Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How does onlyfans.com work around the “no porn” Stripe rule?
416 points by capableweb on Aug 27, 2020 | hide | past | favorite | 285 comments
For reasons beyond this ask, I'm needing to use a payment processor that is fine with high-risk transactions (which the porn industry certainly fits in) so started looking around what adult websites are using.

Many are using probiller, vendo and similar, since Stripe and others have rules against porn/adult industry, citing high risk transactions for this.

But then I came across onlyfans.com, which is using Stripe for its payments, although Stripe has a strict "no porn" rule in their terms of service.

How does this work? Onlyfans is by now a huge website, with lots of transactions, so it's surely not flying under the radar. It's the only adult website I could find that is using Stripe.

Is it as simple as they have an agreement with Stripe to bypass the rule? Or am I missing something else obvious here?




Cascading payments might be the real answer, and shuffling higher risk charges to non-Stripe providers, but in my experience, Stripe can get pretty moralizing pretty quickly.

We built an adult ecommerce site (purely toys for purchase, no porn) and because other adult toy sites had been successful on Stripe, Stripe assured us this wouldn't be a problem.

Six months and several million dollars processed later, Stripe informs us we're going to be deplatformed because Wells Fargo (their banking partner) had reviewed our account (apparently because of its volume) and determined we violated their standards because of the nature of the toys.

We did a bit of back and forth where Stripe suggested we alter the colors available (seriously) to assuage Wells Fargo's puritanical concerns, and Stripe insisted it wasn't _their_ moralizing, but rather Wells Fargo (paragons of fucking virtue as they are), but we weren't willing to compromise on the nature of our product or have our product's options or colors dictated to us by one of the most corrupt banks on the planet.

We ended up deplatforming and moving to a high-risk processor who was willing to match our competitive Stripe rate. That processor sucks and their fraud protections are weak and their interface is garbage, but they're not telling us how to run our business.

Was mostly disappointed that we went through an arduous review process with Stripe beforehand and received assurances we'd be fine since our chargeback rate is insanely low and we ship actual physical product and have no nudity on our site, but alas.


This is an incredibly frustrating read. I know, I know there are far worse things in the world but fucking Wells Fargo dictating to people when they evict homeowners who have no relationship with Wells Fargo, commit wholesale wire fraud, destroy people's credit and then turn around and lecture a honest business.

This is why banking is a rent-seeking and though we need the financial industry they are ghoulish vampires sucking the lifeblood out of everything they touch.

/rant


This was my exact rant. Even more galling was that Wells Fargo was virtue signaling about something that... had no optics to them. Literally no one knows who our payment processor was, but if you even got as far as "Stripe," a _vanishingly small_ number of people know that Wells Fargo is their banking partner for US transactions.

This isn't to suggest that WF should run their merchant processing business with no one watching for fraudulent or wantonly scam transactions, but to step in out of nowhere because the volume of actual real charges for real customers for real products was too high and you were busy clutching your pearls over what was being sold is just insane. As if it could somehow splash back on to Wells Fargo and, what, further sully their reputation?

"Sure they may ruin people's lives and spawn fake accounts to hit numbers and silence anyone who speaks up and evict people incorrectly but at least they don't process transactions for flesh colored fantasy sex toys. That, sir, would be a bridge too far."


I think you're misinterpreting the scale of Wellsfargo. The CEO probably doesn't even know what onlyfans is, and they manage almost 2 trillion dollars.


The CEO knows their business model; it's to scratch out every last penny they can, however they can, just to fulfill some quarterly earnings report. Almost every public company is now a growth company, so it doesn't matter how much they already profit–what matters is that they profit more in the next 90 days. He/She doesn't need/care to know about onlyfans–they simply care about hitting their targets.


...so why would they want to leave money on the table by forcing Stripe to ditch a clearly profitable client company?


Reputational risk. Some journalist gets wind of an ad on Youtube that's playing for a neo-Nazi video, it gets written up as "$COMPANY is supporting Nazis!" despite the fact that it's largely out of the control of $COMPANY, several companies collectively freak out and pull advertising money, and everyone goes hunting for where their pipelines might lead to similar pearl-clutching associations and PR disasters.


But that doesn't explain the documented unethical - if not illegal - conduct of Wells Fargo overall. Otherwise they'd be more like the Disney Co.


I think you are underestimating the scale of operation choke point.


> we need the financial industry

Do we, though? I don't know whether the answer is distributed blockchains, or the Department of the Treasury creating an API for USD, or both; but the current banking system seems to me like the legacy code of feudal landed aristocrats. (I will never stop being disappointed that we didn't let the financial system crash in 2009.)


> Do we, though?

Why, yes? Isn't it blatantly obvious? What exactly leads you to believe we don't?

> I don't know whether the answer is distributed blockchains, or the Department of the Treasury creating an API for USD, or both;

I'm dumbfounded how someone even comes close to believe that any one of these ideas comes even close to provide the service that financial institutions provide. Either you have a very specific and very niche usecase in mind, or maybe you have absolutely no idea about the services that financial institutions provide to society.

> but the current banking system seems to me like the legacy code of feudal landed aristocrats.

This comment leads me to believe that you are confusing stuff that has no relation whatsoever. Your dislike of caricatures and ideological strawmen you associated with financial services has absolutely no relation with the services provided to society by the whole banking industry. Just because you don't like Scrooge McDuck that doesn't mean most of us don't depend on loans to, say, buy a house or a car or store our savings or pay for everyday stuff.


> or maybe you have absolutely no idea about the services that financial institutions provide to society.

Your posts are interesting, reasonable and founded in facts. That said, I think there's an underlying emotion in other posts: fed up with the discrepancy between the everyday slough to improve your life, but then read about the money games that are played between commercial banks, the central banks and government.


We don't need usury. I'm confident we could figure out how to make things work without it.


We know how it works without it - stagnation and the those currently at the top staying there due to lack of capital. Usury is a religious fundamentalist term divorced from the systemics and the reality of what works and what doesn't.


> those currently at the top staying there

And you're sure you're not describing the current day, but instead some hypothetical bad scenario if we had no financial sector? It seems to me that if we have this problem now and without a financial sector, that's not really related to them at all.


nice. also funny that some people here don't see a connection between their righteous indignation and companyX's policies that attempt to protect them from same :P


In much the same way that people will tell you there's not enough land in cities when their actual concern is that there aren't enough residences, we "need" the financial industry in the sense that other financial services are illegal, not in the sense that the financial industry is the only way to handle things. You may not like Wells Fargo, but they have a banking license.


We do. The scale of financialization of our lives, our society is pervasive, invisible and touches every aspect of our lives.

Our housing. Our utilities. Our communications. Our food. Everything is financed. There is debt financing these companies. Many of whom would not exist. As one of my professors told me - you see a building, I see a mortgage.

Most of our economy would vanish without credit. Take a look at Islamic economies where debt and credit is fairly circumscribe and you see they much much smaller economies (ex-petro-dollar financed economies).

Block chain is just a payment mechanism? It is not even that, yet. There is a LOT more to finance than moving money around. That is maybe generously speaking 5% of global finance. I would say say more like 1%.

Sigh.


An API for USD centrally controlled by the Treasury? Kiss your financial freedom goodbye. You gotta demand it be distributed blockchains or you'll be living in chains.


At least you'd have due process and couldn't be deplatformed for legal activity. Now you have neither.

The current system has zero privacy, so no change there.

Not seeing the downside.

Federally illegal activity like marijuana wouldn't benefit, but most things would.


At least you'd have due process and couldn't be deplatformed for legal activity.

The feds are very much into deplatforming people for legal activity, e.g. https://en.wikipedia.org/wiki/Operation_Choke_Point


Technically, any occurring "federally illegal" activity is just not successfully policed criminal activity. (States can't actually make something legal the federal government says is not legal. They can just decline to use their own resources to police it.)

Generally speaking, most people would consider "not usable in crime" to be a feature rather than a bug. ;)


I don’t think there is as quite widespread consensus that all federal crimes are legitimately crime as you seem to think.

Marijuana sales, for example, seem extremely popular.

Just because there’s a law in place at some remote level of jurisdiction doesn’t mean it’s just, or has popular support.


Widespread consensus doesn't determine what is and isn't a crime. The law does. Until the federal law changes, marijuana sales are a federal crime. Technically speaking, no state can actually "legalize" it.


You’re absolutely right, of course.

Widespread consensus heavily influences prosecutorial discretion though, which determines in practice what is or isn’t permitted by society.

The law is not a computer program, and it is applied entirely arbitrarily.


> I don’t think there is as quite widespread consensus that all federal crimes are legitimately crime as you seem to think.

Your comment makes no sense at all. For something to be a crime it has to be explicitly defined in law. Consensus has zero to do with it. Either there is a law, or there isn't. The whole point of rule of law is that you don't get to pick and choose which law applies to you in a given day of the week.


There are many marijuana shops in the United States, and many millions of customers of those shops who disagree with you.

Also, Prohibition.

The law is not some inviolate thing in a society. Many millions will happily ignore unjust laws if they feel they shouldn’t be laws. More alcohol was consumed during Prohibition in the US than before it was banned.


> The whole point of rule of law is that you don't get to pick and choose which law applies to you in a given day of the week.

If the law is not enforced, then it does not exist. The only real law is the one that you see day-to-day. So shooting black people is fine (in the US), and you can buy weed in shops (in a few places).


> At least you'd have due process and couldn't be deplatformed for legal activity. Now you have neither.

I don't understand your train of thought. I mean, you are arguing for a monopoly controlling a centralized service just because one of the many freely available payment platforms you personally choosed may have terms of service you might break?

How is that a solution?

It seems you are not arguing for a solution to the problem you framed. You're instead confusing wishful thinking with a solution to the problem. I mean, your suggestions don't even qualify as unintended consequences: they are only unrealistic and absurd expectations from a reform that has absolutely no relation to the problem.


There are already two APIs operated by the Fed (not the treasury) Fedwire and ACH.

The problem is the account. I do not want an account in the federal reserve or anywhere so closely coupled with the government. Nor do I want an account with a public ledger or any way distributed which doesn’t allow for transaction reversals (theft) which rules out blockchain.

Actual banks are necessary.


I often see US citizens being very wary of the government. Would you care to explain why is that so?

In cases such as this one it strikes me as really odd: I would say that as citizens you have much more leverage over the government's actions than over whatever bank does (including handing over your data to the government). Thus, how is it better to have an account in some random bank than in the federal reserve (or whatever)?


Simple fear of authoritarian government oppression. It was also decided in the very early days of our government that a national government bank wasn't constitutional.

With Snowden's revelations of things we mostly already knew, we can see that we don't really have much leverage over government abuse of power to collect and misuse data. The government is already doing broad data collections from private companies using secret courts... it would be a whole lot worse if the government already possessed the data.

With private banks, I can choose which one I use. There is at least some motivation for that bank to be on my side, and I don't have to wait for an election cycle and hope that my issue fits in with my side on other issues and that side gets >50% after 2 or 4 years ... my bank does something I don't like and I can switch today.

I don't trust my government to do a good job doing anything, or for anything my government does to not be vulnerable to political destruction (just look at the post office).


The concern is pretty strange since they already have that information thanks to banking regulations. There is nothing more to lose by doing it directly.


They do not.

Banks are required to report transactions above $10k, my bank knows when I go out to buy too many gas station snacks at 2am, my government does not.


It would be cool to also have an API for USD.


Where there is a lot of money on the table to be had, there will be psychopaths.


Now this is actual cancel culture.


This is what capitalism looks like. The ones with the capital are the ones with power. Housing, health care, and even small businesses all live and die by the decisions of the people/institutions with capital. The average American celebrates capitalism, while at the same being forced to slave away for basics of human life to just barely scrape by.


Thank you for sharing your experience. It absolutely disgusts me the power that payment processors have over businesses. The sooner that industry is dismantled and made agnostic the better. I remember watching some BDSM website's documentary where they talked about how their payment processor dictated the kind of content they were allowed to make. It boggles my mind that people are okay with that.

I also find it surprising the amount of back bending people will do to say that payment processors are only doing it because the transactions are high risk. Your story, the thousands of other public stories, and the payment processors themselves have made it absolutely clear that it isn't about the transaction risk. It's them imposing their religious beliefs upon others.

With sex being such a huge part of our lives, why aren't we bending out backs to _help_ the sex industry thrive, instead of defending corrupt oligopolies?


>> _help_ the sex industry thrive

There are dark sides. It is not the friendly industry oft portrayed. It is an industry that thrives on the young and naive. It is regulated because it needs to be. Most common complaint heard by lawyers in the field: "I did the shoot, the movie is on the website, but I haven't been paid." Followed worryingly by: "They said I had to because I had signed a contract."

The advice I give to anyone going to work on their first porn shoot: Bring a friend. Someone older, with a car, who will be on the set with you at all times.


Yes, conventional porn is a dark place. In my study of the problem, this fact underscores the importance of the Snapchat/Onlyfans revolution rather than taking away from it.

Prohibition creates problems. It doesn't solve them. Prohibiting anyone from using conventional payment infrastructure simply pushes them into the arms of the (sometimes abusive) people who have the resources to work around the system. In this scenario, an individual can't work around the system. The nameless/faceless owners of the large porn groups can.

This situation creates an inherent power imbalance that incentivizes coercion.

In the Snapchat/Onlyfans model, coercion is eliminated by virtue of allowing people to express themselves, when they want and as they want in the privacy of their homes. They are the directors, gaffers, editors etc. and no one else can tell them what they can or can't do.

A decentralized system is better at taking power away from those objectively awful people than any regulation or personal tips or oversight could.


> It is an industry that thrives on the young and naive.

Some of it maybe. But not the toy selling business being discussed.


I’m fine with regulating the adult industry for safety and what not, I just think that credit card agencies are possibly one of the last parties I would pick to be the regulator, second only to religious institutions.


I would contest that if the industry wasn't demonized it wouldn't have a dark side.


Hollywood isn't daemonized, but I used to give basically the same advice. Industries that run on attractive young people, people looking at very short careers, tend towards evil. Ask any successful recording artist about their first record contracts. Taylor Swift is writing songs about that dark place.


Fair enough, I can see that. I think a good portion of the evil in those industries comes from sexism, but that's really tangential to the topic and I appreciate your point.

EDIT: I would like to expand my previous comment though. Whenever prostitution is legalized we see massive improvements in the lives of sex workers. It seems clear to me that further reducing the demonization of sex, sex workers, etc would lead to a better work place in those industries for similar reasons. There may be a baseline of evil, for the reasons you point out. I don't think that should stop us from working to at least reach that baseline, rather than just leaving the people and businesses that inhabit that crucial landscape to rot.


> I think a good portion of the evil in those industries comes from sexism

What do we mean by "sexism" here? You don't think it's enough that men would like to have sex with attractive women? Or is that fact itself sexism?


porn already works within a well-defined legal framework. There are model releases, people getting paid etc. So if a reputable porn company interacts with their models and their consumers, everything is well. However, there are still non-legal reasons that make it a special case - see the ancestor post about a bank wanting to dictate what a merchant can offer to their credit card customers, or the post about models being treated badly (not getting paid or having to do things that they didn't sign up for). In that case, there still seems to be a difference to non-porn modeling and acting in terms of standards and of recourse available. part of this is that there are more people paying for badly made porn than for badly made action movies


> With sex being such a huge part of our lives, why aren't we bending out backs to _help_ the sex industry thrive, instead of defending corrupt oligopolies?

Because the "sex industry" is a bunch of corrupt oligopolies?!

I mean, we're talking about a business that thrives on human trafficking and exploitation and preying on the weak and vulnerable and defenseless. We're talking about an industry whose business model depends on an endless supply of defenseless gullible victims that see their lives thrown into the furnace to keep it running for just another instance.

Was it so long ago that one of the biggest porn sites in the history of the internet was caught knowingly hosting and refusing to take down videos of abducted underage girls getting raped?

https://www.independent.co.uk/life-style/pornhub-petition-ra...

The banking industry is not innocent, but let's not pretend the sex industry is a paragon of virtue in comparison.


What? The above anecdote is literally about how the payment processor's bank is twisting their arm to deplatform OP's site.


I meant "payment processors" more generally, referring to the greater oligopoly of Visa, MasterCard, the major banks, etc.

It's little consolation for the vast sex industry that it isn't Stripe et al's fault that they are deplatformed.


Unfortunately exactly 0% of this story surprises me.

> That processor sucks and their fraud protections are weak and their interface is garbage

I have three guesses and they're all CCBill.


LOLZ I was waiting for someone to call them out. I haven't looked at their interface in decades, but last time I looked it was decades out of date. Payments is the most profitable niche in the porn industry.


I assure you it hasn't improved.


I don't really understand the motivation behind this puritanism. I get why respectable institutions don't want to touch things like selling weed or prostitution since that's not legal everywhere and they could get in trouble. But sex toys? Who cares? Like, that's not a rhetorical question, literally "who cares?"

Are people going to stop using Wells Fargo because they very indirectly help in the commerce of sex toys?


Sadly there are still US states where some sex toys are illegal (this is me rolling my eyes). https://www.mic.com/articles/131616/14-outdated-sex-laws-tha... is a pretty funny summary. Did I say funny? I meant tragic.


I would guess that yes, they are actually worried about certain religious groups no longer doing business with them because they "support" "immoral" practices.


Alabama, Georgia, and Texas have laws restricting the sale and possession of sex toys.


Yep, https://en.wikipedia.org/wiki/Texas_obscenity_statute

Looks like its never been enforced though. Really though laws that are not enforced are a bad thing because some day they could selectively be enforced. Also because they are not enforced and hence not affecting anyone, no one cares to get rid of them.

"The Obscene Device Law is a Texas statute prohibiting the sale of sex toys. The law was introduced in 1973, and was last updated in 2003. While the law was never formally repealed, in 2008 a U.S. District Judge released a report declaring it to be "facially unconstitutional and unenforceable"."


> facially unconstitutional

Given the context I thought this was a humorous typo for 'farcically'. but it appears to refers to https://en.wikipedia.org/wiki/Facial_challenge


Seriously?

I'm genuinely mind blown by this.

What are the ownership restrictions? Is it blanket or just to certain categories or sizes of toys?


https://en.wikipedia.org/wiki/Anti-Obscenity_Enforcement_Act

> State Representative John Rogers of Birmingham has repeatedly introduced legislation to repeal the ban, but each bill has been defeated.

> Exemptions exist for "bona fide medical, scientific, educational, legislative, judicial or law enforcement purposes."

It looks like they're sold as educational devices or something equally absurd, fake pretext and all.

https://en.wikipedia.org/wiki/Texas_obscenity_statute

> In Burleson in 2004, Joanne Webb, a mother of three and a former schoolteacher, faced up to one year in prison for selling a vibrator to two undercover police officers posing as a married couple at a private party.

> In 2007, a lingerie shop in Lubbock was raided, and items "deemed to be illegal by the Texas Penal Code" were confiscated. The clerk on duty at the time was arrested and may have had to register as a sex offender.

What the fuck?

Texas one seems like it was ruled unenforceable in 2008.


You can have a blanket. It’s just that we need to know what happens under it.


> I get why respectable institutions don't want to touch things like selling weed or prostitution since that's not legal everywhere and they could get in trouble. But sex toys?

If that is the reason for the former, it's probably the reason for the latter too.


What I'm curious about is whether or not OnlyFans has bribed off Wells Fargo -- I mean it could be in a legal way for financial services that are non existent.

In other words, Stripe allows OnlyFans because Wells Fargo has been bought off on the side. Ergo, Wells Fargo doesn't complain anymore.

How much would that need to be with Wells Fargo? 10 million per year? 50 million? Does OnlyFans make enough to afford 100 million per year?


I read this on some legit news site a few days ago: apparently Bella Thorne, a formed Disney actress-turned-pornstar(?) joined OnlyFans and hit $1m in 24 hours.

I don't follow OnlyFans progress and I have no idea how many "content creators" they got and what is the "fanbase", but if a 20yo nobody with a nice body can take $1m in 24h (then I assume that is with 1-3-6-... months subscriptions)(so she won't bring in another $1m the next day as well). OnlyFans keeps 15-20-25%? And Stripe/WF share a 1-2%? And OnlyFans has 10-20 people of that "caliber" like Mrs Thorne? They won't complain for a long time.

I assume that the OP writing about millions, he/she means revenue, not Stripe/WF profits from the fees.

https://edition.cnn.com/2020/08/26/entertainment/bella-thorn...

Edit: I couldn't remember the site, I DuckDuckGo-ed and this piece of news appears in many sites, I chose CNN as I didn't recognize most other "celebrity news" sites.


lmao Bella Thorne is not a "20yo nobody". She had tens of millions of followers before joining OnlyFans.


I think "nobody" was relative here. I had never heard of her before this thread and looking at her career she isn't a nobody but she is very far from being an A-lister.


You should have seen the massive amount of Bella thorne posts online before her onlyfans. Tons of 4chan threads, reddit posts, and subreddits for her pics, etc. (Though, the same could be said for any celeb, she was definitely a "thing").

She was pretty risqué in her social media photos/videos before onlyfans and garnered quite a following online because of it. Most of her popularity online had nothing to do with her acting career at all.


She is also not a porn star. None of this content is nude. The running joke is that there are pap photos showing more skin than what people paid for here.


That's the hilarious part: now the same simps who spent a fortune hoping to see her nudes are upset:

https://www.latimes.com/entertainment-arts/story/2020-08-28/...


"She is a nobody": in my book she IS a nobody. Her achievement in life is eating well, working out, having a nice looking body, being genetically (or surgically) blessed with a good appearance and shows off her body parts for money. I do not want any harm to come to her (go to hell, drop dead, get sick, etc.) I wish her a long and healthy life.

The only "positive" thing in her towards contributing to a better humanity is the words of donating to charity (aka tax breaks).

Having sex in front of a camera is a profession, I get that, but she is still a nobody. A nobody with money. But still a nobody (in my book). I am not forcing anyone to have the same criteria of what I consider as "decent human being" that I have developed as my silly(?) standards.

Nothing negative for her, but definitely nothing positive for her either. Just a zero.


It’s been said before, but Bella Thorne isn’t a nobody. She has already existing fans she’s simply transferring to the platform.


I love how Wells Fargo, which was nabbed for a massive wide ranging scam / fraud, gets to be all sanctimonious about ethics or standards.


That is the function of puritanism. Consider it as a product:

Want to look or feel virtuous even though you are a horrible selfish person? Are you not openly having sex with more than one person? With prudity you are qualified! It works by reducing virtue into who you have sex with there by freeing you to commit crimes while considering yourself righteous and decent! Order today!


We had a client that is a big strip club in the area that started selling t-shirts with the name of the club...Stripe banned it just a few months after launch.


>where Stripe suggested we alter the colors available

What? Like flesh colored was ok but definitely not green ones or something?


The inverse of this. Here's their exact, hilarious wording:

>Our banking partners recently notified us that they are no longer willing to support the sales of realistic sex toys. I understand that your products were designed to depict the body parts of mythological and fantastical creatures, and we have indicated this to our banking partners in an effort to advocate for continuing to support your business here on Stripe. As a result of these discussions, our banking partners have agreed that they are willing to continue supporting your business as long as you are not selling products that are colored such that they might be mistaken for human flesh.


I have no skin in this game, but I have to wonder who is making these decisions and what their thought process is.

What is the threat model, exactly? What eventuality is the bank seeking to avoid?

Are there edge-case regulatory issues at play? Are there moral-consumer groups out there that run public pressure campaigns against banks that transact on adult toys that look too realistic? Is a corporate lawyer somewhere worried about photos of a realistic-looking appendage used explicitly being tied back to the bank -- but if it's painted green they can plausibly argue "hey it's definitely not real, look it's green!"?

This just feels like such a spectacularly arbitrary line that I'm fascinated by the thought process.


"I have no skin in this game"

<golf clap>


I know exactly how this happens because I have to deal with this all the time. Here's my guess:

The boss ten years ago now dead said if it looks like a penis and is the right color of a penis then we can't sell it. Therefore, you gotta change the color. - Wells Fargo, probably.


What I find weird is the thought process of:

- pretend to fuck a human? No. Don't want to encourage that.

- Fuck a unicorn/dragon/Dionysus? Sure, why not...

Who is conservative enough to want to discourage the one thing literally required for humanity to survive; and yet is OK with mythical creatures?!?


Usually there's overlap in those "designs" with the....appendages of common animals (even if not explicitly labeled as such).

Someone on a moralizing crusade would probably label the company as supporting bestiality.


What is the threat model, exactly? What eventuality is the bank seeking to avoid?

The threat is that someone in compliance or legal doesn’t have enough real work to do so has to do “something” to keep their cushy job.


You should tell them to judge mythological sex toys not by the color of their skin, but by the context of their character.


Wow, this is hysterical! A bank saying no to honest money because it’s sex toys, not even that, because it’s sex toys looking like human genitalia, — no not even that, because the toys are skin colored!

I wonder if this would ever happen in Europe. I somehow feel that we’re more... open to these things. Do you know about Klarna?


I don't know about Europe in general, but my brick and mortar bank (one of the major banking chain in France with an agency in pretty much any city of over 5000 people) was perfectly fine with adult things being sold using one their group's online platform as long as I was ok with their elevated rates. I've seen lately that they're also responsible for payment processing on dorcel.com (the french porn group, adult content and toys).

Dalenys ( https://www.dalenys.com/ ) -> natixis belgium -> natixis -> bpce group ( https://en.wikipedia.org/wiki/Groupe_BPCE )

I've had awkward talk with them (mostly around the fact that I should not point out their parent group brand much near the adult content), but never in a million years would they tell me what color a dildo should be.


Interesting question. I checked out Klarna and Adyen which seems to be the most popular in Europe right now.

Adyen lists "Adult entertainment, websites & content (such as)" as not allowed. https://www.adyen.com/dam/jcr:47f292a9-c9e2-4a69-8592-2e15ff...

Klarna lists "Adult, sexual or pornographic products and services, including live web cam" as not allowed. https://cdn.klarna.com/1.0/shared/content/policy/ethic/en_gb...

Both of them expand it more to cover everything possible around adult content and the like.


... And yet ... https://www.lovehoney.co.uk/help/about-klarna/ ...

Whether they fly under "novelty items" or not, idk.


My guess is that the list of restricted things just means that you should talk to them first.


Strange, I would never have thought banks would have such moral hangups.


> because it’s sex toys looking like human genitalia

Well, I think it might be the opposite of that:

> I understand that your products were designed to depict the body parts of mythological and fantastical creatures


If you would read the next few words of my comment you would see that this is correctly reflected.


>it’s sex toys looking like human genitalia

Not that it matters, but reading the comment you replied to, it sounds like they are not shaped like human genitalia...


> I understand that your products were designed to depict the body parts of mythological and fantastical creatures, and we have indicated this to our banking partners in an effort to advocate for continuing to support your business here on Stripe.

I'm crying. This is so ridiculous it crossed the line from appalling into hilarious.

You haven't sued over this which is a shame. Think of the comical email threads that would've been unearthed during the discovery process!


Wells-Fargo deserve to go bankrupt, but I believe the problem is the non-uniform nature of the law around sex toys.

Texas, for example, still has an idiotic law on the books that possession of more than 6 dildoes is illegal.

Because of that, many online sex toy shops simply will not ship anything to Texas.

The law has been struck down in US Federal court, but there have been convictions in state courts despite that.

Talking about the raid on Forbidden Fruit in Austin, TX (Caution: NSFW): https://journals.sagepub.com/doi/full/10.1177/15365042198306...


Thanks for sharing, that article is well worth the read.

...the confiscated items were paraded in front of a Grand Jury tasked with determining whether they were obscene...


So dragon and unicorn dildos are OK, but human ones aren’t? WTF?


That actually makes sense (in a bizarre way) - fantasy vs. reality I guess...


I kind of get it. A similar rule applies to violence: killing a dragon is OK for kids, killing another human isn’t.

But when I think of people pretending to have sex with dragons ... that’s kinda messed up.

I guess “acceptability” is like pornography... you known it when you see it.


Offer toys in all black perhaps? :)


Or maybe Stripe changed their minds about having you guys as customers and made up a reason for you to leave.


I'm going to suggest that it's `whose flesh` colouring that they are most likely offended by.


I'd guess the opposite, from the story.


That’s ridiculous, sorry to hear that. I think there’s hope with decentralized payment systems (whatever/whichever they end up being, be it crypto, or some other mechanism) where digital payments can occur without the needed approval of any centralized vendor.

Sadly mass adoption is a bit more distant.


> Stripe insisted it wasn't _their_ moralizing, but rather Wells Fargo (paragons of fucking virtue as they are),

very few people or orgs have principles. What they say are principles turn out to be just a blob of preferences that change with the direction of the wind.

And quite frankly, Stripe is big enough these days to push back hard against Wells Fargo, if they really wanted to. Wells Fargo definitely does not want to lose the Stripe account. As most things in life there is shared responsibility there.


Apparently now the rules are no adult things, or anything moderately related to adult content now,

Real pain because Stripe are one of the better providers to integrate with :(


Out of curiosity...what merchant processor do you use now? Have they imposed a rolling reserve, and if so, how much and how long is it?


We need all platform providers, such as payment utilities, to stop bringing their personal morals and politics to the table. If not, we need to regulate them or build government provided equivalents that don’t have the same vulnerabilities or split them up on anti trust grounds.


I'm not sure it's a given that "government provided equivalents" would be less political (or culturally slow-moving, as it were) than the situation now. I also had not considered that the banking sector is lightly regulated. Are you suggesting a re-envisioning of the banking sector as a sort of public utility?


Can I ask who this high-risk processor is?


so sad that wirecard went down, then you could have had a clean german fintech... oh wait.


Seriously? Colors? What colors were beyond the pale (pun intended) for them?


Looks like we need a Stripe for high risk industry ?


This is the best thing I've read all week.


Username checks out...


Wow.

Thanks for sharing


Since, I know a friend in this industry, let me explain what's going on here. Yes, OnlyFans uses Stripe, but that's not the entire story.

In the adult/porn world, there's a high amount of chargebacks and fraud relative to low-risk industries like SaaS software. If you pass a certain chargeback threshold in the adult industry, your account is terminated, and no payment processor will do business with you.

To reduce the likelihood of passing that chargeback threshold and being banned, OnlyFans uses "cascading payments", which essentially load balances the payments across multiple payment processors in order to reduce their chargeback ratios across their merchant accounts.

The payment is either processed by Stripe, Securion, CCBill(the leading payment processor for adult), or another company.

Last time I checked the network requests, I noticed it was storing the card on Stripe, CCBill, and Securion, but using CCBill or Securion to process the payment.

I think Stripe is there for models on the site who don't sell adult content. OnlyFans probably does a check to see if the page is adult-related and if it is, then routes it to the correct payment processor.


loading across multiple providers won't alter the chargeback ratio so what is the point?


Chargeback ratio's are per account, but also have a minimum absolute threshold. So it's say, 2% chargeback AND at least 200 chargebacks before penalties kick in.

In a past life I worked for a place who had a few hundred processing accounts to load balance it all out because their chargeback rates were way too high. If an account gets close, you just don't use it for a month, or you throw a bunch of "safe" recurring charges at it to dilute it, or you hold a batch and send them through right before the rollover. Lots of ways to play number games.

Most of the execs did go to prison though, so don't take this as advice, but to be fair, the processors are the ones who told them to use those tactics.


Don't tease us like that! Sounds like a fantastic blog story.


It's even better than you think.

In the process two state AG's lost their careers, multiple US senators were implicated, a bank collapsed, there was kidnapping, human trafficking and drug running, and in the end created urban legends of gold bars being buried in the mountains to hide it from being seized by the feds.

I don't know of anywhere that has it all written out, but here's a related NYT story with a fair bit of it: https://www.nytimes.com/2013/06/16/business/in-utah-a-local-...


OH NO WAY! That guy played a role in the documentary Sons of Perdition, rescuing "lost boys" from the fundamentalist mormons. Sort of. I'd read that sometime after the movie release he was exposed as some sort of fraudster but this story just gets crazier...


They went to prison for load balancing, or how does this relate?


The technical reason was bank fraud for all the shell corporations they set up in the process. The bank claimed they had no idea they were all related, even though every application had the owners name on the paperwork.

To be clear, it was a bad company. However, the bank 100% knew what was going on and the merchant accounts 100% knew what was going on. So long as they were making money, and chargebacks make them a lot of money, they were happy. In my opinion the people running the company were just naive enough to not know how to cover their asses as well as the money guys.


Gambling.


The business was just run of the mill "get rich on google" and "free government grant" garbage that was common in the 2000's.

Ironically, they made so much money doing their regular business the owner bought a small US based bank and was running online poker processing through it.

When "black friday" in the poker world happened, the bank failed and everything fell apart, but so far as I know, no one involved was ever charged with anything related.


You can direct most of the payments towards the cheap-but-prudish processors, and the really adult stuff towards a processor that accepts almost anything but is more expensive.


You could (in theory) do some risk analysis and put the ones with the highest risk into the providers where you had the lowest chargeback. Wouldn't be 100% solution, but could get you there.


I wonder if they do do that. In Germany there's a credit rating agency that more or less has a monopoly, and everyone has more or less a profile with data supplied by companies who've dealt with them commercially (e.g. if you signed a phone contract or opened a bank account). But sometimes their algorithm would also try to predict the chances of people not paying bills by things like the ZIP code where they live...


It spreads the chargebacks across multiple processors, who don't talk to each other so don't know about the chargebacks on the other processors.


That still does not affect the ratio


Maybe the confounding factor here is that the term "load balance" could be extremely unsuitable for onlyfans' processing logic; e.g. they might preferentially route the risky transactions to one or two processors that won't get too agitated/punitive.


How is any given transaction distinguished as being risky or non-risky?


Just off the top of my head, they'd have chargeback rate per-performer and per-customer. Or they may have some kind of internal scoring system that rates how "porn-y" a given performer is - maybe that correlates to chargeback rate.

Who knows - I'm just spitballing. But there are signals one could look at.


If you've had multiple transactions with the same buyer with no chargebacks, you can probably put that buyer in a low risk pool.


The individual processors are the ones who care about chargebacks, not VISA itself. So by spreading the processing among several of them, the number of chargebacks per processor are lower.

It's load balancing.


This just isn't true. Yes, you can be pinged by the processor, but mostly because they're worried about the CC networks pinging them.

Source: Have a 30M+ people site that has been pinged by VISA itself for chargeback ratios ...


Also lower is the number of transactions. The ratio stays the same.


From my experience in the adult industry, the processor cared more about the total than the percentage.


Stripe is cheaper than CCBill, so it makes sense to send more that way when you can.


Because MIDs also look at the total # of chargebacks and will do a manual flag review of your account, so they don't just look at the % ratio but also total number.


"Last time I checked the network requests, I noticed it was storing the card on Stripe, CCBill, and Securion, but using CCBill or Securion to process the payment."

Im curious about how to use Stripe to only store cards and let other processors make the charge. Would anyone have more info on this? Greatly appreciate it.


> how to use Stripe to only store cards and let other processors make the charge

1) Have the user submit their card info on your payment page

2) Simultaneously send the card info to the 3 processors

3) Then process the charge through just 1 of the 3 processors, leaving the others open to be used later

(At least with Stripe) the process of saving a credit card to Stripe and actually charging the card are 2 independent API calls. Nothing stops you from saving card info to your payment processor(s) without actually charging it.


To pull that off, they'd have to (technically) process the card info, which puts them in the scope for PCI compliance. By that point, I don't know why they'd send card info to 3 processors especially when they know, at that point, which processor they're gonna process it with. It would just make more sense to send it to the 1 processor the code ends up deciding to use.


No, I don’t think that’s accurate.

With stripe.js, you send the cc info directly to stripe from the browser. Stripe returns an identifier which you can use in the future to charge the card.

Assuming other payment processors work similarly, you could easily send the credit card details to multiple payment processors directly from the browser to the payment processors, and then store the card identifiers from each processor (not the card number) in your database to charge it at a later date.


Stripe.js creates an iframe hosted by Stripe which sends the card information directly to Stripe. The merchant cannot see or intercept that card info, during or after transmission, and thus cannot send it to another processor (at least not using the same payment card input boxes).


Ah yes, Stripe.js v3 works the way you described.

I was thinking of Stripe.js v2 which doesn’t require an iframe / supports custom payment forms.


I can't think of any payment processor that would allow this without 3 separate entries.

They would be upset or bring you into PCI scope if you were modifying or tampering with their single input SDK to send cardholder data elsewhere.


Dont know about Stripe but Braintree has a forwarding API where the card details go to Braintree then Braintree forwards that data to another payment gateway you have signed up for, the other payment gateway sends a token to braintree which forwards that token to you.

Then you have an option to make the payment on Braintree or the other payment gateway using that gateway's token.


> To reduce the likelihood of passing that chargeback threshold and being banned, OnlyFans uses "cascading payments", which essentially load balances the payments across multiple payment processors in order to reduce their chargeback ratios across their merchant accounts

> I think Stripe is there for models on the site who don't sell adult content. OnlyFans probably does a check to see if the page is adult-related and if it is, then routes it to the correct payment processor.

Very smart.


Thanks a lot for the reply here. So Stripe manually checks the websites and sees exactly what they are being used for, as long as Stripe itself is not being used for the adult stuff, it's fine, and you can use other providers for the adult content? Still sounds like OnlyFans has some custom agreement with Stripe and a small player would get banned from using Stripe as soon as they see nudity on the site.


That sounds pretty reasonable; Stripe must be in a trusting arrangement with OnlyFans to do the right thing there.


Stripe merchants are not audited by G2 LLC for MasterCard? (*edit, maybe not with all banks I think of after 'submit')

https://www.g2llc.com/solutions/monitoring-solutions/merchan...

In EU they do, and if a string, or image on the site is not 'okay', you get denied for processing. And that's website wide, not just a single page. So in that line, I don't understand how stripe does this 'on the radar'.


> I think Stripe is there for models on the site who don't sell adult content. OnlyFans probably does a check to see if the page is adult-related and if it is, then routes it to the correct payment processor.

How would the bank even know that transactions for adult-content pages were routed away from it? Wouldn't they just all come in as "OnlyFans wants $20 from card XYZ?"


I'm guessing it would be negotiated terms between all three parties. Onlyfans ensures in their contract that they only route non-adult payments to Stripe, Stripe tells Wells Fargo to chill. Maybe some audits along the way to keep WF happy.


My understanding is the rules are dictated by Visa/MC/Amex, and are largely based on chargeback risk for categories of merchants. There are likely further legal and pearl-clutchy reasons that combine to just out and out ban.

Anecdote: we talked with every payment processor around for a product we were making that involved storing and spending value from a digital wallet. It was close enough to various Visa/MC rules and money transmitting statutes that the usual response was arguing for a few weeks about why we comply until higher management decided something akin to: well if you had a lot of volume we’d take the risk dealing with it, but you don’t so it’s not worth our time.

Last ditch effort was Stripe, who said: sure! And we asked again with more detail, making sure they saw the same issues and wouldn’t make us tear it down in a month. They said: sure! Did it a third time higher up for diligence, and finally just came to the conclusion they have different priorities and are getting big enough to use their scale to throw some weight around for all the small merchants.


+1 to the rules coming down from Visa & MC. Amex doesn't allow adult.

There's a bit more nuance there, as the rules actually come from the bank issuing your merchant account, rather than some master "Visa" entity. So if you're a big player in the adult game you're going to work to find the right banks willing to issue you merchant accounts.

Those banks will also have a compliance department which will look at your content and make sure it's inline with what they're willing to allow. If you want to make adult content where consensual adults do things together there's one group of banks you can go to. If you want to make niche content with acted out violence and such you're going to find a much smaller group of banks willing to issue you merchant accounts. Or possibly no banks at all. It's interesting that the thing deciding what adult content will be easily monetizable on the internet is small merchant account issuing banks.

On the charging side I believe Stripe uses Wells Fargo, which has pretty strict rules.

Source: worked for one of the large players in the adult market a while back. Some info may be dated.

Note: one of the fun things about credit cards is that Visa and MC are issued by banks, and Amex is issued by Amex. There was a new fraud style a few years ago that amex was able to lock down pretty quick due to its centralized nature, while Visa and MC had a harder time.

Note2: I may define fun differently than you.


Visa is absolutely a master entity that dictates nearly everything including consumer credit reporting requirements and minimum credit lines. They publish an 886 page "public" version which is actually kind of an interesting read:

https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules...


> They publish an 886 page "public" version which is actually kind of an interesting read:

yet a search for "adult" only yield one result, and it's in the context of a card for minors.


and as with all things, interpretation is key.


As pointed out, the banks also have a say. And banks are notoriously risk-averse and prudish. It's much easier for them to say "no" than "yes".


+1. For anyone, watch the movie "Yes man", with Jim Carrey. It's a run of the mile chick flick, but the bit about banks, which is fairly at beginning, it portraits the "we prefer to say NO" policy of banks very accurate.


Often, when the market doesn't provide an essential gateway service to a law-abiding subpopulation, some sort of 'public option' is proposed.

Not enough market housing, offer public/subsidized options. Not enough low- or no-cost private education, offer public schools. Too little affordable healthcare/insurance, offer Medicaid, a 'public option', single-payer. Public transport.

Should the government offer a 'public option' payment-processor of last resort, with guaranteed service for all legal but unpopular businesses? A service that couldn't reject camgirls, weed-sellers, Alex Jones, gun shops, etc?


From what I understand USPS used to offer bank accounts. Seems the idea has had some revival recently. I'd love a public competitor to America's privatized financial system.

Also see Bank of North Dakota: https://bnd.nd.gov/. Municipal banking is also starting to come back in vogue. And why not? Why should Wall St. earn interest from our tax dollars? That's just silly.


You have this already. It's called "using checks and money orders."

The problem is that people want the convenience credit cards use, and don't want to wait for the check to clear to get their stuff.


Banks can and will close your account for any reason under the Sun. How do you write a check or receive one without a bank account? I'm not familiar enough with money orders, but I assume the same applies.

Then, on top of all of that, you can't run a business through a personal account. So you still require a business type bank account, and the above options are terrible for any eCommerce site, which is pretty much the only kind of business that will be discussed here on HN.


You can get a money order without a bank account. There's often a limit on the amount, so in some cases you may need to buy several in order to amass the full balance. You may also need to show ID.

You can also cash a money order without a bank account.


Exactly, modern e-commerce convenience requires credit-card-equivalent payment mechanisms. The delays & extra expense/staff required for mailed checks are an onerous barrier to legal commerce, for both merchants & buyers.

The market is afraid to provide them to unpopular, but legal services. Earning a living is an important human right.

So perhaps the government – maybe the Department of Health & Human Services, or the Fed – should provide a alternative to protect this human right.


We call this Bitcoin.


Many of the rules aren't rules. We ran a travel company and used Stripe in the past, which is also one of the disallowed industries. We got approval from Stripe after proving that we have a negligible fraud & chargeback rate due to being focused on business users


This, one of the biggest blinkers technically-inclined founders have is that they forget or ignore that so much is relationship driven.

Rules like Stripes (+ Wells Fargos) are not interpreted like code, everything is open to negotiation and degrees of freedom depending on the relationship established.


Those blinkers are called "not being utterly insane". The whole model of disruption is seeing a stupid practice saying. "No we aren't doing that stupid shit." watch practicioners of the existing stupid froth at the mouth and then either succeed or fail.

Seriously that is why honor based lending died to banks centuries ago. Relationship driven is a fucking stupid way to do finance.


Finance is totally relationship driven (and 'honor systems' isn't really a good example of it). My bank waives fees on everything because of my personal friendly relationship with my banker. They gave me preferred terms of my mortgage rate because of my formal relationship - it wasn't just the product of a formula at the end of the banker's computer screen.

I know they'll do all sorts of shit for me because of the hard (account age, $$) and soft (personal) relationship.

But my point is more broad - API agreements come to mind as an example, just because that is a space I've played in prior jobs. "But the API Ts&Cs say you can't do xx but they are doing xx". Yeah, they have a relationship and got a dispensation.


That's an ideal. At the end of the day these are human-run industries, relationships are a big part of that.


Yeah this is something I think a lot of people in this thread are missing: OnlyFans is probably big enough that they can negotiate their contract with Stripe.


How do you find out what payment processor(s) a given site uses?

I know that some provide methods whereby a site can have the actual payment entry form served and processed by the payment processor instead of by the site's own server, so you'd be able to see from the user's end where they payment is actually being processed.

I've never done a survey, but just anecdotally most sites I've encountered seem to not be using that option. Their payment entry form comes from their own site and posts back to it, where their own back-end handles dealing with their payment processor's API.

Using the method where the user interacts directly with the payment processor does have the advantage that it simplifies PCI compliance. If your systems never even see the credit card, just receiving a token from the payment processor at the end of the transaction that you can use to initiate subsequent on-file or recurring transactions, most of PCI goes away for you.

On the other hand, that also means that you are stuck with that payment processor for on-file or recurring transactions for that customer. Your token from payment processor X is completely worthless for doing charges at payment processor Y.

If I was in a business that has a significantly above average risk of running into payment processor trouble so I might need to change processors, I'd want to store the credit cards myself. That makes it possible to change payment processors without having to get all of your subscription customers to come back and re-enter credit card information [1].

[1] Well...at least for now. I'm not sure if that will still be possible if the Visa stored credential framework ever actually becomes required. Briefly, under the SCF requirements when you store a credit card, you have to send a flag to Visa with the transaction saying you are storing it. On subsequent on-file or recurring transactions, you have to send a reference to the transaction that stored the card.

The problem is that you reference that transaction by sending Visa's transaction number. But Visa's number for transactions is generally not the transaction number you get from your payment processor. The payment processor has its own transaction numbers and those are what you see.

I believe MC is also doing SCF. Not sure about Discover and Amex. It was supposed to become mandatory something like two or three years ago, but payment processors kept asking for extensions.


> How do you find out what payment processor(s) a given site uses?

I'm a developer so looking at what kind of request the application is doing when interacting with anything involving payments. In the case of OnlyFans it was easy as they make direct requests to Stripe. In other cases, I've looked at the data structures stored in the current page by using the JS console and compare it to the API docs of various payment processors.


I'm not a web developer but I always assumed that happened on the backend, so it wouldn't be visible. I guess not?


Most websites can't/shouldn't store the card number, they embed Stripe JavaScript that sends card number to Stripe and get a token id to use on the backend later on. Can't store CCV or number without passing PCI compliance.


For the CVV you can't store it even if you have passed PCI compliance. You are only allowed to collect it for a specific transaction, and are required to forget it when that transaction is complete.


That can't be right. I entered my credit card information once into uber eats and I can buy food whenever without entering a CCV and my credit card is immediately charged.

If this were true 1000s of large companies would not be PCI compliant.


It’s possible to process transactions without a CVV, but it often costs slightly more due to the increased fraud risk. In the case of Uber Eats, they’ve presumably decided the increase in purchases from removing that friction makes up for the higher fee.


Storing the CVV permanently is indeed strictly forbidden. The CVV is not used for purchases on a stored card.


Interesting. Do they literally embed Stripe JS? I'm not a front end developer and don't know a ton about web security, but it seems like a malicious/hacked site could still get the card number this way.

The purpose of PCI compliance is to protect the number/info, so how would Stripe (and similar) get approved if they're creating a payment widget that allows third parties to snoop card numbers?

Is this a PCI loophole, or is there some technical barrier preventing the third-party site from getting access?


Stripe JS uses an iframe for card number which blocks the site from accessing the number. And the only way to access the card number is either a security hole in the iframe message handling or in the browser.


Not really. It's true that the main site (parent of the iframe) wouldn't normally have access to the card numbers, but there's nothing preventing you from replacing the iframe entirely. There isn't an "address bar" for iframes, and people certainty aren't manually checking the address by right-clicking, so there's a very high chance you can get away with it. Even if some user checked and noticed the iframe was missing, there are enough sites that don't use iframes for payment processing (ie. they submit credit card numbers directly to their servers) that it wouldn't look out of place.


> There isn't an "address bar" for iframes

Maybe there should be? If it's important to know what site you're looking at in a top level page, the same thing should apply to an embedded one.

Often when I learn about web security, it seems like the user agent abdicates responsibility to be an agent for the user.

Probably a case where it's more obvious in hindsight why this is important, but it could still be retrofitted. Maybe there's a better way, but for example, a browser could make the address bar a breadcrumb widget using multiple URLs to depict the iframe nesting.


>Maybe there should be?

How do you prevent a website from faking the address bar? The only reason that you can trust address bars right now is that the website can't draw outside the content frame. There's already attacks on mobile[1] involving fake address bars because the address bar can be hidden, allowing the site to draw a fake address bar in its place. The only secure way to do it would be to opening another window (like when you try to use sign in with google), but that still has the issue that lots of legacy sites won't use this security feature, so users will still happily enter in their credit card numbers.

[1] https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-...


> How do you prevent a website from faking the address bar?

Well, my suggestion was to add additional URL(s) into the same address bar that already exists at the top. (Hence the breadcrumb widget.)

My original motivation was to not wreck the layout of pages that are currently counting on the inside of the iframe to be big enough to hold all the expected content.

But it also protects the additional URL(s) from being drawn over because you already can't draw over the address bar.

That mobile address bar hiding hack is pretty scary, though.


Yeah that is true. I guess in the end you still have to trust the site unless it uses the stripe hosted checkout.


Thanks, that makes sense. It's <iframe>, not <script>. (They're embedding more than JS.)


One of the easiest ways to ensure PCI compliance is never actually serving the credit card form from your server, and never seeing the response. Hence the front-end will load and send content to/from Stripe directly.


Depends on the implementation, with Stripe you can embed their widgets directly on your website to save some development time, but you can also implement in the backend. Even though you would implement it in the backend, there is usually some details leaking (on purpose obviously) to the frontend, like identifiers (Stripes IDs are usually pretty easy to spot) or even the structure of the data can tell you which provider.


The contents of the request should hopefully be encrypted, but you can easily see where the request is going.


Very often it is an IFrame with embedded content from the payment processor.


Onlyfans is a platform for content subscriptions. It just happens to be a popular platform for adult content.

Also, it surely makes them a ton of money.


Right and backpage was just a site for lonely singles looking to connect.


Stripe’s TOS is there to protect itself. They can point to the “no porn” rule if they ever need to cut ties with OnlyFans, but until then, they will reap the benefits of their partnership. It’s a win-win for Stripe.


Pretty sure if a company intentionally refuses to enforce a provision of its terms (rather than not realising), it would be a bit more of a legal tangle if they decided to arbitrarily rely on said provision one day to cut ties. So I don't think that'd work.


You can say this about literally anything: Pornhub is just a platform for VOD. It just happens to be a popular platform for adult content.


I think that’s a stretch. There _is_ a line and OnlyFans is at the very least _on_ it.

While I am aware of the adult content on the site, the only people that I know of that use OnlyFans are subscribing to physical training, musical talent, or other creative content. Unironically.


It would be hard to pretend that resources named "pornhub" is not porn and just happened to host a lot of porn...


As a payment processing fintech builder for several decades the many comments about diversifying across processors is correct. The misunderstanding here for many may be that knowledgeable business owners (merchants) always have more than one processing account each with a different entity holding the risk, think multiple banks. Having multiple processors, aside from the point of this question, directly relates to up time and availability of which nearly all rely on the "middleman" - Have a backup! However problem businesses and their business owners that get caught being nefarious earn a permanent place on the card brands "list" that forbids them from taking card payments in the future. An individual business can have multiple merchant accounts and as with anything else once one understands how a system works it can then be manipulated to fit ones need.


Probably because the content is not public. I heard users just share cat pictures, so there is plausible deniability.


That's a good question, since Stripe backed out at the VERY last minute for a customer of mine who sells alcohol over the internet, despite repeated assurances it would be fine.


Stripe can typically support alcohol businesses (assuming they hold the appropriate licenses). Could you get in touch at edwin@stripe.com and we can take another look?


I love the subtle indication here that someone who almost certainly knows "the" authoritative answer to this thread is reading it. Though obviously I understand why you probably aren't at liberty to answer the question.


This was quite a few years ago, and it'd likely be hard to make a case to switch back.


Stripe also cannot support shops where one can order physical items with user-submitted images printed on them apparently.


My guess is Onlyfans has a very low rate of chargebacks/fraud and negotiated a special deal with Stripe.

The reason that rule is there is because most adult sites are dodgy.


I suspect Onlyfans (like Patreon) has social pressure going for it such that fewer people issue chargebacks because it'd be like yanking back money directly from a person and not a faceless company; like the social pressure against leaving a shitty tip at a restaurant.


Doesn't Patreon (which also has a lot of porn content) also use Stripe as a payment processor?


Patreon did crack down on some extreme content, stating they were forced to do so by their payment provider(s).


Weird they wouldn't switch providers for specific use cases. Does Stripe require to be exclusive provider for site?


There are very few payment processors that will accept adult content, and those that do exist (e.g., CCBill) are both expensive - on the order of 10x the fees - and also a damn nightmare to work with.

I can very easily imagine a scenario where Patreon looked at their options and decided it wasn't worth it.


The other providers have similar rules.


[flagged]


No, Patreon made much more broad changes a few years back (https://www.vice.com/en_us/article/kz3x5z/heres-how-patreon-...) affecting all sorts of adult content.

Benjamin got banned for saying stuff like:

> Really what [Hitler] was trying to do was clean Germany, clean it of the parasites, of the fleas. He did not hate Jews. He hated filth and he was trying to clean up.

and is similarly banned from Facebook, YouTube, PayPal and Twitter. They just don't have company-pays forced arbitration provisions that can be turned back on the company like Patreon does.

DoorDash had the same DDoS issue with their arbitration clause, no free speech issues required. https://www.vox.com/2020/2/12/21133486/doordash-workers-10-m...


[flagged]


Looking for more context I found https://www.rightwingwatch.org/post/owen-benjamins-rhetoric-...

> Benjamin has told his audience on YouTube that it is “infinitely more probable” that the Nazis over-worked Jews to death during the Holocaust than it was that they subjected them to execution in gas chambers. He went on to say that he was “a big fan” of Nazi Party leader Adolf Hitler’s art.

>“Really what he was trying to do was clean Germany, clean it of the parasites, of the fleas. He did not hate Jews. He hated filth and he was trying to clean up,” Benjamin said.

>In another stream, he advocated conspiracy theories alleging massive Jewish influence in pornography, Hollywood and media, also alleging that Jews are secretly responsible for education programs that help children understand LGBTQ identities.

>“Nobody wants any of it and it’s all Jews!” Benjamin yelled into the camera. “It’s war Jews [and] sodomy Jews and they’re having a family feud at our expense.”

This is not sounding to me like someone who is trying to carefully describe Hitler's mindset, but instead someone with a similar mindset?


Sorry guys, I made a serious mistake and linked the wrong Benjamin (I was wanting to link to Sargon's lawsuits that threatened to sink the company). Even so, I'm a free speech absolutist and even though people say terrible things I disagree with, I would defend that right unironically.


How much of the internet traffic is actually pornography in general? I have heard a lot of anecdotal hearsay that it constitutes a majority.


The thing about the online porn industry is that it's highly diversified which leads a lot of people into making wild assumptions about its size. I doubt porn traffic is that high. Stats show that one in three Internet users are viewing porn, but the thing is that porn isn't something you can spend more than 10-20 minutes consuming[1]. So if we say that the average user spends some three hours online on average every day[2], then porn is about 5% of that time. So one in three users online spend 5% of their time watching porn. In total I'd guess that doesn't account for more than 10% of global traffic, taking under consideration that video consumes much more bandwidth than other forms of content.

That's all back of the envelope calculations off course.

[1] https://www.pornhub.com/insights/2019-year-in-review#traffic

[2] https://www.statista.com/statistics/319732/daily-time-spent-...


I'm pretty sure it's 80% spam, 80% pornography and 80% streaming video.


The 80-20 rule strikes again. Such an amazing statistic.


At least in the US, Netflix and Google/YouTube represent over 50% of web bandwidth use, I believe.

Somewhat old statistics here: https://www.cnet.com/news/netflix-youtube-gobble-up-half-of-... and https://thenextweb.com/apps/2014/11/21/netflix-now-accounts-... and https://www.washingtonpost.com/news/the-switch/wp/2015/05/28... (all from Sandvine, mind you)

I would have to imagine that, also being a streaming video service, PornHub and the rest of MindGeek's properties consolidated probably take up another decent portion.

Those of us just posting on Internet forums, reading news, and sending emails use a tiny minuscule portion of Internet traffic comparatively. There's a reason ISPs want to charge extra/differently for high bandwidth streaming video: It's the vast majority of what's loading up their networks.


> There's a reason ISPs want to charge extra/differently for high bandwidth streaming video: It's the vast majority of what's loading up their networks.

Why not just charge by the byte and be done with it?


That's actually more or less my preference: Straight metering. People who use the network less pay less, people who use the network pay more. And ISPs could then deliver all users access at the highest speeds their network can handle, rather than artificially speed throttling traffic.

Internet billing should look more like your electric and natural gas bills.


That's not possible: CDNs exist not just to reduce latency, but to reduce data-transfer costs by having content within the ISP's own network where data transfer is literally gratis to the ISP because it's running on their own hardware: they just charge companies like Netflix and Akami rent to sit within their network. By your proposal I would be paying the same per-byte rate for both Netflix and Vimeo, even though Netflix has a CDN and Vimeo doesn't - so Comcast would be profiteering from Netflix both ways and the Netflix data doesn't cost Comcast anything. That puts Vimeo at a disadvantage.

Utility systems in most countries work on a grid system: natural-gas and electricity is pumped into the grid by supplier/producer companies, managed by the grid-infrastructure people, and measured at the point of consumption. This works because both natural-gas and electronic-potential are both fungible and do not originate on your utility-grid company's premises (assuming your utility-grid company is not also an energy-producer). Bytes transferred over the internet are not fungible, so it is incorrect to compare residential gas and electricity billing to residential Internet billing.

Also consider that just as data itself isn't fungible, the value of that data varies tremendously: A high-quality VOIP connection is probably 128kbps and needs modest latency needs, but it absolutely has to always work - whereas Netflix et al. is high-bandwidth but not latency sensitive and occasional outages and poor routing is acceptable; disregarding network QOS, I'd still gladly pay far more per-byte for a hyper-reliable VOIP 128kbps connection than a 1Gbps link for Netflix.


Data doesn't have to have an exact fungible value for it to be a good way to divide up costs. Users torrenting terabytes a month should pay more than someone who mostly uses email and reads news articles.

Also, note that Netflix gets its CDN boxes hosted for free. It "lets" ISPs host them, rather than paying for colocation space. Charging equally for data use regardless of CDNs or not would rebalance this effect.

And finally, the largest cost for building out residential ISP networks is last mile. It's the most expensive part to build, maintain, and upgrade to support increasing usage. The CDN boxes are on the far end of this, so mostly irrelevant anyways to this point.


This article doesn't guesstimate by bandwidth, but by "use", and seems reasonably well researched.

It ends up with "somewhere between 4 and 15 percent of web use involves porn."

There's some interesting sub-stats on percentage of porn related searches, etc.

https://www.psychologytoday.com/us/blog/all-about-sex/201611...


That's grossly inflated. Their source is that 4% of the top million websites are porn. That doesn't mean at least 4% of web use is porn.


Thats not the only number in the article. They appear to have tried several different angles, including the somewhat flawed one you mention.

For example:

"Ogas and Gaddam also tracked web searches from July 2009 to July 2010. The proportion that involved porn: 13 percent.

Finally, they interviewed officials at the major search engines about the prevalence of porn searches. Those estimates: 10 to 15 percent."


Still seems dodgy.

3hrs per day on Facebook and Netflix and Youtube corresponds to very few search engine searches. Very few people are spending a comparable fraction of time on porn; it's a self rate-limiting activity.

Beyond leisure time, a huge portion of people use Internet for work some or all day.

Millions of people stream music all day.

Porn is the least optimized search target so you'd expect more porn searches per session than other topics searches per session.

4+% of "things people do" in some sense? Sure.


It's not a majority, if you look at the traffic patterns for a medium sized ISP, the vast bulk of the evening peak traffic these days is what I would call "legit" non porn video. For residential singlehomed customers it's a huge amount of youtube/google AS traffic and Netflix traffic. And a lot of other stuff like people downloading 200GB Xbox one games, Steam games, etc.

To the point that a very small ISP that is singlehomed to a Cogent or HE type transit provider, can halve its monthly IP transit bill by joining an IX such as the NWAX and establishing settlement-free peering BGP sessions with just google and netflix.


How would anyone know that?

My guess is most of traffic is various intelligence agencies copying all other traffic in the world.


Even the word "pornography" is ill-defined.


Why do you think the porn industry is prone to more fraud/risk?


A man orders porn and pays using his credit card.

His wife looks at the statements and asks him what he’s up to.

He denies having made the payment so the wife initiates a chargeback.


Yup. My uncle worked at a bank and had to deal with this quite often.

Even better, at least in the UK, the bank had tools to find out what the subscription was for and whose name it was in,


I kinda wonder if it isn't the kids doing it with a parents card.


My friend and I were 13 and called 1-900 numbers back when it was popular. We took his moms credit card and changed some numbers around. Eventually a number we made up worked.

It was a hilarious moment but I was scared to death we would be found out. Nothing ever happened but somebody got a charge.


Do they not ask for a CVV or any other verification?


We did something surprisingly similar once as stupid kids/teens and it was in the days before CVV. Just touch tone to enter a card number (although we did this little experiment from a payphone using a 1-800 (toll free) sex line). Typically, you entered a card number after some initial "pitch".

AFAIK, 1-900 numbers only worked by billing you on your phone bill.


Guess I'm showing my youth, because I've never seen a credit card be used without a CVV. And I think that's a poor security model…


It was at the end of the 90s maybe 2000. Messing with pay phones or prank calling on one was another fun thing to do. The good numbers (1-900) didn’t work on pay phones. ;-)

Call collect!


Haha I guess if your credit card failed they just billed the line. His brother most likely got blamed for it.


In the 90s many sites didn't ask for CVV, including AOL. And many gas station receipts printed the entire credit card number. And that's how some kids got online in the early-mid 90s...


I seem to remember using fake CC generators that didn't really "work" for billing but they would pass basic muster to activate the 30-day trials in their software. In retrospect this was moronic because it couldn't have been that hard to figure out where these obviously fake trials were being set up every month but somehow it worked until I was able to get a university dial-in account or a "cracked" version of those free services that showed an ad window in exchange for free dialup (the cracked versions hid the ad window).


Heck, Amazon doesn't even ask for a CVV.


Because the government will close your bank accounts if they discover you are making money off pornography.

https://www.vice.com/en_us/article/pa8xy9/is-the-doj-forcing...


What I don't understand is that that this isn't even illegal, so how could the government possibly argue that those accounts should be closed?


Because the government insures those accounts for hundreds of thousands of dollars each. If you want to benefit from the insurance then you can only use the account for purposes allowed by the insurance contract which excludes "high risk" activities which is defined to include essentially all sex related services.


I thought the government insures those for when the bank burns down. How does my employment come into play here?


Aren't bank accounts required to be insured? Is there any legal way to offer a "high-risk" bank account?


The porn industry has been known in the past to have some very shady people working within it. They would use the porn as a front for other illicit activity. The have used porn to launder money from those other activities. Credit card fraud is a huge part of that. If you are into stolen credit cards while owning a porn site, you just subscribe to expensive recurring plans. It's not really hard to understand why it's considered risky.


Why didn't they use non-porn for such activities and money launder? What is the substantial difference between porn and any other expensive subscription? E.g. you build a garage, name it notaws (or whatever service was expensive back then) and launder an ocean of fraud through it. Why must somebody get banged in the process?


You're assuming this is an either/or situation. Criminals spread their money all over the place. Porn just has so much money going through it that it makes it very tempting and lucrative.


Because back in the 90ies when credit cards didn't have CVV etc and you could simply generate "valid" credit card numbers, everybody used them to get access to porn.

And still today, porn accounts are next to netflix & co on the DNMs. It's a sought after thing that's digital. Carding material products is much harder and riskier.


Back in the 90s, they lead in affiliate programs; Every major porn company offered like $30 or more per member. Lots of fraud in those days.


Once you get the video or pics there's nothing stopping you from copying and redistributing it I guess. Unsure how it compares with other media types.


My guess would be that Onlyfans do a lot of fraud prevention on their end and negotiated an exception with Stripe...


Would it be possible to sidestep the issue completely?

Is your industry one that you could start pushing for cryptocurrency for payments? You'd be basically reducing your risk to zero and by using a stable token you would also have no volatility.


Somewhat related, a story that digs into who's running onlyfans.com: https://forensicnews.net/2020/08/13/onlyfans-faces-allegatio...


This has to be the biggest pile of garbage I have ever read.

No doubt the guy is probably not a saint but the article starts with the site being worth "between $810m and $936m." and ends with him pivoting into drug smuggling? according to "xoxgoldenfox"?


I'm sure I saw somewhere else that these allegations have only ever appeared on that website. Nowhere else has any other sources,


> Weeks before Radvinsky purchased the OnlyFans holding company in the United Kingdom, he received a $250,000 tax credit from the state of Illinois. “The purpose of the Angel Investment Tax Credit Program is to attract and encourage the placement of investment dollars into early-stage, innovative companies throughout Illinois.”

Your tax dollars at work.


You know what a credit is?


It only takes the word "tax" to make many people internally scream. Crude heuristics, but hey it's human programming.


> Your tax dollars at work

...creating high-tech well-paying jobs in the local area. Is that a problem?


You might think that if you'd never worked for a state finance authority, or for the state of Illinois. It's certainly what's on the press release.


If anyone is interested in talking about fraud prediction or high risk adult payment transactions, I have been looking at this space and think there are some interesting opportunities. Email in profile.


This thread is a aompelling argument for Bitcoin/LN as an intermediary--just saying. It's getting easier every day.

Bisq for exchange will get easier over the next 5 years or so, too.


It would be nice to see Bisq start to get more liquidity. It seems like a really interesting way to sidestep traditional banking on/off ramps for crypto. It's almost like local bitcoins with ACH.

I have to admit I don't fully understand how it handles disputes. I probably need to look a bit closer.


We would use a multi-gateway round robin setup for volume over 50k per month. I'm more than willing to point you in the right direction.


There are other payment processors other than Stripe....

Ever heard of CCBill?


Who is behind CCBill and what does it need to launch a competitor?


Probably cause Stripe likes money?


Of course they like money, that's why the rule is there in the first place. High amount of chargebacks and fraud costs them money.


A company I worked for tried to use Stripe but couldn't because they don't allow "fantasy sports leagues with cash prizes". They definitely aren't willing to make exceptions for everyone.


In practice, unregulated online gambling is much closer to fraud than porn.


They won't operate online pharmacies. Not because they aren't legit one but because there are so many bad actors out there they just won't engage with pharmacies -- we tried setting one of the up with a cashless solution but Stripe didn't want to.


OnlyFans isnt a porn site in the same way that Twitter isnt a porn site. Many of the high profile users are in the adult industry but people use onlyfans for other types of content as well.


I'd venture to say that 99% of onlyfans content (that people are paying for anyway) is porn. Just because there's a small subset of non-porn doesn't change the fact that they're selling access to porn. Twitter is a completely different story as they're selling advertising, not access to nudes.


They are NOT using Stripe. Stripe has a no porn rule because they want to go public at some time and everything needs to look clean, also on their customer side. Also their (Stripe) backend banks don't tolerate porn.

Also there is not only Stripe out there!

Btw. you are in the wrong forum. Look on gfy.com forum for example


> They are NOT using Stripe

Take a look at the requests their frontend is making and you'll see they are indeed using Stripe. At least they were last time I checked.

> Also there is not only Stripe out there!

Indeed, I listed some of the alternatives in my opening question, but is besides the point anyways, here we're discussing Stripe + OnlyFans.

> Btw. you are in the wrong forum.

Judging by the number of upvotes and comments, no, I'm not.

> Look on gfy.com forum for example

Thanks for the pointer, I'll take a look there.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: