column titled "Associated Town" (I was not aware of this convention). At the
bottom of the list is "Davis", which is associated with the town of
Gloucester, my home town. I'll have to look a bit harder for its actual
frequency, it is also used as a first name for both boys _and_ girls. My first
name is "Robert", which can also be used as a surname if appended with an 's'.
I could have been called "Robert Roberts", or "Tucker Tucker". Reminds me of
Rik Mayall's character "Richard Richard" off that vile comedy "Bottom", while
co-star Ade Edmonson's character had the charming name of "Eddie Hitler".

Come to think of it, what's the etymology and frequency of "Hitler"? ....

~~~
prawn
"The surname Hitler is a variation of Hiedler, a surname applied to those who
resided near a Hiedl ('subterranean river')."

~~~
NAFV_P
Cheers, I had a look and I found this, very interesting:

[http://en.wikipedia.org/wiki/Johann_Georg_Hiedler](http://en.wikipedia.org/wiki/Johann_Georg_Hiedler)

------
midas007
It's trying to be a non-repudiation system based on something only you and
they know. Unfortunately, without a credit history or paying utility bills,
credit sources alone aren't enough. So why not use other facts such as partial
DoB, partial SSN, parent/s SSN, etc. only when no other details are available?
It's not ideal, but it's better than either losing business or falling back on
something much less secure eg facts that are in the public record.

------
rpicard
I always seem to fail these kind of identity verification systems. It has made
it a pain to get a bank account online and to get a credit report.

------
jtbigwoo
It's time for us to understand that Square is the bare-bones bottom-of-the-
market provider. Just because they seem slick and high-tech doesn't mean
they're Apple. They want to be the Wal-Mart of payments, driving down their
costs at every turn. There's nothing wrong with that, but it's something that
we, as potential customers, have to be clear about.

~~~
protomyth
Walmart understands that being on the low end requires an attention to the
realities of the low end, Square doesn't seem to get that.

------
tomasien
This is another problem with payments that rely on the Credit Card rail. I
hate the credit card rail. The CC rail doesn't know who you are, it doesn't
know anything, isn't convenient online, and charges merchants insane fees.
Forget it, unless you want to pay with money you don't have (aka credit, aka
how only 30% of consumers use CC's)

------
Beltiras
I know that names are somewhat holy to some, but your _legal name_ is another
matter. User Kevin Chen, but change your legal name to include a middle name.
Preferably something unusual but fluent.

[http://en.wikipedia.org/wiki/Name_change](http://en.wikipedia.org/wiki/Name_change)

~~~
kevinchen
Legally, I do have a middle name, and in the United States, it narrows things
down to just me. But Square does not take it in their signup form.

------
Procrastes
I'm in my 40's and have this problem with any system that attempts to use this
method to identify me. My father has the same name as me. (I'm a II not a
JR)This seems to be too much for these systems to handle. I've never managed
to authenticate successfully with this sort of system.

------
bfish510
This is the same kind of issue I've run into with T-Mobile and their adult
content filter. I can't turn it off because they use financial data to find
out if your 18. So because I didn't have student loans or a credit card I
can't disable it without going into a store.

------
pbreit
If you visited and interviewed there, I'm assuming you tried emailing one of
your contacts?

------
rajacombinator
Welcome to the world of financial services. They're not designed to help you.

------
wurzelgogerer
I want to quickly chime in as well. I don't want to defend Square, but they
are simply using a service and are relying on its information. It sucks that
your account didn't get approved, but I do not agree with your final
statement: "Design is how it works, not how it looks.". Square uses a third
party service, and I actually know which one it is. They regularly update
their information, yet there are still issues with identities, as it is not a
perfect "science". Square definitely did the best to their ability, but due to
the fact that they rely on someone else, it won't be perfect. I have worked
with the provider in question myself, and I know of the pitfalls. I believe
Square definitely solved the issue as best as they could considering the
limitations.

~~~
stephen_g
How is refusing to offer any other way to verify identity solving the problem
well? The poster was able to fax identification to PayPal and other companies
to be able to sign up.

Taking the decision of a data set that is known to have flawed data on at
least a small percentage of the population as final, and having no way to
appeal is pretty terrible really.

------
imkevinxu
Same exact thing happened with Dwolla. Couldn't figure out if the identity
verification service used my old address, current address, or my parents'
address. I'm still locked out...

------
Sami_Lehtinen
Sounds really silly and backwards. Why they simply don't use strong online
identity detection? Should be simple and secure.

------
billclerico
identity verification of small merchants is a really hard problem to solve
with 100% accuracy. (or even 90% accuracy) At WePay, we use Facebook identity
to help supplement KBA. It's not 100%, but does dramatically increase success
rate.

------
ck2
I have the same problem with raise.com - they refuse to sell me anything.

------
bambax
> _Design is how it works, not how it looks._

+1

------
nathancahill
Does Bitcoin think you exist?

~~~
estel
How's that relevant? The problem that the op is presumably attempting to solve
is: "I want customers to pay me using a credit card".

~~~
nathancahill
It's very relevant. Square is just another broken implementation of a broken
system.

Until we accept that centralized payment systems only benefits the central
entities, we're going to be stuck with these problems.

~~~
wlesieutre
I don't know about that, chargebacks are a pretty nice thing.

~~~
nathancahill
Why do you need them? With Bitcoin, your credit card can't be skimmed or
stolen, you can't be charged twice or for more than you authorized.

As far as not shipping a product you paid for, economics takes care of that.
Not delivering purchases is a bad business model.

~~~
nav1
Are you sure about that? If you get 1000 people to pay $100 for your "product"
that you don't ship to them, that's a pretty good profit. You can just walk
away with the money, never to be seen again (under that name at least). How
the economics would take care of that is anyone's guess.

~~~
sharpneli
And precisely because of this the we have chargebacks.

As a merchant it would be lovely to accept payments only via bitcoins. As a
customer I'll avoid purchasing anything if I cannot issue a chargeback. So the
only way to get me to actually buy anything via bitcoins is to remove all
alternatives.

------
lhgaghl
> When they can’t find you in their database, they pull irrelevant questions
> associated with somebody else’s dossier — especially if you have a common
> name like I do.

How is this not an information leak? If I know there is only one other person
with my name within the area, then I can obtain information from him this way.
(Since there will be multiple choices about that person suggested in that
questionare)

------
lhgaghl
Ironically, when I opened this page it showed me this:

[https://image.bayimg.com/d3e7f68ca0e50daf6e77a0eb56eb2b6c61e...](https://image.bayimg.com/d3e7f68ca0e50daf6e77a0eb56eb2b6c61e03817.jpg)

------
fivre
This story loaded right above
[https://news.ycombinator.com/item?id=7131231](https://news.ycombinator.com/item?id=7131231)
(the Bitcoin exchange arrests). Kind of ironic.

------
tga
The way I see it, this is the same as trying to check into a hotel without a
valid ID or credit card. If they can't verify to a reasonable extent who you
are, the hotel will just refuse doing business with you. Is that
discrimination? No, they would be certain to lose money overall if they didn't
do that, even if you in particular are a nice person and intended to pay cash
on checkout.

As long as Stripe made clear what their position was, as to not waste this
person's time or money, I don't see a problem here. It can be a business
decision to flip a coin and permanently turn away all the customers that get
the wrong side, if doing that magically increases profits. You can't even call
it bad customer service since they are not a customer and will never be one.

~~~
novaleaf
Square, not Stripe. i just signed up and got my _Stripe_ account approved for
live transactions, and they didn't need any of this fishy stuff. just "normal"
things like a bank account.

~~~
tga
Indeed, I meant Square, thanks for catching that.

Funny name confusion, they're both payment processors, one deals with magnetic
stripes and the _other one_ is named Stripe.

