Hacker News new | past | comments | ask | show | jobs | submit login

(Stripe cofounder.)

Ugh, apologies. Something very clearly went wrong here and we’re already investigating.

Zooming out, a few broader comments:

* Unlike most services, Stripe can easily lose very large amounts of money on individual accounts, and thousands of people try to do so every day. We are de facto running a big bug bounty/incentive program for evading our fraudulent user detection systems.

* Errors like these happen, which we hate, and we take every single false rejection that we discover seriously, knowing that there’s another founder at the other end of the line. We try to make it easy to get in touch with the humans at Stripe, me included, to maximize the number that we discover and the speed with which we get to remedy them.

* When these mistaken rejections happen, it’s usually because the business (inadvertently) clusters strongly with behavior that fraudulent users tend to engage in. Seeking to cloak spending and using virtual cards to mask activity is a common fraudulent pattern. Of course, there are very legitimate reasons to want to do this too (as this case demonstrates).

* We actually have an ongoing project to reduce the occurrence of these mistaken rejections by 90% by the end of this year. I think we’ll succeed at it. (They’re already down 50% since earlier this year.)




> We actually have an ongoing project to reduce the occurrence of these mistaken rejections by 90% by the end of this year. I think we’ll succeed at it. (They’re already down 50% since earlier this year.)

More important than that is provide a way for people to get this revolved without having to make the front page of HN.


One particularly frustrating aspect of fraud prevention is that fraudsters are better than the rest of us at getting human support staff to do what they want. They have way more practice, and they learn techniques that work from other fraudsters.


Right. It's a hard problem. That said, we think we can get better.


Reading the stories week in and week out, we think you can get better, too.

Hopefully that's a more diplomatic version of my (somewhat valid) sibling comment.


That comment is a valid opinion and should _not_ be dead.


I'll say the same thing about fraudsters I tell clients about hackers, ransomware gangs, etc. What they do is their jobs and some of them are quite good at those jobs. Don't think of them as the stereotype angry teen that might have come to mind 30 years ago - these days it's more likely that they look just like your IT department working from home - or like technical employees in a Russian government office in Moscow.


> One particularly frustrating aspect of fraud prevention is that fraudsters are better than the rest of us at getting human support staff to do what they want. They have way more practice, and they learn techniques that work from other fraudsters.

Then put a flag on that account. Repetitive issues will make it clear what's happening.

Fraudster also doesn't have the same needs as most customers, they don't need to keep the same account... at best the same account will barely give them more credibility, but that would no longer be true if a flag has been raised previously.

There's plenty of ways to verify identities, use that when a flag has been raised previously. Again, something that sure a fraudster can do but lower odds than an actual customers.


It's never that simple. You're implicitly assuming that a fraudster wants the account long term, which is rarely true.

And identity is a VERY complex area, and nothing like as simple as "plenty of ways to verify identities". Particularly noting that fraud is often carried out by leveraging many partial opportunities: I use the (false/stolen) identity from over there to carry out of the fraud over here.


> You're implicitly assuming that a fraudster wants the account long term, which is rarely true.

Wait what?

Here my comment:

> Fraudster also doesn't have the same needs as most customers, they don't need to keep the same account...

How does I assume fraudster wants the account? I'm arguing the reverse, that they don't want it, thus give more credibility over anyone doing effort to get his account back. I don't understands that part, feel free to clarify it.

> And identity is a VERY complex area, and nothing like as simple as "plenty of ways to verify identities".

I was arguing that opening up customer service for theses instances won't be a huge risk if you keep a flag on the account as they fraudster don't need the account long term (as you seems to agree).

Doing others verification is to reduce that risk further, risk that I already consider minimal. No one said that it would be 100% effective, nothing is perfect, sure some will be able to bypass, but as I said, they don't need to.

> Particularly noting that fraud is often carried out by leveraging many partial opportunities: I use the (false/stolen) identity from over there to carry out of the fraud over here.

Yup, thus why getting more proof of the user identity will allow to confirm he is actually who he is claiming to be. Here in Canada we can do that at Canada Post office. It's not something Stripe ask for, thus if someone with a flagged account ask to get it back, doing a local verification will most probably be harder for him.


I know it’s not an ideal support mechanism, but I think this is one of the services HN provides to the community (informally). It can provide backdoor/informal channels through engineers and founders to some rather large companies. Especially when other avenues fail. But for the community, in this case, not only Stripe gets to learn about the issue, but we can all take something from this about automated systems and needs for manual overrides/reviews. This type of “case-study” can help many other companies avoid similar problems.

But we also get some of the back story from Stripe about why their systems are designed this way. What challenges they face that made these engineering choices make sense.

I’m sorry that this happened to the OP. But at least this channel of communication exists. And I think we can all benefit from it.


It only exists as long as the post gains enough attention to get to the front page. Which doesn't happen for every post - not even most posts - which makes it an exceptionally poor avenue of support.


> I know it’s not an ideal support mechanism, but I think this is one of the services HN provides to the community (informally).

I would like to know where and why Stripe's customer support failed in this case. Or even if it failed at all. Those are the only relevant details.

It's immaterial to the discussion whether any other web forum was used as an alternative to Stripe's customer support. I'm sure HN didn't signed up to be any company's customer support channel, or if it's reasonable to get it involved in this ordeal.

If I have a problem with Stripe, I want my business to be dealt with Stripe directly, and in the process not get a web forum involved. I would hate to be in a position where escalating an issue so that it becomes a PR issue as well is seen as the first step in a problem-solving workflow.


The answer is usually:

Maintaining the magic abuse detector requires secrecy around the heuristics, which means not always giving the clearest error codes/any error codes to the user re: what's wrong with their account/transaction.


Only a few HN posts can make it to the front page. Only if you are lucky then you will be able to raise your voice through here. So I assume there would be many users out there affected like this and their issues were never resolved.


> More important than that is provide a way for people to get this revolved without having to make the front page of HN.

Absolutely!

Mistakes are ok, it'll always happen. Great to try to minimize them, but there will always be mistakes.

The real key is how they are handled and how easy it is to get a real responsive human on the line who is empowered to fix it ASAP.


We actually have an ongoing project to reduce the occurrence of these mistaken rejections by 90% by the end of this year. I think we’ll succeed at it. (They’re already down 50% since earlier this year.)

It seems to me that if a company provides such an important service to other companies (i.e. functioning as that company's direct revenue source - payments), then if somewhere it is determined that Stripe no longer intends to provide that service, someone at Stripe should be reaching out proactively, via a telephone or other method, to the leadership at the customer and explaining to them in detail why the decision was made to terminate the relationship and what recourse they have.

I shudder to think of the impact something that an algorithm based decision like would have on my business in this scenario. I would be an absolute disaster, and could have far reaching implications for the viability of someone's business.

Every single decision where Stripe is terminating a relationship should have a clear path to a human being for resolution, and should be reviewed by a human before the decision is even made. Like, setup a conference call with leadership and work through the issue. Most fraudsters wouldn't go through that process anyway, and it provides a proactive approach to working with customers who obviously would be in a complete disaster recovery scenario if this occurred so it would be all hands on deck on the customers side. Nothing is worse than having all hands on deck to address a critical issue and feeling helpless because the other side of the equation is an auto-responder email box.

No business should be writing blog posts for help on something like this.


This should be at the top of the comments IMO. I'm honestly stunned by this blog post because I always assumed a relationship with a payment processor like Stripe was akin to a banking relationship where you'd have an account manager that would reach out to you to resolve problems. If the banks can do it, why can't Stripe? Is it simply a difference in regulation and what they can get away with legally?

All of the big tech companies think they can use machine learning and algorithms to do everything and they have an "acceptable" rate of failure as a target.

The main problem with that is that even if the failure rate is .01%, the failure is typically catastrophic for that .01%. When the error is going to ruin someone's life, is there really an "acceptable" rate of failure?

A secondary problem is that machine learning and algorithms are going to have a tough time accounting for virility. IE: If I have a small product that goes viral, as a percentage change, my error/fraud/dispute rates are going to jump drastically. So at the exact moment where reliable, scalable payment processing is the most important in my life, the automated systems are going to have the highest risk of banning me and automatically denying my appeal.

The fact that 24-48 hours is considered an acceptable timeframe for an appeal is worthy of it's own paragraph. That's unacceptably slow if they're locking the account and doing irreparable harm to your business. That wouldn't be tolerated in a market with proper competition and my instinct is to ask for regulation that would involve a 3rd party in dispute resolution for a payment processor that's terminating a relationship in a non-amicable manner.

At least give me some options that can make things suck less. I'd prepay $500 (non-refundable) without even thinking about it to be guaranteed a phone call prior to account termination. I'd let them hold back a percentage of revenue up to an absolute value so it can be held as a (refundable) bond to protect against fraud. I'd let them hold back a higher percentage if their automated systems detect an increased chance of fraud / issues.

I think stuff like this is a stunning failure and I can't understand how tech entrepreneurs (of all people) can't understand why it's unacceptable. The dream for most of us is literally to build something that has overnight, viral success and makes us rich, but we've got companies like Stripe using ML algorithms that'll auto-ban you as soon as you deviate from the norm. How is that reasonable?

The absolute worst case scenario for a Stripe customer should be for the customer to opt to have all payments withheld (by Stripe) and to undergo some kind of dispute resolution or problem solving. Would you rather wake up to a banned account or an email saying they're holding your money until you call them? I know PayPal gets a lot of flack for the latter, but maybe it's not that bad compared to the alternative. The problem with PayPal AFAIK is they hold the money for a long time no matter what.

I get so frustrated when I see PR / damage control and the solution they're providing is "we're going to improve the algorithms." You can't. By the time those systems fail you need one-on-one human support where both sides can adapt, compromise, negotiate, etc. in real-time.

YOU NEED PEOPLE, NOT MACHINES!


This is a fair critique. In cases like Stripe, I’m sure there are viable ways to have humans involved.

More generally, the big problem is that most internet companies are trying to achieve growth and user numbers which aren’t incompatible with having humans moderate everything. For example, everyone likes to hate on social media companies doing a terrible job moderating. But the reality is that you cannot hire enough humans to manually moderate billions of things daily. So algorithms are a necessity, unless we are willing to part with platforms which cater to extremely large audiences.


Just came to say that the "billions of things daily" is a red herring. The companies are simply too big to handle moderation even with an algo+human solution. So maybe any network should have only millions of things, or thousands.


There's a couple of key things here:

1. The sheer volume of fraud attempts. Economics often dictate that it needs to be cheap and fast to reject a fraud attempt.

2. Information leakage. It's normal to see people complain that '<insert service of choice> banned them and refused to say way'. There's a very good reason for that: They're trying to slow the rate at which fraudsters learn to exploit them. So they deliberately don't detail exactly what the issue was. Yes, it's super frustrating if you get innocently caught up it, but it's not arbitrary.

TL;DR: Like everything else in life, there are real and genuine trade-offs here.


Since most of us are mere humans don't have the ability to get your attention by a viral post, how should someone get in touch to get this reviewed and rectified if they find themselves in such a position? I mean, OP's post shows that Stripe still decided to close the account even after "further review", so simply contacting support doesn't seem to be enough.

EDIT: I see that while I was typing you replied to a sibling comment. So we should contact you directly? Can I ask why this slipped through further review, it seems like a bug like this shouldn't require contacting a founder directly by email to resolve.


You don’t have to contact me in particular — you can get in touch with anyone at Stripe. (Or even DM Stripe on Twitter.)

With regard to the last part of your comment — absolutely. This is a final recourse when the system breaks, not a part of the system that we hope you ever have to use.


I suppose a related question then is if your review team is applying stricter rules than you are. Surely, in this particular instance, the review team should have been able to see that its a bug in the same way you are. I guess I'm confused by why contacting a founder helps here, are you overriding some checks somehow? Is that safe to do? If not, why did the review team not spot it?

Maybe it really was a strange and unusual set of circumstances that made this occur, so hopefully its rare that someone would need to escalate to you directly. Thanks for being responsive to questions and making your contact details available. That's a lot better than some companies do.

PS: since I have you here, completely off topic, I met you once in Dublin long ago and you got me interested in Lisp. Thanks for that :)


I don't doubt that from your perspective as the founder of Stripe, that's the workflow you'd like to have for when things "go wrong", but from the perspective of someone currently interacting with Stripe support, I strongly doubt that simply raising a support ticket or reaching out on Twitter would result in any meaningful movement on a rejection like this.

Regarding Stripe's support: I emailed last night to confirm how to delete a user's card when it's represented as PaymentMethod, and in reply I received a link[0] to the cards/delete API documentation (which, in case you're not as steeped in PaymentMethod's as I am, won't work because the two objects are fundamentally different).

Given this rather lacklustre handling & having also been on the receiving end of someone trying to fraud the company I'm working for, I highly doubt someone who is asking for reconsideration after receiving a fraud ban would actually receive an escalation via the front-line agents manning support@stripe.com, and if they could, the actual legitimate bans that Stripe no doubt needs to put in place would simply abuse that channel and waste everyone's time.

I appreciate it's a really challenging balance of trying to provide an escalation/appeals process that won't be abused itself, and by comparison Stripe's approach of direct-founder-contact seems easier than Apple, as if your developer account application is rejected[1] you have absolutely zero recourse apart from going H.A.M. on Hacker News & hoping the community helps you out, whereas in this case there is a magic button that starts an invisible and unaccountable appeals process, that ultimately resulted in another rejection.

The only "solution" (if any) I can see to counter the negative experience (& associated PR) would be involvement in the appeals process, where you are allowed to effectively "state your case" via video call or submission of evidence, but this draws a thorny parallel to the judicial system, and I doubt Legal would sign off on such a process.

This is a problem that impacts basically any kind of appeals process, and Stripe's not alone in suffering from it, but that perspective doesn't help the dozens of founders that don't have the connections to sort this issues out in private, and are burning the attention span of Hacker News in the process of unblocking their businesses. Front-line support also isn't the answer, unless specific processes can be put in place to handle rejection escalations and get them into the eyes of the right people.

---

[0] https://stripe.com/docs/api/cards/delete

[1] Long story short: to use Apple's Mobile Device Management APIs, you need an Enterprise developer account, which thanks to The Verge & gambling apps skirting the App Store, isn't possible unless you went to Stanford with a future Apple PM. Admittedly, the chances of an Apple executive personally addressing this if I were to email is statistically quite low compared to emailing you.

If someone from Apple is reading this & would like to pre-empt the classic "Apple screwed me" Hacker News post, do feel free to email me on luke@ghostworks.io and I'll happily brief you on The Great Saga of Enrollment 4HZY7VX69S.


The only "solution" (if any) I can see to counter the negative experience (& associated PR) would be involvement in the appeals process, where you are allowed to effectively "state your case" via video call or submission of evidence, but this draws a thorny parallel to the judicial system, and I doubt Legal would sign off on such a process.

There's also the question/option of considering reputation, which also brings up scary thoughts about China's moves in that area. If you're complaining and are a well known highly voted participant on HN, YouTuber with thousands of subscribers, etc the risk that you as a public-ish figure are trying to scam is lower.


Oh absolutely, and that's something I'm taking into heavy consideration as I figure out the next move with Apple: I have next to no social clout or network, so if the loudest move I make in the tech sphere is "Apple screwed me", is that all I want to be known for?

I'm not hopeful for any change in these sort of review processes without any legislation changes, but it would be a truly tragic state of affairs if it were to escalate that far.


Just a heads up that your domain (ghostworks.io) seems to have an expired SSL cert... (not relevant to your post, but figured you might like to know)


Ah! I knew I was forgetting something: much like that dude living in a cave in Lost, I have to SSH into that server and HUP nginx every ~80 days, as the user that does the certificate renewal isn't the same user that runs nginx.

One day I'll overengineer something to solve this, but for the meantime it's "ssh statichost -- sudo kill -s HUP 947" every so often. Thanks for reminding me, much appreciated!


If you want to under-engineer it instead, maybe this could just be a cron job? :)


So, contrary to your email to your customer directly stating that this has been completely and fully and finally reviewed, there's this secret way you won't tell anyone (except your friends here on HN)? Yeah, this is working great.


Sorry to say that, but the fact that founders have to post on Hacker News to get necessary support from Stripe in case something like this happens, gives the impression that your reply is just reputation damage control, and nothing will actually change.


I would estimate that roughly 99%–99.9% of cases get resolved without anything on HN. (Per the GP comment, things have already improved 50% since earlier this year and will, I think, improve tenfold by the end of the year.)


What's your definition of "resolved"?

If a Strip user appeals unsuccessfully through your official channels and then gives up, do you consider that "resolved"?

It seems like you exhaust those unfortunate users who banned due to Stripe's errors and then call it a success because they've stopped complaining. Or does your definition of "resolved" account for that?


It is just reputation damage control (i.e. this type of mistake will continue to happen - to err is human anyway), but communication is seen pretty favorably and it’s the sensible course of action.


> and nothing will actually change

If nothing changes, people will move away from Stripe on to something else. I'd say stuff like this is exactly how a business that wants to stay alive needs to react to swiftly and figure out the root cause for.

The communication from the founder or representative needs to reflect the commitment to change and show the plan they intend to execute. The GP didn't do so well on the second point (vague plan, at best).

If we see stuff like this still happening in 3-6 months, I think it's time to bring out the pitchforks.


Not really. Stripe has a better platform than competitors, and even though its support isn’t a strong point it’s still better than competitors (which admittedly is not a very high bar). It’s probably much better for large businesses who have their own contact/account manager at Stripe etc.

Last time I contacted Stripe I was given a round circle between departments, the department responsible denying the issue and/or sending me to an unrelated department (who had a good agent but, as expected, admitted she couldn’t fix the issue even though she recognised its existence). In the end it turned out to be a bug in Billing that was eventually fixed (per the dev IRC) but support denied there was any bug and kept giving bot-like responses. It was ridiculous. Stripe should probably improve its support, but even if it doesn’t it’ll probably do just fine.

Big tech and developed ‘startups’ are famous for bad support. Consider Coinbase, which barely responds, PayPal, which is useless, or Google/FB, which don’t even provide a contact option except in limited cases (eg GSuite for Business issues).


> Stripe has a better platform than competitors

.... If you weren't disabled by an automated system, and "customer support" (probably another level of shitty ML) continues to double down.

I concur with mikepechadotcom that this is simply a one-off damage control via "Social Media Escalation".


Right. I meant in terms of its APIs, Stripe’s product is solid. I’m not saying their user service/CS is great, although it’s probably average for the payment processing industry for non-large companies.

I had almost exactly the same issue as OP but with Braintree. The support was equally as useless. Stripe isn’t unique here, most tech companies just don’t know how to build good support.


People "moved on" from PayPal, too.

You can't take back the entrenched market position gained, and the millions in dickswinging power now accessible.


This post reminds me of when the same thing happened to me about 5 weeks ago: https://news.ycombinator.com/item?id=28085706

It feels like there should just be a better process. Shut down payments to protect yourselves sure, but spare a real life person to email the customer and give them a chance to explain or at least understand why.


It seems like companies can't seem to get their act together to offer some kind of rapid escalation/remediation service. Maybe it's time for legislation to force their hand. This could potentially cost a business a ton of money (and affect a non-trivial number of employees) in the process.


Would 'paid' support help? Like pay, say... $150 up front, which is refunded (partial or all) depending on the outcome (error on their end, you get refunded?)

It runs the risk of turning 'support' in to a profit center, I support.


While not ideal, I think this is a great option.

Microsoft (used to?) offer this for developer support and I remember using it maybe 15 years ago where it was a couple of hundred bucks to open a ticket but you got quick access to a real expert and good escalation.

If the issue turned out to be their problem the ticket was refunded.

For something business critical like this it is a way of signaling to the company that there is clearly somethin wrong with the automated process: a real scammer won't pony up hundreds of $ to get a review they would fail.


Exactly re: who won't pay. If I'm losing hundreds or thousands, I'll pay $150 just to get a real person's attention - most scammers won't. And yeah, it was MS I was initially thinking of, but haven't been in that world for a long time, so no idea if it's still an option.


Not really. This should be an emergeny-use only type support. But don't penalize (by making them pay) for a screwup on your end.


I'm a little skeptical knowing that Stripe never publicly addressed why they banned LaunchGood.

https://tinyletter.com/blauvelt/letters/looking-forward-afte...


What's your recommended way to get in touch with humans? Previously we had a manufacturing business + online store rejected because we mentioned that some of our customers may eventually be drop-shippers (i.e. an online store cannot prevent people from buying on behalf of other people) and there seemed to be no recourse other than "start a different business."


My email address is public (patrick@stripe.com). Lots of other people at Stripe also have public email addresses. (Just to be super clear, it’s a bug that you’d have to do this, and I’m sorry about the trouble! But when mistakes happen we do want to have a way to know so that we can fix things.)


What do you mean by drop-shippers and what do they do that's risky/bad?

Looking for drop shipping on Google leads me to pages e.g. by Shopify or Square explaining it's a model to run retail where the store doesn't hold stock or fulfill but instead has a distributor / manufacturer fullfil the transaction, shipping directly from them to the customer.


Some companies don't want to do business with drop shippers, maybe because they will often be unable to fulfill orders or because customers will often be upset that their order took a few weeks to arrive. As a manufacturer, we anticipated that some people would resell our products on their own storefronts.


> We actually have an ongoing project to reduce the occurrence of these mistaken rejections by 90% by the end of this year. I think we’ll succeed at it. (They’re already down 50% since earlier this year.)

How can you tell? It seems, naively as an outsider, like the problem is precisely that you can't tell if they should have been rejected, in which case you can't tell how often it happens?


Yeah, good question. First, we aren’t trying to calculate the absolute rate, just relative changes. (The absolute rate would be nice to know but it’s not needed to know whether we’re getting better or worse.) Methodologically, we sample/scrutinize rejections manually and also look at the occurrence of discovered false rejections. But you’re right that there could be some dark matter that we never become aware of.


Well it looks like the Brains Trust inside Stripe has found a way to duke your OKRs, because this guy's appeal was denied and he was cut off anyway. No wonder your "incorrectly identified as fraud" metric is trending down if your staff are simply doubling down on incorrect accusations instead of copping them. Sounds like Goodhart's Law in action - do you happen to tie bonuses to OKRs?


  if (transactionInvalid > 5) {
     if (accountPossiblyFraudulent) {
       sendAccountCancellationEmail(accountid))
       stripeBackEnd.closeUserAccount()
     }
  }
It's disgraceful that there isn't multiple layers of careful analysis and INCLUDING personal reachout before canceling an account.

Big companies like Stripe need to be reigned in with legislation because they wield the power to destroy businesses and they do it without care.

Where is Stripes ombudsman - a customer advocate - an independent person with CEO level power within Stripe who's primary duty is to customers and is a channel of last resort when your normal support channels have failed? Why don't you have this?

How can you allow Hacker News to be the channel of last resort?

You're running a financial services company and doing it as though it's unimportant to cancel someones ability to invoice.

The lack of protection for your customers is why companies like Stripe need much tougher regulation.

In fact, you as the co-founder of Stripe should NOT be answering here on Hacker News. You should make it a point to NOT personally resolve such issues because if you have to, then you are acknowledging serious failure in your companies systems and serious letdown of your customers. In fact you should be appalled that Stripe so fails it's customers that they must go to social media to solve valid problems. You should simply be able to rely on some lower level person in Stripe finding this and posting a short message saying "please contact our ombudsman", and being assured that your ombudsman will give it due and fair consideration.

So surely this is not the only time Stripe has mistakenly cancelled an account - but this is the one case where the person who's account was cancelled was able to get their issue on the front page of Hacker News. Therefore is can be said that many people have their accounts mistakenly cancelled by Stripe and have no recourse - again where is your ombudsman?

This is serious systemic failure of Stripe. And the worst thing is it is not just Stripe - this is what people have now come to expect from giant companies that are a critical part of business - such as Apple's app store - people now expect that the company might one day send a random email saying, in effect that your business is over. You can't or won't fix it, so the law should.

Stripe founder need to hear this: "sorry" ain't enough.


> Stripe can easily lose very large amounts of money on individual accounts, and thousands of people try to do so every day.

Not sure what case you refer to, but in our case someone was able to place multiple clearly (in my own hindsight) fraudulent orders on our woocommerce store. And it wasn't Stripe who lost on these chargebacks - it was us. The only way for Stripe to lose money in such scenario if seller (us) would be an active part of the fraudulent transaction. I.e. work together with someone placing fraudulent orders and immediately funnel money away and throw away stripe account. That is clearly not an option for an established business...

And no, it wasn't a niche attracting fraudsters - we sell pyrography tools, not electronics or some other similarly attractive products for fraudsters.


You figured out a way to do it (and people will set up businesses solely to do this) without having to think too hard. The creative things fraudsters will do is pretty wild. The time horizons they'll work on is also surprising - sometimes they move fast, sometimes they are quite patient and pose as an established business. And... sometimes they start out legit and then go to fraud when their business starts failing.

Give these guys a break - they are trying to onboard customers as fast as possible to reduce the headache involved. The only way to do it is automation. There will always be cases where things go wrong.


And sometimes the scammers will buy legit, aged accounts, or take them over, so just because an account has been in good standing for years, with what looks like real human interactions with support, isn't enough of a signal to know that a scam isn't taking place from that account.


Stripe’s customer support is absolutely horrible and ineffective, in my opinion. I have multiple firsthand data points, including three ongoing issues.


Can I help with the ongoing issues? Could you add me to the email threads? edwin@stripe.com


I've just forwarded you multiple threads now where at least 5 agents (each) have passed the buck, resolved the ticket without actually reaching a resolution, closed it, or just gone silent.


I don’t understand the stripe hate in the replies. In the past when I worked with stripe on a mobile project they were always quick to reply, and I felt like they did a good job of helping us through difficult problems (at the time a new platform) that is rare from a customer support perspective.


See my reply elsewhere on this post if you really want to understand what you here suggest.


"We try to make it easy to get in touch with the humans at Stripe"

You used to offer live chat which is no longer the case, correct ? I understand that stripe has exploded as a business but with all the money being invested in Stripe, I would seriously recommend getting live chat back so at least we know we have someone out there looking for us. Perhaps offer this to customers who are diong a min. MRR (could be controversial).

The attraction behind Stripe is the ease of API but at some point, that will become unimportant if support is not good when we are talking about dollars. Just my 2 cents as an overall Happy Stripe customer for almost 7 years.

EDIT: Never mind. I was wrong.


We definitely still offer live chat support!


Every time. Every fucking time. And what if this post hadn't blown up on HN? This guy would just be screwed? If I want to use Stripe should my risk matrix include "fingers crossed HN picks up my story if I get shafted"?


Random aside: Please look into supporting processing for sex toys!


Reading this, it seems like part of the problem was the false message. If there aren't any unauthorized charges, the system shouldn't be sending people rejections falsely claiming that there are. Mistaken rejections are unavoidable, but they can still accurately describe the reason for the rejection.


"We try to make it easy to get in touch with the humans at Stripe"

Do, or do not. There is no "try."


Seems like we got rolled into the same wave, just received the same email about our account. we have not had a single dispute, so clearly just an automated decision.

wrote back to the support asking to reconsider, really hoping for a quick answer!


OK, but how do you explain the appeal?

Hire people to manually review final appeals, maybe you've gone too far and are not hiring to keep up with user growth.


I open every stripe article on hn just to read your comments. I appreciate your style of hands-on leadership. I try to do my best to imitate it.


please stay a startup, pc !!!


Maybe Stripe should make and offer to acquire Justuseapp. It seems like a useful addition to help with subscription management.


Your AI is the problem, not using stripe for any type of business.


    Stripe can easily lose very large
    amounts of money on individual accounts
How so?

Is that because Stripe settles the payment on their end (they pay the merchant) before the payment to Stripe is settled?

Can crypto solve this?


I don't think crypto would solve this particular issue. Stripe needs the ability to back out of moving money, so there's several settlement periods for different parts of the transaction and ways to appeal transfers retroactively.

I suspect fraudster's are able to wait out this period without detection so they can cash out. If this is the case, then even time locking smart contracts won't help, as the fraudsters just wait out the time period. At that point Stripe would have even less recourse to recover money, as retroactive transfers are not possible at that point.

I could see services such as their debit card offering being abusable too.

They also likely have to worry about things such as predatory recurring payments as those will result in chargebacks which could ultimately fall on Stripe to foot.


Is fraud even possible with crypto?

As I understand it: When A pays B with Bitcoin via the Lightning Network, B can almost instantly be sure that they have the money. There is no way for A or an intermediary to take it back.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: