Hacker News new | past | comments | ask | show | jobs | submit login
Getting Fucked by Stripe (edoceo.com)
184 points by edoceo on June 2, 2015 | hide | past | favorite | 146 comments

Stripe CEO here: In general, selling anything related to illegal drugs is strictly prohibited by our banking partners. I wish we could be more permissive here, particularly as marijuana legalization gathers pace. That said, it's still illegal at the federal level, and the government doesn't mess around on this stuff.[1] Software is an interesting case; I'm going to go talk to our compliance team to see what we can do.

In general, we try to make our prohibitions clear[2], and we try to give a grace period (the five days referenced) in order to minimize disruption.

If anyone has suggestions for how we could do this better in a world where stringent prohibitions exist, we're all ears. (I'm patrick@stripe.com) We don't like imposing others' rules, but that's part of the reality in operating in the US and on Visa's/MasterCard's/etc. networks.

[1] https://en.wikipedia.org/wiki/Operation_Choke_Point

[2] https://stripe.com/us/prohibited-businesses

If banking partners are the problem, why did you mislead him by blaming "customer disputes"?

(Pedantic note: I know full well that the second part of the sentence that actually places the blame on the "risk" doesn't mention customer disputes as the source, but the former part does, and since it's clearly intentionally misleading I am asking why it was necessary to mislead him by mentioning customer disputes. Those seem far from the core problem here, if not outright irrelevant.)

(I work at Stripe.)

I agree our response should have explained the marijuana restriction. I can't go into specifics for privacy reasons, but I'll add that facilitating marijuana sales wasn't the only factor contributing to the text in this email.

I realize there were probably other factors that contributed to the text in that email, but I think what is interesting to know here is:

Were there any other significant factors specific to his business that made you mention customer disputes as such a significant reason?

(Note that I'm not asking what the factors were, I'm just asking if there simply existed any.)

The reason I ask is, I imagine there might have been other similar businesses with a high rate of customer disputes, and I imagine there may have been other factors in his business that could have resulted in you not wanting to work with them, both of which would be reasonable justifications for avoiding this business -- but what baffles me is how a company with "zero customer disputes over [their] entire history" can get an email blaming his customer dispute risk as the primary concern.

Note that I'm not disagreeing with the soundness of your ultimate decision here, I'm just confused by the email you sent justifying it.

> Were there any other significant factors specific to his business that made you mention customer disputes as such a significant reason?

Unfortunately, yes. Still, explaining the marijuana restriction should've been our primary focus in that email.

In general, we would never close an account that had a reasonable explanation for high dispute rates (unless card networks or banks forced us to). Our goal is to help users manage their disputes, and in the long term to not have to worry about them at all.

Ah, okay thank you for clarifying!

You did right by your business and other customers.

The risk of supporting a single company who chose to participate in the illegal drug market (yes, Marijuana is illegal still under the Fed folks) far exceeds any potential benefits they could of brought.

Frankly, the article and title are written by someone who is upset they didn't understand the reality... It's rather unreasonable to blame Stripe here for their own ignorance.

It seems to me that they didn't participate in the drug market, they participated in the software market.

[EDIT: redacting the second part of my comment as further information in other comments seems to imply it was probably incorrect.]

> A few months ago we started using Stripe as they payment gateway for our marijuana regulatory compliance software

As far as the Fed is concerned, any support of the illegal drug trade industry is a Felony. Selling software that is targeted at helping manage, distribute, and facilitate the marijuana industry (which is illegal federally) is against the law.

As far as Stripe is concerned, they are regulated by the Fed and cannot afford to knowingly have illegal drug market customers sending money through their network.

> As far as the Fed is concerned, any support of the illegal drug trade industry is a Felony. Selling software that is targeted at helping manage, distribute, and facilitate the marijuana industry (which is illegal federally) is against the law.

As somebody with extensive experience in building and selling regulatory compliance software to the gambling industry, I can state beyond a shadow of a doubt that your argument is bullshit. Selling software that explains what is legal and what isn't legal in any specific jurisdiction isn't illegal at all, and doesn't do anything that facilitates the breaking of the law (actually, it is quite the opposite).

> As far as Stripe is concerned, they are regulated by the Fed and cannot afford to knowingly have illegal drug market customers sending money through their network.

That isn't actually what is happening.

> As far as the Fed is concerned, any support of the illegal drug trade industry is a Felony

The Feds. The Fed is mostly concerned with managing the money supply.

And that's not exactly true, even then (the laws are a lot more specific and complex, not everything that could be described that way is prohibited at all, and some of what is prohibited under federal law that way is not a felony.) But its a reasonable approximation.

> Selling software that is targeted at helping manage, distribute, and facilitate the marijuana industry (which is illegal federally) is against the law.

That's quite possibly true, and I can easily see other businesses not taking the risk of getting involved in case it is.

OTOH, if you are going to claim that it factually is, it wouldn't hurt to cite the specific law.

> As far as the Fed is concerned, any support of the illegal drug trade industry is a Felony.

Then there are literally 1000s of business owners in dozens of states in lighting, electrical, communications, real-estate, security, software, internet-service, legal, finance and investement industries committing felonies at this very moment.

Indeed there are. Many businesses are committing crimes without even realizing it, especially things like structuring. These crimes are often selectively enforced.

>> A few months ago we started using Stripe as they payment gateway for our marijuana regulatory compliance software

> As far as the Fed is concerned, any support of the illegal drug trade industry is a Felony.

Are you saying the seller has probably committed a felony by selling this software?

Because if true, I would think they would have been incredibly stupid to draw attention to their business on the HN front page, which they do not seem to be.

Its legal compliance software, there has to be some protection for that, do the feds really make it illegal to help people comply with the law?

> support of the illegal drug trade industry

> marijuana regulatory compliance software


I think it's completely legit for you to pick your partners.

Can you comment on the 5 day warning, though?

Speaking as a quality professional with some experience with billing, the idea of identifying and transitioning to a new payment processor with proper testing and zero business downtime within 5 days isn't very realistic. If a company abstracted their payments up front, great, but for a small firm it's likely there's tight coupling there. Customer communication also isn't instant, and I assume subscription authorizations have to be transitioned as well--probably by the customers themselves.

It would be one thing if you stopped people at the door, but once they're dependent this seems rather harsh unless they've somehow egregiously violated business ethics in a way that's harmed you. You're pretty much guaranteeing a business interruption, and that can be fatal for a small firm.

And from a strictly pragmatic point of view, this is the sort of action that would make me hesitant to pick you for an upcoming project. When I judge risk vs. worst case outcome, the very fact that your worst case is a surprise interruption would put you on the wrong side of the line even at a low risk.

This is essentially a provider uptime decision, and it's easy to see this as unpredictable between 5-9s and zero. That's not a good quality for a payment processor.

Disrupting businesses is the last thing we want, which is why the 5-day warning isn't a hard deadline. We always give people as much time as they need to transition off (as long as we don't suspect fraud). In this case, we'd have agreed to extend the deadline but weren't asked.

As this is the second time I see companies complaining on HN about the short deadline, and there seems to be a consensus that transitioning to another payment provider realistically always takes more than 5 days, you might consider having a longer default deadline that makes it possible to transition in time. Just my 2 cents.

Without having seen the notification email, from the couple of recent posts about this I think it might not be clear that the timeframe is negotiable.

I find it really disturbing that the federal government can do an end-run around the 2nd Amendment by putting the squeeze on banks and payment processors via the DoJ / FDIC to shut down bank accounts of firearms retailers and prevent them from processing credit cards. Regardless of how you feel about firearms, it's still a Constitutionally-protected right.

(Noticing that "weapons and munitions" are on Stripe's prohibited businesses list and the corresponding category in Operation Choke Point)

If you think that is disturbing then you should wonder how the rest of the world feels whenever America decides that its local laws should be applied in foreign countries.

Not sure I follow the thread of logic, but I do find quite a lot of what the US government does both at home and abroad disturbing - if not sometimes illegal and/or immoral - and am acutely aware of how that reflects negatively on us American citizens. That includes your example.

And yet, the 2nd amendment only covers our right to keep and bear, not our right to the business apparatus necessary to make them practical and affordable in modern times.

I see that "weapons and munitions; gunpowder and other explosives" are classed with illegal drugs, when in fact it's perfectly legal to buy such things online (with certain laws in mind). Any reason for this?

Just because it's strictly legal doesn't mean Stripe's banking partners or card networks will allow the transactions. In general, Stripe's prohibited businesses list is generated from partner rules and not directly from the laws.

As another example, note that Stripe prohibits transactions related to the adult entertainment industry. There's nothing illegal about that, it's just that Stripe's business partners don't want to take on the chargeback liability.

I've used Stripe for years and I'm firmly on your (Stripe's) side here. As a small business owner, Stripe has always been the most reliable, trustworthy and just plain best implementation. We don't take PayPal at all, despite its ubiquity.

Kudos here, I believe you guys are doing the right thing here with what you are given. It sucks that this has to be the outcome for people just trying to help a growing industry because of the current state of things.

I do suggest however maybe in the future when sending out those service disruption emails give more details to prevent random outbreaks by seemingly ill informed owners about why in fact they were told they could no longer user your services.

As a fellow business owner I can empathize with the apprehension. We've been approached about building apps for the marijuana industry and have a lot of debates around whether that puts us into a precarious position. The consensus is that we would not be held accountable for simply providing a service especially given that it would not directly relate to the transaction of the actual product nor would it be part of the path that would be considered "laundering." I understand where you're coming from. It's tough to be put in a position in which you believe you may be putting your company at risk, but I think Stripe is missing an opportunity that could position the business as a leader to help change the precedence. Just my two cents. Nice response though. Love seeing business owners here defending their position instead of cowering to poorly written diatribes.

It's good of you to answer and work towards a resolution. However, it doesn't give me much hope that the same would be done when if I was in a similar situation. I've seen many people complain loudly and get PayPal to be reasonable with them, but since I don't have an audience like that, I just get screwed.

> I just get screwed.

Oh come on, own your own mistake.

You didn't just get screwed... you screwed yourself.

You screwed yourself the day you chose not to read Stripes ToS. You screwed yourself the day you chose to violate Stripe's ToS. You screwed yourself the day you chose to ignore Federal Law.

The post you replied to is not the author of the article. Rather, they are stating that when/if they should find themselves in a dispute with one of their providers, their lack of clout means they would be unlikely to get the same "CEO of provider will look into it" responses.

Accusing them of violating a ToS as well as federal law is uncharitable to say the least.

Note that kentt isn't the OP, just someone worried about being in a similar standoff with a payment processor.

Their business is not illegal under Federal law.

Are you sure? The primary purpose of the software they're selling is to aid the violation of Federal law.

Too bad things don't work that way, otherwise we'd have to arrest all the state governments that have approved medical or recreational use.

> Too bad things don't work that way, otherwise we'd have to arrest all the state governments that have approved medical or recreational use

Actually they do work that way.

And yes, the Fed has had a standoff with many States, and yanked funding for things in some cases. Also the DEA has been known to raid long standing medical marijuana clinics in CA. The current administration is a little lax on Marijuana, but that doesn't somehow make the law not apply here (The next administration could come down with a whip).

At the end of the day, there is no other way to slice it. Supporting marijuana in any capacity is currently against federal law.

Geez. I bet you're fun at parties.

What, where is this coming from? Selling software for the marijuana industry doesn't appear to be explicitly covered by Stripe's prohibited business (it says "Marijuana dispensaries and related businesses", but how far does that extend?)

Stripe themselves further cloud the issue by claiming it as a high risk of customer disputes, which is demonstrably bogus and a black mark against them.

Software specifically designed for the marijuana industry sounds like a related business to me.

>If anyone has suggestions for how we could do this better in a world where stringent prohibitions exist, we're all ears.

The author defined his business as "marijuana regulatory compliance software." Therefore, not enough information is given. If the software was purely for medical marijuana regulatory compliance. Then I think Stripe should continue to work with the company, but as it relates to recreational marijuana that is where Stripe should draw the line.

This is not a morale position, but a legal one. Why?

>it's still illegal at the federal level

Yes; however, one may reasonably rely on the representations of the Government. Moreover, in this particular instance the Gov. (via Attorney General Eric Holder) publicly has taken the legal position that the Federal Gov. would not enforce the Federal Marijuana laws against persons who comply with state medical marijuana laws. What Stripe is dealing with is a Software to ensure compliance with these very laws that the Federal Gov is using as the basis for their Federal enforcement (so long as the Software is limited to medical and not extended into recreational).

> Yes; however, one may reasonably rely on the representations of the Government.

In criminal law, the only case that I am aware of where this is a defense against later prosecution is where you reasonably rely on the advice of those responsible for enforcing a particular law that a particular act is not against the law -- a representation by law enforcement that something is a violation of the law but is not a current enforcement priority would not suffice for (indeed, would directly oppose) such a defense.

If you have cases, etc., that suggest otherwise, I'd like to see them.

I'm sure we are both speaking of US v. Barker. And your distinction is well taken, i.e. interpretation of law vs enforcement of law. That said based on Holder's statements I think the argument extends to existing case law of mistake of law. A hypothetical Defendant could certainly argue there was reasonable reliance on the misinterpretation of the law. Moreover, argue that Holder's statements were not simply limited to issue of enforcement, but more generally applicability to persons in compliance with State Medical Marijuana laws. Certainly, the Gov. could not simply trick people into committing crimes by saying we will not enforce "x",then begin mass arrests and later at trial argue the defense of mistake of law does not exist because the Gov's official statement was limited to enforcement not interpretation. Again your distinction is correct, and may be pushes this to a case of first impression.

Our software is intented for the recreational market

I personally wish you the best of luck.

I am not sure the impact practically or legally, but obviously lawyer's can advise these businesses (even in the recreational realm) in these states, so maybe pivot your software as legal service software, license it to law firms and have them re-license it to their own clients. Sucks to inject an otherwise unnecessary middleman into the equation, but you already have that with payment processors, banks, card issuers, ect...

It seems like the real problem here is the administrative process... the OP makes it sound like a unilateral decision with no recourse... and maybe less extreme measures could have been taken, such as letting them know what aspect of their business was high risk and giving them a chance to spin it off instead of just booting them. It is incredibly inconvenient to have to switch payment processors unexpectedly, and having a reputation for booting customers unilaterally will not benefit your company.

That's an insane list. Some of these are really non-obvious, especially for non-Americans, so I think they should be communicated much clearer up front.

(By non-obvious I mean, stuff millions of people are used to paying for online and offline with various legal forms of payment other than cash, including credit cards. That btw also puts a bit of a question mark on the "it's the banking partners, not us" argument.)

> Some of these are really non-obvious, especially for non-Americans, so I think they should be communicated much clearer up front.

When you sign up for service, you are asked to read and agree to their Terms of Service. How much more obvious should it be?

> By non-obvious I mean, stuff millions of people are used to paying for online and offline with various legal forms of payment other than cash

Like what on that list?

>Substances designed to mimic illegal drugs

Substances that are legal but feel too good are prohibited?

Yes. They are called analogues and these laws were created ostensibly in response to the trend of "designer drugs" being developed to evade their scheduling as illegal drugs, by staying ahead of the schedules.

There was a crackdown in smoke-shops in New York on the weed-not-weed "synthetic marijuana" and "functional analogues" of cannabis. For a while you could go into any hookah lounge or corner smoke shop, see a case on the counter with 1g and 2g silver-colored ziplock bags, or 5-10g jars... ask for some "incense" or read whatever it says on the bag out loud (and don't say "spice" because K2/spice had already been scheduled).

You'd receive a bag of something that looks like weed, with labels clearly indicating it was not to be marked or marketed for human consumption, that it was a novelty item and definitely not safe, but if you tried it and you actually knew what marijuana was but for some reason couldn't get any real bud, you'd probably agree it was a passable substitute.

Then these shops all started getting visits from the state police, and you couldn't buy them anymore. Their whole inventory would be seized, under the new (at the time) Federal Analog Act.

I hear you can still get salvia and kratom, but I also heard those are both really not anything like cannabis, other than both being organic and having pharmaceutical applications, that you really couldn't easily use either of those and be at all confused about whether it was pot or not.

Hey Patrick, slight off-topic: Any plans to support Georgia (the country in Europe)?

Storing your customer billing data with your processor can kill your cash flow when something like this happens. You not only need a new payment processor, you need to get every customer to put their credit card numbers in again. If you're in a high-risk business, or simply want to be safe, check out https://spreedly.com. You code once against their API and can switch between 80+ different processors with no code changes, and take your customers with you. I recommend them whenever I can, as I've gone through that pain before, but never worry about it now.

This is really interesting, thanks for posting. I've been idly concerned about tying customer data in with the payment processor, but I accepted it as a given.

The people I’ve known who tried to transfer customer billing information into or out of Stripe all had pretty good experience. The process might take a week or two, but Stripe should be able to coordinate with your new payment processor to securely transfer that information.

(Most of the new-ish trendy payment companies are similarly customer friendly; some older payment companies will refuse to transfer data or will demand outrageous fees for it.)

Forgive me for playing along the line of the devil's advocate - doesn't that then make Spreedly your single point of failure? Are there any more guarantees that Spreedly will continue doing business with you in a situation where Stripe wouldn't?

Taking the current story for example, it looks like it would also violate Spreedly's terms of service. At a quick skim (IANAL) it looks like their ToS is pretty much identical to Stripe's

Situations where Spreedly will continue doing business with you where a processor wouldn't: You get a string of unexpected chargebacks. You crowdsource funds for something that doesn't exist yet. You sell pre-orders or event tickets. Your choice of processor does delayed underwriting and you just hit a volume trigger (e.g. "a PayPal horror story"). The nature of your business changes. You have to issue a lot of refunds due to an unexpected situation. A PCI audit turns up that you shouldn't be touching credit card numbers in the first place. The processor goes out of business -- happens more often than you think.

There are lots of reasons businesses lose their payment processing accounts. Most of those reasons have something to do with underwriting and payment network rules: your actual or predicted chargeback/refund rate going above 1%, or otherwise putting the processor at risk with Visa/MC, or their underwriting bank. Businesses often want to change their payment processor voluntarily, to get more features or better rates, but can't because their customer info is locked in their vault and the won't transfer it.

Your account with Spreedly isn't at risk in any of those situations because they're not a payment processor. They're just an API. They don't care whether your charges are declined, how many refunds you issue, or how many chargebacks you get. Inexperience of new ventures at navigating these issues will get you in trouble with PayPal/Stripe/etc, but not with Spreedly. And Spreedly does data portability amazingly, so there's no lock-in, unlike using a processor's vault: they'll give you your data if you want, or you can use their API to securely move it into the vault at a supported gateway.

The PCIDSS benefits are pretty huge too. With Spreedly billing info can be entered on your website but never touch your server (iframe or transparent redirect). Even under PCIDSS v3 (January 2015), you qualify for SAQ A, a short questionnaire, instead of SAQ A-EP or SAQ C most small sites taking cards directly fall under, which would require quarterly security scans and pen testing of your entire hosting and IT environment. Spreedly not only tokenizes and stores your customer billing info for you to charge, but can act as a proxy to pass it to 3rd parties like fraud screening systems, again without it ever touching your environment.

Good answer, thank you for responding in such detail

The issue I see with Spreedly is it would be a good thing to use from the beginning of the project, but it's not affordable when your first starting out.

Maybe a free package with the ability to store 20 cards? I don't want to pay $99 a month to basically hook up to your API and test it with my first few customers.

Yep. It's awesome that Dan mentions us and has a very valid use case with Spreedly. That said the use case we primarily solve for is marketplaces and platforms working across multiple gateways or third party API's (Expedia, StubHub etc) simultaneously. So I can see why you'd feel $99 was too high in your case. (Spreedly CEO)

Do you think there's enough interest to do a "low usage" (i.e. cheaper/free) option where you aren't hopping gateways and just want to use Spreedly as a processor abstraction layer? I'd love to investigate this for some little side projects that aren't tied to a processor, but $99/mo would be prohibitive.

Hey vcarl when we launched 2 years ago we actually had a $10 per month plan for the first 90 - 100 days after launch specifically to address this type of market. It didn't take. And honestly it wasn't really needed with Stripe and Braintree now in the market. Worse we had some perception problems from larger prospects around a service that was just $10 per month. So we moved up market to a higher price point to service marketplaces and platforms where our story really did resonate.

That makes sense, thanks for elaborating!

Agreed that it's too steep for people who want to use it as a hedge against negative payment processor action. We're Balanced customers and working on moving to Stripe now in time for the June 11 deadline, and I considered Spreedly to make it more cost-effective next time we have to switch, but it's just too pricey as a middleman for the small-ish volume we have. Most cart systems already make it somewhat easy to switch to a different payment processor.

Thanks cookiecaper. I would not disagree with you in general but I would say that in our experience most cart systems don't make it easy to switch payment processors _unless_ you don't care about storing or retaining cards for additional purchases or subscriptions. Most carts, for PCI reasons, pass your cards directly into the gateway so you're still stuck looking at export/import if you want to move.

It looks like they'd work with a startup. I'm not sure on what as I can only see what they've got on their site. From their Pricing page:

"We're an early stage startup wanting to support multiple gateway types out of the gate. Can you help?

Contact [sales addr] to discuss our startup package which is focused on pre-funded startups needing to work with multiple payment gateways."

This is awesome! I'll buy you a beer.

FWIW, I've been running our business on Stripe for four years, and we've been hit with all sorts of legal threats by the government, individuals, and other companies (we're also currently suing the CIA). I couldn't recommend them more highly, based on our own experience and talking to others in the space.

We've done full refunds, partial refunds, and had one unfortunate chargeback with zero problems. Their customer service has always been incredibly fantastic, and the money is in our bank two days after it gets charged. The one issue we've had is that they given super vague answers when our users trip their fraud detection algorithm, simply stating the "charge was declined" and telling us to check with the user's bank, when it was actually the fact that the user had been using the card via a Tor proxy in Nigeria. I think the security opacity is understandable, and each time they helped us work through the issues.

tl;dr: I'm sympathetic to the poster, but Stripe seems to do whatever they can to get the money to you quickly, and their customer support has been great despite running a business with customers that regularly use Tor, fake names, etc.

I met these guys at an entrepreneurs meetup in Seattle about a year ago. They were completely on the level and the very definition of brave entrepreneurs.Their business is producing record keeping software and their customers are licensed by the state government - they are not a grow operation. In this state, the activities of their customers are completely legal and it certainly isn't illegal to produce software. It's disappointing to see them run into this challenge given all the hoops they've had to go through to get their business to this point. Regardless of where you stand on marijuana (I am not a partaker) they have a fascinating story working to legitimize a once illegal market.

> In this state, the activities of their customers are completely legal

No, they aren't. Federal law is applicable in every state, and activities illegal under federal law are illegal in every state. It may not be prohibited by state law in that state, but then neither is, probably, espionage (of, e.g., US defense information) prohibited by the law of that state. That doesn't make espionage legal in that state, and doesn't mean that someone advertising software specifically designed and marketed for the purpose of supporting such espionage wouldn't have significant legal risks.

> Regardless of where you stand on marijuana (I am not a partaker) they have a fascinating story working to legitimize a once illegal market.

Its not "a once illegal market" anywhere in the US. Everywhere in the US, its a still illegal market, its just the number of separate authorities prohibiting it is one fewer in some jurisdictions than it used to be in some places.

Their customers are not buying anything illegal either: they're buying software.

It's the customers of their customers that are the problem.

Would you prosecute Ford because a dealership sold a gangster a car?

If that car was specifically design to commit bank robberies, I'm willing to bet there would be a prosecution.

Perhaps the gravitas of their business would have been better served with a product name like Medical Compliance Systems rather than WEEDTrackr.

Why are people giving Strip a hard time, when banks themselves refuse to deal with MJ dealers? http://www.forbes.com/sites/jacobsullum/2014/09/18/local-ban...

Blame Stripe’s back-end banking partners. Stripe (and similar companies) have to err on the side of caution, because if they get shut off from processing credit cards, they’re hosed themselves. Since as you mentioned your company does a very small transaction volume, servicing your business or anything else with a hint of being drug related is high risk for Stripe with essentially zero reward.

Is it OK to blame consumers for granting the Visa/Mastercard duopoly control over our spending habits? If a card network doesn't like a company, they can kill it (unless the users are motivated enough to use bitcoin, which only happens when you're facilitating illegal trade a la Silk Road). Intricacies of Visa's policies actually ended up killing a well-funded startup I consulted for.

Is it high-risk though? Or is it just perceived that way? It wouldn't surprise me if Stripe and/or the banks saw the word "weed" and shat a brick without actually performing any kind of analysis.

If that is the case then I might as well consider dealing with the banks directly.

Lots of stuff on here recently is making me rethink using Stripe for payments which I would have been doing in the next month or two.

> If that is the case then I might as well consider dealing with the banks directly.

Which you can do, if you have enough charge volume. Are you charging $1 million/month yet? If not, you probably don't have enough volume to carry any weight.

I keep seeing these "whine" stories on HN about "Fuck stripe! 5 days notice?! How dare they!". 5 days is pretty reasonable for someone taking an inordinate amount of risk on you. I can count on one hand the number of HN posters I'd provide upfront financing for in the 5-6 figure range. If you don't like it, find a provider more to you're liking.

You can tear Stripe from my cold, dead hands before I'd go to another processor, 5 day notices be damned. They are leaps and bounds better than the alternatives, and it should be recognized that they face the same hurdles as businesses with funding risk do.

> Which you can do, if you have enough charge volume. Are you charging $1 million/month yet?

No and I will never charge a million dollars a month through anything as I'm in the UK and over here card processing doesn't require anything remotely like that volume and we have a healthy local market for card processors if I choose to go elsewhere.

> dealing with the banks directly

Unfortunately that wouldn't work for the posts author. The Obama administration DoJ and FDIC put the squeeze on bank accounts of broad categories of industry that they found distasteful without any actual evidence of high-risk: https://en.wikipedia.org/wiki/Operation_Choke_Point

> Why were were booted from Stripe? Is it because we are in the marijuana industry?


Agreed. The article is a bit rant-y so I had a hard time figuring out what his actual issue is but the whole time I could only think, of course it's because you're associated with the marijuana industry.

IMO it will take all fifty states, DC and the federal government legalizing marijuana before industries like banking and insurance are comfortable with doing business with anyone associated with the marijuana industry.

Maybe you're right; But something feels a bit out of focus for me, only because they're only 'involved' from the standpoint that they're selling software. If their software was called 'seed' tracker and they didn't mention Marijuana overtly, would it still be an issue?

I get that Stripe can (and should) do business with whomever they choose. This guy's rant aside, I think the fringe business issues surrounding emerging industries are really interesting.

Here's another example: Technically Uber has been operating in a legal grey area for a while (not unlike this software). What if companies like Stripe refused to do business with them because of their quasi-legal business? AirBnB?

If their software was called 'seed' tracker and they didn't mention Marijuana overtly, would it still be an issue?

I think so... As others have pointed out (including the Stripe CEO apparently) the banking industry is very paranoid about the legal marijuana industry right now. There is just too much grey area, even in states where it's legal.


As for Uber and ABB, although there has been a lot of press around them and some setbacks for them here and there I just don't think people get nearly as excited about them as they are about the recent relaxation of marijuana laws. People get very hyped about marijuana (and drugs in general) being legal; it seems like one of those issues that people are pretty passionate about, whether for or against.

> If their software was called 'seed' tracker and they didn't mention Marijuana overtly, would it still be an issue?

Probably. There's often a significant legal difference between selling something intended as a general use tool that happens to have utility in illegal enterprises and selling something that is specifically designed and marketed as a tool for a specific class of criminal enterprise.

In addition, while I understand his protesting that "we just sell software", pretty much by definition he sells software to businesses (i.e. people who will be paying with Stripe) whose legality is a gray area, especially in the banking sector.

Its really aligning the Federal Laws with the state laws so that people in states where its legal don't constantly have to look over their shoulders.

We've all seen and heard how abusive the Feds can be when they want to make a point - this is what keeps a lot of these businesses weary of getting involved in this industry.

In the USA. Then there's still the minefield of European and Asian governments - some of which view the trafficking of narcotics as a capital crime.

And then there's the fact that many financial regulatory bodies are INCREDIBLY conservative.

If I was involved in payment processing, I would not want to even distantly be associated with that industry. The federal regulatory authorities have not been kind to banking efforts in the space.

Right now, most financial institutions are scared to do anything with the marijuana industry.

Here's an article about that: http://www.vice.com/read/colorado-bankers-are-still-scared-o...

This is probably the real reason behind it. Regardless of your own personal feeling on the subject, you have to recognize it's a Felony, and banking/payment service providers have to follow the current laws and regulations. Federal law is always supreme to state/local laws.

What's a felony? Writing software that helps manage compliance with the law? That doesn't sound quite right.

> What's a felony?

Frankly, it's a felony to support the drug trade (including marijuana) in any capacity.

I didn't make the laws... just pointing it out. A lot of people think that since their state supports marijuana, then everyone should... but in reality businesses not in your state, especially banking institutions, have a lot of incentive to not participate. It's unreasonable to get mad at your banking institution (Stripe in this case) because they pulled the plug on a very risky customer who might have gotten them put under the Fed spotlight.

> Frankly, it's a felony to support the drug trade (including marijuana) in any capacity.

Fertilizer? Grow lamps? Water?

You're going to have to draw a line somewhere, 'support' is such a wide term you could technically shut down the power company for supporting the drug trade.

I think the description should at least contain a 'knowingly' and 'primarily' otherwise any garden center is at risk of being shut down.

From the article:

> A few months ago we started using Stripe as they payment gateway for our marijuana regulatory compliance software

It's pretty painfully obvious this company was "knowingly" and "primarily" supporting drug trade.

You specifically said 'in any capacity', I quoted that to make sure there was no mis-understanding about what I was referring to, I understand the particulars of this case.

> Frankly, it's a felony to support the drug trade (including marijuana) in any capacity.

[citation needed]

Writing software that helps manage compliance with state medical marijuana laws is also currently known as writing software that facilitates federal felonies. I don't blame Stripe etc. from avoiding even a remote possibility of the Feds coming after them.

It's not a felony.

> Stripe can only support users with a low risk of customer disputes–after reviewing your submitted information and website, it does seem like your site presents a higher level of risk than we can currently support.

They sure worded that poorly.

Besides that being a debatable reason, why doesn't Stripe not just come out and say that?

These are Paypal levels of communication, and from stories linked elsewhere in this thread, not an incident.

I issue refunds on Stripe all the time and they haven't shut me down. Although I'm sympathetic to the author, it really is Stripe's prerogative to do business (or not do business) with anyone they want. It doesn't sound like they've frozen his account or taken his funds, they just don't want him as a customer anymore.

And it's his prerogative to complain about it. As a person selling services it's very important that payment processors be reliable, and seeing posts like this is very useful information. I wrote donation processing code for a super PAC against stripe's API. If stripe doesn't like your politics (which arguably is what is happening here), will they exercise their prerogative?

It's a right "more honored in the breach than in the observance."

> Although I'm sympathetic to the author, it really is Stripe's prerogative to do business (or not do business) with anyone they want.

While of course this is true, it's not really a defence in the grander scheme of things. Stripe's business model is not only propped up by the oligopolistic/cartel-like nature of international payment processing, it's a product of it. These guys may find another processor, but as long as a tiny, tiny group of banks/payment processors call the shots on what kind of transactions are allowable legitimate businesses like this will always be looking over their shoulder. Fundamentally all this comes out of banking regulation. I find the whole industry woefully unacceptable.

I agree. And in that light, I can't really see where they "fucked" him, not in the least.

It's worth checking out their SaaS, WeedTraqr (https://weedtraqr.com) -- "Marijuana tracability, seed to sale, from your phone". They are located in Seattle, where marijuana is legal, and their app is a way for dispensaries and retailers to ensure compliance with the law.

In other words, they are doing the opposite of breaking drug laws.

Also of interest is their pricing page; their price tiers give you some hint of how much money is sitting untapped in this industry, and how generally underserved by software solutions it is, too.

Federal drug laws are at odds with state drug laws, and I suspect all banks are beholden to the fed, so... :-(

Compliance with state law, yes. Unfortunately the federal law persists.

> In other words, they are doing the opposite of breaking drug laws.

Unless you consider federal laws.

It is not illegal, even under Federal law, to build an app to help dispensaries in Washington/Oregon/Colorado/DC manage their local regulatory compliance. Marijuana is illegal under Federal law, but this software, as a tangential service, is not. If it were, no one online could sell grow tents or grow lights or high-nitrogen fertilizer etc., even though it's obvious what market those items are intended for.

I don't think you can advertise that those grow lights or fertilizer are to be used for specifically illegal activities. One can use grow lights for many different plants. This company is simply poorly named and the marketing is aimed specifically at marijuana which is unfortunately illegal on a federal level.

From the Stripe list of prohibited businesses [1]:

Marijuana dispensaries and related businesses

Some of these rules come from Stripe itself, some come from the networks they work with.

[1] https://stripe.com/us/prohibited-businesses

I wonder if this is related to Operation Chokepoint, a DOJ program started in 2013 which leans heavily on payment processors and banks to cease doing business with businesses the DOJ finds questionable?


Everybody knows if you want to be in the drug business and still have a good banking relationship, you should be selling coke.


While it isn't necessarily the business of HN readers, I feel there may be a gap on communication between Stripe and the author. Either, it is being left out of the article, or the author just immediately threw their hands up.

I've put the full copy of the message from Stripe in the post. It makes no mention of weed.

If they are giving you five days to switch and will pay out all of your processed transactions in a timely manner, then how is that "getting fucked"? It's not.

The credit card processing industry is rife with horrible companies that will freeze your funds for months on end and shut down your account without notice at the drop of a hat.

Stripe stands head and shoulders above the rest of the industry in this regard. In fact, I am impressed by how generous they are being, given that this business is obviously operating in a grey area of federal law.

I just love how this is written... it's as if the author's business is completely dependent upon Stripe and Stripe is shutting him down. If your business is so great, I'm sure there's hundreds of other CC processors who will take it. At least Stripe did their due diligence early on before you actually do have customers.

We have scores of customers, it was very embarassing to send them a notification about this hiccup.

We have already identified a new on-line payment gateway which has internal underwriting and answers their phone when we call. I spoke at length to the staff, have a follow-up meeting with underwriting so they can be sure we're not breaking any laws.

The BigCo bank we work with doesn't mind.

There were a few articles months back talking about how marijuana shops in Colorado were having trouble managing money, mostly because it ended up having to be an all cash operation, and banks would not let them deposit it. Private security companies dedicated to managing and transporting that money ended up being created to help relieve that issue.

What the private security companies ended up finding out, however, was that banks started preventing them from depositing _their_ money as well, if only by association.

I think you'll find this isn't only a stripe issue -- it's going to be an issue with many payment processors when you're dealing with federal laws that directly conflict with state laws.

When you create businesses on the knife's edge of a burgeoning new market, you have to prepare yourselves to get cut a few times. It's not easy to build an industry.

Several stores in Colorado have started accepting debit cards in the past month or so - maybe this is becoming less of an issue. Source: I live in Colorado

Can I request a title change, maybe to "Stripe just booted us with 5 days notice". I'm not normally phased by the f-bomb but it's so distracting on the HN front page.

An even better title change would be "We just got booted from Stripe for violating their terms and likely a few federal laws".

It's crazy to me that someone running a business in the marijuana industry would not be aware of, and accept the risk that their business is not favored by banking services nor the Fed. You knew you were breaking, at the very least, Stripes ToS when you processed payments for drugs...

Regardless of your feeling about marijuana and the law... reality stands.

We don't process any payments for any drugs. It's software for reporting data to the State of Washington. No different than software for managing inventory for alcohol or pharma.

You are ignoring the fact that the laws in Washington State do not trump Federal laws. Your entire business was built in direct opposition to Federal Law.

You helped organize, manage, and facilitate drug trade as far as the Fed is concerned.

Stripe is in the banking industry -- heavily regulated by the Fed. They can't have customers knowingly violating Federal law, and potentially passing drug money (again, as far as the Fed is concerned) through their network. It's a huge risk to them.

You cannot blame Stripe for shutting you down.

It's irresponsible and downright ridiculous to blame Stripe for your business's dealings and/or shortsightedness.

You weren't "Fucked" by Stripe... you "Fucked" yourself.

Why do you keep posting more or less the same comment over and over again? We get your point, no need to repeat yourself.

Stripe's terms say that "Marijuana dispensaries and related businesses" are prohibited. You're certainly not a dispensary, but reporting software designed and advertised for one sounds like a "related business" to me.

What federal laws did they violate? As noted in the post, they sell software, not marijuana.

> Processed payments for drugs

Did you even read the thing? They sell software.

PS: Changing title because a few people can't stomach the f-word is stupid. We are grown ups here.

Did you even read the article?


> We don’t sell pot, we sell software.

> You knew you were breaking, at the very least, Stripes ToS when you processed payments for drugs...

As it says in the post, these guys sell SaaS software, not pot.

Seems appropriate. If the merchant wants to refund their customer Stripe should help them, not tell them to f-off. Stripe really did something no one civilized would expect and left the company and company's customers in the lurch on this one.

What you say is true. One can nevertheless choose to communicate it without resorting to profanity.

Normally I'm opposed to censoring profanity, but I agree it's a bit distracting.

I can't get into details, but I've had a similar situation with Stripe abruptly refusing to provide service to a wine distributor solely due to their industry.

What Stripe did is in line with the industry you are in, not the amount of refunds you might have emitted so far. I'm sure you'd get the same email if you were running a dating site, even if you had never had to refund anyone yet.

Does it suck? Yes. But ultimately Stripe is just trying to run their business and a big reason why they get discounted transactions from credit card issuers is because they keep a portfolio of clients with low refund rates.

Can he not switch to a Pr0n CC payment channel ??

They've had problems forever with mainstream channels.

CCBill perhaps.

It's VISA and MC that are the problem, not Stripe, they are simply operating under terms dictated to them by the card companies and the feds.

If you want to make money with something legally grey don't point the finger at companies who are in a tight spot when it comes to dependencies on such entities. Credit card processing is not an in-alienable right.

Well Visa and MC have problems with pr0n too... Hence the existence of fringe CCBill / Epoch etc.

Visa and MC don't mind so much if some other party is taking the risk.

Another lesson to avoid becoming completely dependent on any product. Always good to have a backup plan.

Ah, thank you so much for sharing this. We have just been working on a Stripe integration in addition to PayPal, but we're going to find someone else now. It doesn't appear worth the risk.

To be fair to Stripe, this will be an issue regardless of the provider you use. They share the same back-end partners. As long as a business appears to be high risk, the risk of shut down by payment provider will exist.

Except this post has given the impression that they are being over zealous in who they deem 'risky,' for whatever reason. If others could share similar 'over zealous' stories from other financial providers I might reconsider.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact