Every bank/money transmitter has a list of transaction patterns/behaviors that are basically red flags for criminal activity. A lot are heuristics based, few are right out documented anywhere, but one example is # of credit card/account numbers bound to an account, another is structuring, i.e. a paytern of transaction activity specifically intended to avoid bank reporting controls. Or stupidly, putting words that are high risk w.r.t sanction compliance in memo fields, or getting a false positive OFAC hit.
None of this is discussed with customers in a candid way; as a result it can feel very off putting. It's one of the things that bugs me about modern finance. It's too busy building itself into a governmental reporting mechanism, and far too prone to overreach through the exploitation of sanctioning mechanisms.
It's one of those "can't have nice things" sorta bits.
There are also explicit laws forbidding telling your customers of your suspicions ("tipping off" in the context of money laundering).
Of course, this doesn't mean your customer service agents should never be helpful and forthcoming, but it's easier and less risky to tell them to say nothing and burn the odd legit customer, rather than risk being on the wrong side of AML legislation.
If a mandatory reporter files a SAR, they are forbidden to share that info with customers. This doesn’t apply so much with payment processors. Stripe and others just don’t want to share their heuristics, because carders can thwart these heuristics. That’s more reasonable suspicion than some laws.
