In general, we try to make our prohibitions clear, and we try to give a grace period (the five days referenced) in order to minimize disruption.
If anyone has suggestions for how we could do this better in a world where stringent prohibitions exist, we're all ears. (I'm firstname.lastname@example.org) We don't like imposing others' rules, but that's part of the reality in operating in the US and on Visa's/MasterCard's/etc. networks.
(Pedantic note: I know full well that the second part of the sentence that actually places the blame on the "risk" doesn't mention customer disputes as the source, but the former part does, and since it's clearly intentionally misleading I am asking why it was necessary to mislead him by mentioning customer disputes. Those seem far from the core problem here, if not outright irrelevant.)
I agree our response should have explained the marijuana restriction. I can't go into specifics for privacy reasons, but I'll add that facilitating marijuana sales wasn't the only factor contributing to the text in this email.
Were there any other significant factors specific to his business that made you mention customer disputes as such a significant reason?
(Note that I'm not asking what the factors were, I'm just asking if there simply existed any.)
The reason I ask is, I imagine there might have been other similar businesses with a high rate of customer disputes, and I imagine there may have been other factors in his business that could have resulted in you not wanting to work with them, both of which would be reasonable justifications for avoiding this business -- but what baffles me is how a company with "zero customer disputes over [their] entire history" can get an email blaming his customer dispute risk as the primary concern.
Note that I'm not disagreeing with the soundness of your ultimate decision here, I'm just confused by the email you sent justifying it.
Unfortunately, yes. Still, explaining the marijuana restriction should've been our primary focus in that email.
In general, we would never close an account that had a reasonable explanation for high dispute rates (unless card networks or banks forced us to). Our goal is to help users manage their disputes, and in the long term to not have to worry about them at all.
The risk of supporting a single company who chose to participate in the illegal drug market (yes, Marijuana is illegal still under the Fed folks) far exceeds any potential benefits they could of brought.
Frankly, the article and title are written by someone who is upset they didn't understand the reality... It's rather unreasonable to blame Stripe here for their own ignorance.
[EDIT: redacting the second part of my comment as further information in other comments seems to imply it was probably incorrect.]
As far as the Fed is concerned, any support of the illegal drug trade industry is a Felony. Selling software that is targeted at helping manage, distribute, and facilitate the marijuana industry (which is illegal federally) is against the law.
As far as Stripe is concerned, they are regulated by the Fed and cannot afford to knowingly have illegal drug market customers sending money through their network.
As somebody with extensive experience in building and selling regulatory compliance software to the gambling industry, I can state beyond a shadow of a doubt that your argument is bullshit. Selling software that explains what is legal and what isn't legal in any specific jurisdiction isn't illegal at all, and doesn't do anything that facilitates the breaking of the law (actually, it is quite the opposite).
> As far as Stripe is concerned, they are regulated by the Fed and cannot afford to knowingly have illegal drug market customers sending money through their network.
That isn't actually what is happening.
The Feds. The Fed is mostly concerned with managing the money supply.
And that's not exactly true, even then (the laws are a lot more specific and complex, not everything that could be described that way is prohibited at all, and some of what is prohibited under federal law that way is not a felony.) But its a reasonable approximation.
> Selling software that is targeted at helping manage, distribute, and facilitate the marijuana industry (which is illegal federally) is against the law.
That's quite possibly true, and I can easily see other businesses not taking the risk of getting involved in case it is.
OTOH, if you are going to claim that it factually is, it wouldn't hurt to cite the specific law.
Then there are literally 1000s of business owners in dozens of states in lighting, electrical, communications, real-estate, security, software, internet-service, legal, finance and investement industries committing felonies at this very moment.
> As far as the Fed is concerned, any support of the illegal drug trade industry is a Felony.
Are you saying the seller has probably committed a felony by selling this software?
Because if true, I would think they would have been incredibly stupid to draw attention to their business on the HN front page, which they do not seem to be.
> marijuana regulatory compliance software
> REGULATORY COMPLIANCE
Can you comment on the 5 day warning, though?
Speaking as a quality professional with some experience with billing, the idea of identifying and transitioning to a new payment processor with proper testing and zero business downtime within 5 days isn't very realistic. If a company abstracted their payments up front, great, but for a small firm it's likely there's tight coupling there. Customer communication also isn't instant, and I assume subscription authorizations have to be transitioned as well--probably by the customers themselves.
It would be one thing if you stopped people at the door, but once they're dependent this seems rather harsh unless they've somehow egregiously violated business ethics in a way that's harmed you. You're pretty much guaranteeing a business interruption, and that can be fatal for a small firm.
And from a strictly pragmatic point of view, this is the sort of action that would make me hesitant to pick you for an upcoming project. When I judge risk vs. worst case outcome, the very fact that your worst case is a surprise interruption would put you on the wrong side of the line even at a low risk.
This is essentially a provider uptime decision, and it's easy to see this as unpredictable between 5-9s and zero. That's not a good quality for a payment processor.
(Noticing that "weapons and munitions" are on Stripe's prohibited businesses list and the corresponding category in Operation Choke Point)
As another example, note that Stripe prohibits transactions related to the adult entertainment industry. There's nothing illegal about that, it's just that Stripe's business partners don't want to take on the chargeback liability.
I do suggest however maybe in the future when sending out those service disruption emails give more details to prevent random outbreaks by seemingly ill informed owners about why in fact they were told they could no longer user your services.
Oh come on, own your own mistake.
You didn't just get screwed... you screwed yourself.
You screwed yourself the day you chose not to read Stripes ToS. You screwed yourself the day you chose to violate Stripe's ToS. You screwed yourself the day you chose to ignore Federal Law.
Accusing them of violating a ToS as well as federal law is uncharitable to say the least.
Actually they do work that way.
And yes, the Fed has had a standoff with many States, and yanked funding for things in some cases. Also the DEA has been known to raid long standing medical marijuana clinics in CA. The current administration is a little lax on Marijuana, but that doesn't somehow make the law not apply here (The next administration could come down with a whip).
At the end of the day, there is no other way to slice it. Supporting marijuana in any capacity is currently against federal law.
Stripe themselves further cloud the issue by claiming it as a high risk of customer disputes, which is demonstrably bogus and a black mark against them.
The author defined his business as "marijuana regulatory compliance software." Therefore, not enough information is given. If the software was purely for medical marijuana regulatory compliance. Then I think Stripe should continue to work with the company, but as it relates to recreational marijuana that is where Stripe should draw the line.
This is not a morale position, but a legal one. Why?
>it's still illegal at the federal level
Yes; however, one may reasonably rely on the representations of the Government. Moreover, in this particular instance the Gov. (via Attorney General Eric Holder) publicly has taken the legal position that the Federal Gov. would not enforce the Federal Marijuana laws against persons who comply with state medical marijuana laws. What Stripe is dealing with is a Software to ensure compliance with these very laws that the Federal Gov is using as the basis for their Federal enforcement (so long as the Software is limited to medical and not extended into recreational).
In criminal law, the only case that I am aware of where this is a defense against later prosecution is where you reasonably rely on the advice of those responsible for enforcing a particular law that a particular act is not against the law -- a representation by law enforcement that something is a violation of the law but is not a current enforcement priority would not suffice for (indeed, would directly oppose) such a defense.
If you have cases, etc., that suggest otherwise, I'd like to see them.
I am not sure the impact practically or legally, but obviously lawyer's can advise these businesses (even in the recreational realm) in these states, so maybe pivot your software as legal service software, license it to law firms and have them re-license it to their own clients. Sucks to inject an otherwise unnecessary middleman into the equation, but you already have that with payment processors, banks, card issuers, ect...
(By non-obvious I mean, stuff millions of people are used to paying for online and offline with various legal forms of payment other than cash, including credit cards. That btw also puts a bit of a question mark on the "it's the banking partners, not us" argument.)
When you sign up for service, you are asked to read and agree to their Terms of Service. How much more obvious should it be?
Like what on that list?
Substances that are legal but feel too good are prohibited?
There was a crackdown in smoke-shops in New York on the weed-not-weed "synthetic marijuana" and "functional analogues" of cannabis. For a while you could go into any hookah lounge or corner smoke shop, see a case on the counter with 1g and 2g silver-colored ziplock bags, or 5-10g jars... ask for some "incense" or read whatever it says on the bag out loud (and don't say "spice" because K2/spice had already been scheduled).
You'd receive a bag of something that looks like weed, with labels clearly indicating it was not to be marked or marketed for human consumption, that it was a novelty item and definitely not safe, but if you tried it and you actually knew what marijuana was but for some reason couldn't get any real bud, you'd probably agree it was a passable substitute.
Then these shops all started getting visits from the state police, and you couldn't buy them anymore. Their whole inventory would be seized, under the new (at the time) Federal Analog Act.
I hear you can still get salvia and kratom, but I also heard those are both really not anything like cannabis, other than both being organic and having pharmaceutical applications, that you really couldn't easily use either of those and be at all confused about whether it was pot or not.
(Most of the new-ish trendy payment companies are similarly customer friendly; some older payment companies will refuse to transfer data or will demand outrageous fees for it.)
Taking the current story for example, it looks like it would also violate Spreedly's terms of service. At a quick skim (IANAL) it looks like their ToS is pretty much identical to Stripe's
There are lots of reasons businesses lose their payment processing accounts. Most of those reasons have something to do with underwriting and payment network rules: your actual or predicted chargeback/refund rate going above 1%, or otherwise putting the processor at risk with Visa/MC, or their underwriting bank. Businesses often want to change their payment processor voluntarily, to get more features or better rates, but can't because their customer info is locked in their vault and the won't transfer it.
Your account with Spreedly isn't at risk in any of those situations because they're not a payment processor. They're just an API. They don't care whether your charges are declined, how many refunds you issue, or how many chargebacks you get. Inexperience of new ventures at navigating these issues will get you in trouble with PayPal/Stripe/etc, but not with Spreedly. And Spreedly does data portability amazingly, so there's no lock-in, unlike using a processor's vault: they'll give you your data if you want, or you can use their API to securely move it into the vault at a supported gateway.
The PCIDSS benefits are pretty huge too. With Spreedly billing info can be entered on your website but never touch your server (iframe or transparent redirect). Even under PCIDSS v3 (January 2015), you qualify for SAQ A, a short questionnaire, instead of SAQ A-EP or SAQ C most small sites taking cards directly fall under, which would require quarterly security scans and pen testing of your entire hosting and IT environment. Spreedly not only tokenizes and stores your customer billing info for you to charge, but can act as a proxy to pass it to 3rd parties like fraud screening systems, again without it ever touching your environment.
Maybe a free package with the ability to store 20 cards? I don't want to pay $99 a month to basically hook up to your API and test it with my first few customers.
"We're an early stage startup wanting to support multiple gateway types out of the gate. Can you help?
Contact [sales addr] to discuss our startup package which is focused on pre-funded startups needing to work with multiple payment gateways."
We've done full refunds, partial refunds, and had one unfortunate chargeback with zero problems. Their customer service has always been incredibly fantastic, and the money is in our bank two days after it gets charged. The one issue we've had is that they given super vague answers when our users trip their fraud detection algorithm, simply stating the "charge was declined" and telling us to check with the user's bank, when it was actually the fact that the user had been using the card via a Tor proxy in Nigeria. I think the security opacity is understandable, and each time they helped us work through the issues.
tl;dr: I'm sympathetic to the poster, but Stripe seems to do whatever they can to get the money to you quickly, and their customer support has been great despite running a business with customers that regularly use Tor, fake names, etc.
No, they aren't. Federal law is applicable in every state, and activities illegal under federal law are illegal in every state. It may not be prohibited by state law in that state, but then neither is, probably, espionage (of, e.g., US defense information) prohibited by the law of that state. That doesn't make espionage legal in that state, and doesn't mean that someone advertising software specifically designed and marketed for the purpose of supporting such espionage wouldn't have significant legal risks.
> Regardless of where you stand on marijuana (I am not a partaker) they have a fascinating story working to legitimize a once illegal market.
Its not "a once illegal market" anywhere in the US. Everywhere in the US, its a still illegal market, its just the number of separate authorities prohibiting it is one fewer in some jurisdictions than it used to be in some places.
It's the customers of their customers that are the problem.
Would you prosecute Ford because a dealership sold a gangster a car?
Lots of stuff on here recently is making me rethink using Stripe for payments which I would have been doing in the next month or two.
Which you can do, if you have enough charge volume. Are you charging $1 million/month yet? If not, you probably don't have enough volume to carry any weight.
I keep seeing these "whine" stories on HN about "Fuck stripe! 5 days notice?! How dare they!". 5 days is pretty reasonable for someone taking an inordinate amount of risk on you. I can count on one hand the number of HN posters I'd provide upfront financing for in the 5-6 figure range. If you don't like it, find a provider more to you're liking.
You can tear Stripe from my cold, dead hands before I'd go to another processor, 5 day notices be damned. They are leaps and bounds better than the alternatives, and it should be recognized that they face the same hurdles as businesses with funding risk do.
No and I will never charge a million dollars a month through anything as I'm in the UK and over here card processing doesn't require anything remotely like that volume and we have a healthy local market for card processors if I choose to go elsewhere.
Unfortunately that wouldn't work for the posts author. The Obama administration DoJ and FDIC put the squeeze on bank accounts of broad categories of industry that they found distasteful without any actual evidence of high-risk: https://en.wikipedia.org/wiki/Operation_Choke_Point
IMO it will take all fifty states, DC and the federal government legalizing marijuana before industries like banking and insurance are comfortable with doing business with anyone associated with the marijuana industry.
I get that Stripe can (and should) do business with whomever they choose. This guy's rant aside, I think the fringe business issues surrounding emerging industries are really interesting.
Here's another example: Technically Uber has been operating in a legal grey area for a while (not unlike this software). What if companies like Stripe refused to do business with them because of their quasi-legal business? AirBnB?
I think so... As others have pointed out (including the Stripe CEO apparently) the banking industry is very paranoid about the legal marijuana industry right now. There is just too much grey area, even in states where it's legal.
As for Uber and ABB, although there has been a lot of press around them and some setbacks for them here and there I just don't think people get nearly as excited about them as they are about the recent relaxation of marijuana laws. People get very hyped about marijuana (and drugs in general) being legal; it seems like one of those issues that people are pretty passionate about, whether for or against.
Probably. There's often a significant legal difference between selling something intended as a general use tool that happens to have utility in illegal enterprises and selling something that is specifically designed and marketed as a tool for a specific class of criminal enterprise.
We've all seen and heard how abusive the Feds can be when they want to make a point - this is what keeps a lot of these businesses weary of getting involved in this industry.
And then there's the fact that many financial regulatory bodies are INCREDIBLY conservative.
Here's an article about that: http://www.vice.com/read/colorado-bankers-are-still-scared-o...
Frankly, it's a felony to support the drug trade (including marijuana) in any capacity.
I didn't make the laws... just pointing it out. A lot of people think that since their state supports marijuana, then everyone should... but in reality businesses not in your state, especially banking institutions, have a lot of incentive to not participate. It's unreasonable to get mad at your banking institution (Stripe in this case) because they pulled the plug on a very risky customer who might have gotten them put under the Fed spotlight.
Fertilizer? Grow lamps? Water?
You're going to have to draw a line somewhere, 'support' is such a wide term you could technically shut down the power company for supporting the drug trade.
I think the description should at least contain a 'knowingly' and 'primarily' otherwise any garden center is at risk of being shut down.
> A few months ago we started using Stripe as they payment gateway for our marijuana regulatory compliance software
It's pretty painfully obvious this company was "knowingly" and "primarily" supporting drug trade.
They sure worded that poorly.
These are Paypal levels of communication, and from stories linked elsewhere in this thread, not an incident.
It's a right "more honored in the breach than in the observance."
While of course this is true, it's not really a defence in the grander scheme of things. Stripe's business model is not only propped up by the oligopolistic/cartel-like nature of international payment processing, it's a product of it. These guys may find another processor, but as long as a tiny, tiny group of banks/payment processors call the shots on what kind of transactions are allowable legitimate businesses like this will always be looking over their shoulder. Fundamentally all this comes out of banking regulation. I find the whole industry woefully unacceptable.
In other words, they are doing the opposite of breaking drug laws.
Also of interest is their pricing page; their price tiers give you some hint of how much money is sitting untapped in this industry, and how generally underserved by software solutions it is, too.
Unless you consider federal laws.
Marijuana dispensaries and related businesses
Some of these rules come from Stripe itself, some come from the networks they work with.
The credit card processing industry is rife with horrible companies that will freeze your funds for months on end and shut down your account without notice at the drop of a hat.
Stripe stands head and shoulders above the rest of the industry in this regard. In fact, I am impressed by how generous they are being, given that this business is obviously operating in a grey area of federal law.
We have already identified a new on-line payment gateway which has internal underwriting and answers their phone when we call. I spoke at length to the staff, have a follow-up meeting with underwriting so they can be sure we're not breaking any laws.
The BigCo bank we work with doesn't mind.
What the private security companies ended up finding out, however, was that banks started preventing them from depositing _their_ money as well, if only by association.
I think you'll find this isn't only a stripe issue -- it's going to be an issue with many payment processors when you're dealing with federal laws that directly conflict with state laws.
When you create businesses on the knife's edge of a burgeoning new market, you have to prepare yourselves to get cut a few times. It's not easy to build an industry.
It's crazy to me that someone running a business in the marijuana industry would not be aware of, and accept the risk that their business is not favored by banking services nor the Fed. You knew you were breaking, at the very least, Stripes ToS when you processed payments for drugs...
Regardless of your feeling about marijuana and the law... reality stands.
You helped organize, manage, and facilitate drug trade as far as the Fed is concerned.
Stripe is in the banking industry -- heavily regulated by the Fed. They can't have customers knowingly violating Federal law, and potentially passing drug money (again, as far as the Fed is concerned) through their network. It's a huge risk to them.
You cannot blame Stripe for shutting you down.
It's irresponsible and downright ridiculous to blame Stripe for your business's dealings and/or shortsightedness.
You weren't "Fucked" by Stripe... you "Fucked" yourself.
Did you even read the thing? They sell software.
PS: Changing title because a few people can't stomach the f-word is stupid. We are grown ups here.
> We don’t sell pot, we sell software.
As it says in the post, these guys sell SaaS software, not pot.
Does it suck? Yes. But ultimately Stripe is just trying to run their business and a big reason why they get discounted transactions from credit card issuers is because they keep a portfolio of clients with low refund rates.
They've had problems forever with mainstream channels.
If you want to make money with something legally grey don't point the finger at companies who are in a tight spot when it comes to dependencies on such entities. Credit card processing is not an in-alienable right.
Visa and MC don't mind so much if some other party is taking the risk.