Hacker News new | past | comments | ask | show | jobs | submit login
Stripe Is the New PayPal
679 points by disappointeddev on June 18, 2015 | hide | past | favorite | 303 comments
Dear HN,

I am only writing this post because Stripe are not responding to my emails.

I started using Stripe last month and everything was going smoothly. However, this week they sent me an email saying:

"Stripe provides a service between banks and our users. In order to provide service to our users, we are urged by our banking partners to keep an eye on all accounts that sign up for our services. We've noticed that you have processed charges that seem to be unauthorized--in order to make charges with credit and debit cards, the owner of the card must consent to the charge. Charges on your account do seem to lack this consent, which unfortunately means that we will no longer be able to offer service"

This makes no sense as I have had hundreds of payments and not a single payment has been disputed. So how could it be true that the payments are unauthorised? I have sent Stripe emails explaining this and they will not respond.

I am very disappointed. As a member of this community I assumed Stripe would treat developers making a living online with a little more respect. I plan to write a lengthy blog post explaining this in more depth.

Update: I am currently in contact with Stripe CEO over email. He is dealing with the issue. I will keep everyone updated.

After using Stripe for our subscription service for over 1year with 100'000euro+ monthly transcation we got a 10day notice that they would shut us down. Also the mail was send late on friday before a long weekend, yeah! =)

No warnings, no chance to appeal, no heads up and absolutly no possiblity to call them. Lost around half a million euros before we could get our customers exported to another payment processor. Thanks Stripe!

It's a great service when it works, not so great at customer service.

We were booted from stripe when a couple of customers just decided to chargeback all of their previous transactions, each of which was pretty small, without first contacting us, so it was too late to issue refunds. That pushed our chargeback rate over the 2% threshold, so we were booted. Unfortunately the chargeback rate is measured as % of transactions and not volume. Seems like a great way to screw with a competitor would be to get a few cards with different names (on one of my cards alone I can assign up to 100 authorized users with new names and addresses), make a bunch of small transactions, charge them back a couple months later, then watch your competition get booted from stripe.

Is there anything that makes this sort of practice unlawful?

Not that I know of, plus it would be extremely difficult to detect as each chargeback would appear to be coming from a completely different customer (different name, different address, different card number). I'd imagine this kind of attack would be especially stressful to SaaS businesses or subscription businesses in general.

every business actually. If credit cards represent a xx% of your business, then you would be pretty screwed to lose that. Brick and Mortar would have it worse because of lower net margins.

Did you break their rules? Their terms say that they can cancel your agreement, but only with a 2 months notice:

> We can terminate this agreement for any reason on two months’ notice and immediately in certain circumstances

Source: https://stripe.com/gb/terms

>certain circumstances (such as where you breach this Agreement)

It concerns me, as this still gives them full power to terminate the agreement immediately anytime they want. They never define what "certain circumstances" are, rather, they just provide one example.

EDIT: I would just like to say that I was mistaken. See the reply to my comment. That said, the US terms differ in an important way.

If you click 'Complete details' just below you will be provided with a full list of the circumstances in which they can terminate with immediate effect (although I acknowledge that the ability to terminate simply because a card network/issuer requests this is not particularly transparent (but understandable)):

- we determine in our sole discretion that you are ineligible for the Service because of the risk associated with your use of Stripe, including without limitation significant credit or fraud risk, or for any other reason;

- you do not comply with any of the provisions of this Agreement, or

- upon request of a Card Network or a card issuer.

I see. I was mistaken. I didn't follow the Details link. I did notice something equally concerning on US one

On the US terms, I see the following sentence:

"We may terminate this Agreement and close your Stripe Account at any time for any reason effective upon providing you notice in accordance with Section A.15 above". It goes on to copy what the UK agreement had, but that one didn't include this sentence.

I wonder if they could be sued for that. IANAL but afaik US contract law states that vagueness in contracts always benefits the party who did not write the contract. The vagueness may be used to your advantage to indicate that they didn't give you the two months you expected.

Is it against the TOS to route half of the payments to stripe and the other half to another payment processor in order to mitigate the problem of being shut down ?

With paymill looking like a stripe clone, it may be a good solution to split the revenues stream.

That says UK.


> Is that what the /gb/ folder in the path means? ;)

It's what "United Kingdom" in the page title means.

off topic but can you link me the business/company you are involved in?

It was a SaaS subscription with mostly companies as customers. We didn't brake any ToS, Stripe refered to a high chargeback rate (1-2%) and that was it. Something about SaaS being high risk and getting close to 2% chargeback could loose Stripe their contracts with MC/VISA. In reality no fucking risk as we had a 100% refund policy, no questions asked, no time limit.

This is confusing, so apologies if I'm misreading. Your policies are irrelevant if you're getting chargebacks despite them. Stripe was not lying: they are mandated by Visa/MC and whatever processors they work with to keep their chargeback ratio lower than that. If large customers like you can't keep your ratio below ~1%, then they have to drop you to preserve their own business. Having a high chargeback rate is itself a violation of the TOS.

If you really were getting 2% of your payments reversed despite a 100% refund guarantee, there's really something wrong with that business that needed fixing. Perhaps uninentional, but people were being misled in some way, or claiming that refund was too difficult, or contacting you and getting a prompt response too hard. I run several SaaS businesses, with $MM total revenue, and had 3 chargebacks total last year adding up to less than $500.

People missunderstand me a bit, I'm sorry if I wasn't clear. I liked stripe and still use it for some sites. I have no problem that our 1%+ chargeback was an issue for Stripe who have to keep Bank/VISA/MC happy. Also, it's ok that they didn't want us as a customer. Stripe has as much right as any other business to choose their rules and customers. I just told our story as a complement to the creator of this thread for other users of Stripe to know what could happen. Stripe is not a golden bullet for credit cards online as often told in the tech community.

Now, what did bother me enough to comment at all?: 1. We always send in detailed papperwork for each chargeback. Never heard back for any of these during our time as a customer. Not once! 2. We never got any indication that we were getting close to some limit resulting in being cut off, just the email saying byebye in 10days (or whatever it was, maybe 7?) just as everyone in the office went on a 4 day holiday (bad luck I guess). 10 days is not even close to enough to set up with a new processor for SaaS-products if you need an import of old customers and have any to speak of amount of charges going on. It triggers a lot of extra papper work. 3. Payment processors claim SaaS is high risk as there is no product for proof of delivery. Stripe has all our money for months and a full refund policy makes it low risk in my eyes. We pay extra for this hassle anyway. If they say it's a risk, ok, Stripe knows better I hope. We had very long going ID identification so fraud was never the issue, just people trying to get money back and ashamed of asking it from us directly. 4. Stripe dealing with 1mil+ euro yearly of our money and refusing to speak on the phone even regarding major issues. Emails with "tough" questions always disappeared into thin air. It feels weird to not being able to contact someone that have your balls this way.

PS: Our "high" 1-2% chargeback spiked sometimes as customers that had made 10+ transactions during a year could start a chargeback for all transactions. Never spiked above 2%. Also, the product attracted many lazy and not-so-tech-savy-people, very far from the typical tarsnap user (which I'm a long term user of). Not defending our chargeback-rate, just that we know why as we phone up each user after a chargeback to get an understanding.

Long comment, hopefully it clears out my thoughts for those interested.

I have trouble believing even a 2% chargeback rate would endanger Visa/MC.

It seems like they hardly spend any time investigating chargebacks and most disputes seem to be won by the buyer by default unless they have a habit of filing chargebacks.

The reason Visa/MC so rigorously enforces those ratios has nothing to do with immediate financial danger from the reversals themselves. They bear no actual risk there.

Visa/MC work with an ever-changing mix of tens of millions of merchants that they never have direct contact with. There's a long chain of banks, ISOs, MSPs and other resellers between the card networks and the businesses that accept cards, yet they still need to provide some kind of oversight to avoid working with businesses or business models that would damage the integrity and trustworthiness of their brand with consumers.

The only way they can do that is to have policies that create incentives for the behavior they want to promote, and that prevent the behavior they want to discourage. The mandate to have a reversal ratio under 1% is one of those policies. Because it's enforced at the top, it trickles down the pyramid to every single business accepting credit cards even though they never directly interact with Visa/MC. Anyone with any kind of business that leaves customers dissatisfied, whether it's due to fraud, abuse, incompetence or ignorance, will end up being excluded from the network until they can rectify their issues despite Visa/MC never knowing they existed.

And unfortunately it is encouraging poor behavior from customers to be able to get things for free.

I think everyone can agree that maybe with a 20% chargeback rate, there is something wrong with the business but 1-2% seems possible for a legitimate business.

As a credit card user, I don't think it is their job to dictate which businesses are worthy of operating or not.

As long as I get my money back when I do a chargeback, then they did their job.

> 1-2% seems possible for a legitimate business

Somehow, all the businesses that currently exist and accept credit cards are doing so without more than 1-2% chargeback rates. That's a pretty good indicator that this isn't a problematic level to set the bar at. It's really much higher than you seem to think. 1 in 50 people walking into a store shouldn't have some payment problem so serious they have to go to their bank instead of the store to resolve it. Neither should online sellers be generating chargebacks every single day; 50 sales a day is a very small business. If 2% were an acceptable level, Wal-Mart would be allowed to generate 300,000 chargebacks every day, millions per year. 300,000 people who have a problem with charges on their credit card per day at a single retailer would clearly not be good for Visa or MasterCard's brands.

> As a credit card user, I don't think it is their job to dictate which businesses are worthy of operating or not.

As a credit card user, don't you prefer that you don't have to call your bank and dispute a transaction on a regular basis? It's this bar that ensures bad actors aren't there to take your card in the first place, that the stores you shop at don't engage in shady practices resulting in charging you more than you expected to pay, that they have reasonable return/refund policies, and that they have good and prompt support so they can resolve issues with you directly without you going through a third-party mediator.

Ensuring low chareback rates ensures high customer satisfaction rates across millions of businesses. If a business wants to operate despite large numbers of dissatisfied customers, they're free to do so. They can take cash, or checks, or debit your bank account. They just won't be allowed to take Visa or MasterCard cards. That's not a right.

> Somehow, all the businesses that currently exist and accept credit cards are doing so without more than 1-2% chargeback rates.

Citation needed.


"Amount over $2400-$2500 mark suddenly experiences a surge and it is almost 3.0% to 3.5%"

I have personally had times where my chargeback rate has been above 2%.

Being able to accept credit cards is more of a right rather than a privilege given how much of a monopoly they have and it is virtually impossible to accept payments online through any other means.

I take it you are in favor of credit card companies being able to block payments to arbitrary entities such as wikileaks?

"Amount over $2400-$2500 mark suddenly experiences a surge and it is almost 3.0% to 3.5%"

Did you read the rest of that comment?

"I can cite figures for Remittance industry only."

From Wikipedia:

"A remittance is a transfer of money by a foreign worker to an individual in his or her home country."


Frankly, I'm kinda surprised that they're able to operate in that industry with credit cards at all, given how attractive it'll be to credit card fraudsters.

And what is your point? The remittance industry is not a valid business?

It is very common knowledge that 1% is the cutoff. Are you seriously questioning that?

I don't doubt 1% is a common standard but the parent was making the assertion that "all the businesses that currently exist and accept credit cards are doing so without more than 1-2% chargeback rates".

Maybe not "all", just 99.9%.

2% is very high. MC/Visa require you to keep your chargeback rate under 1%. If you go above it you'll get add to their excessive chargeback program which if you don't get out after after certain amount of time, you'll be fined up to $50k a month(volume dependent) . Go above 3%, you get yourself in audit program and risk losing your merchant account.

We do ecom subscription and ours is 0.01% in comparison.

If you blame the customer, you should better qualify your customers. There are services that can tell you if the customer has committed friendly fraud(fraudulent chargebacks). Burden is on the merchant to prevent chargebacks.

Where do you think the refund for a chargeback comes from? With a 3rd-party aggregator like Stripe, it comes directly out of the merchant's Stripe account (i.e. Stripe's aggregated account with Chase Paymentech). If the merchant has already withdrawn all of their money from their Stripe account, then Stripe is left holding the bag.

Accounts with 1-2% chargeback rate are incredibly costly. Stripe is potentially having to pay 1-2% of that account's entire processing volume in losses.

Chargebacks don't magically get paid. Somebody is left holding the bill.

If a payment is reversed, fine. The buyer got all their money back.

But adding a $25 "administrative fee" or a $10,000 fine seems like a frivolous act, given how little effort is spent investigating chargebacks.

What sort of SaaS product has a 2% chargeback rate? That's huge.

That's what I was wondering -- Tarsnap may be an unusual case, but out of over 10000 transactions I've only had one chargeback... and I won that because it was initiated by accident.

Agreed. CircleCI has had one chargeback ever. It was $19 and by a long-term customer who didn't do a chargeback for any other month. We assumed it was an accident, but didn't contest it (not worth it).

Why not ask your customer why they did the chargeback?

It could help identify some hidden problem and as a bonus make them cancel that chargeback.

I think it looked like an accounting department had made the chargeback, which implied an accident. It could have been a hidden problem but it didn't strike us as the highest priority one (we've plenty of problems people are telling us about that go higher in the queue :))

1-2% chargeback rate is the exact opposite of 'no risk.'

This is why people will eventually end up hating Stripe just as much as PayPal. There is a huge disconnect between consumer expectations and the realities that a 3rd-party aggregator like Stripe faces.

Apparently there was more chargeback risk than you are suggesting. If you are so customer friendly with your refund policy, you should do a bit more work upfront before refunds are necessary. That's all.

It wasn't too hard to find. It doesn't look like the company is in business anymore.

Payment processing is hard and I don't know your exact situation but I'm a little surprised Stripe leaves itself so wide open to such complaints considering how much money it has raised and how deleterious such stories can be as they add up.

Stripe CEO here. I just wanted to let everyone know that I'm taking a look at what happened here.

OP (disappointeddev), if you could drop me an email, that'd be great: patrick@stripe.com.

Patrick, since you are here -

The service your provide is excellent, I adore the way Stripe does things in general, but your tech support absolutely positively blows.

We've been using Stripe for year and a half now and we had to contact support several times (6-7 ?). Every single time I would hear NOTHING back for few days, then I will log onto your IRC channel and start, basically, bitching. Lo and behold, not a minute later I get a private IRC message asking for an account ID and then I get a reply from the support in another 5 minutes. Invariably, it will start with a cry story how the support is unusually overloaded now.

This is absolutely unacceptable. In one case we had issues with two-factor authentication not working, and you'd think it warrants a more-or-less timely response, but, no, it still required the IRC trick to wrestle a reply from your support.

Please fix this.

I am reminded of customer support lines in general, which somehow always seem to be experiencing unusually high call volumes...

>which somehow always seem to be experiencing unusually high call volumes...

That's because the times you call, by the laws of probability, are exactly the times when it is most likely to be busy. The same principle leads patients to estimate the business of a doctor's waiting room higher than the doctor or staff would.

There's a name for this type of phenomenon in the abstract, but it eludes me.

In practice, I think that what we're actually seeing is what happens when customer support is seen as a cost center. The company could spend more on support, or they can add a notice to the call waiting and call it a day.

I don't think it's that. It's just really hard to scale support. It doesn't matter if you shovel money at it, it's still hard. Companies that are growing very quickly will always have periods of less-than-ideal customer support.

I don't think thats true. I work at a startup that's recently raised our series B, and I use our customer service all the time. I always get excellent response times, and I'm treated just like every other user of our product. Our CEO spends a ton of time ensuring that operations and customer happiness are priorities. If it's a focus of the company, it's definitely possible.

I'd love to hear more about your company and how they scaled support, if you have time, ping me john@heapanalytics.com. If there's something I can do early to make scaling support easier later, I want to know :)

Your CEO spending a LOT of time on just prioritizing support probably means that support is a hard problem that needs serious resources.

What are you saying exactly? I'll take the CEO, and the company, that takes support seriously over the one that doesn't. Support does need "serious resources" because it has long-term benefits to the company that too many companies think are not important and don't give it enough priority.

Good examples are John Legere (TMobile CEO). How often do you see the CEO of Verizon or ATT actually showing a human response to customers in public?

The parent said that he didn't believe it was true that support was difficult. I was saying that if it's something his CEO is dedicating lots of time and resources into, it may actually be difficult!

Obviously a CEO a who values support is important, as obviously support is important.

Good customer support is important for a good customer experience (CX). These unusually high call volumes (cough, IKEA) are getting quite frustrating and provide for a terrible CX.

Terrible CX is endemic in business. I don't understand why Stripe can't set the bar higher. They clearly have money to throw at this problem.

+1 for a similar experience. We switched over from Balanced, who always had excellent customer service, when they shut down. It took a month for them to fulfill our simple request so that we could complete the migration process, and this was only after our CTO whined loudly over IRC to get a response, despite me sending emails to their support every few days.

+1. Similar experiences for years as well.

The last time Patrick posted his email[1] soliciting feedback, I emailed him but never got a response.

I'm sure being a CEO is a busy job, so I understand. And I'm sure he'll respond to OP. But keep in mind just because he posts his email publicly doesn't mean he's actually any more reachable for it.

[1]: https://news.ycombinator.com/item?id=9646672

Hm, I never received anything! Can you send it again?

(Two of us from Stripe, myself included, have already been in contact with disappointeddev.)

Not sure if this is the case for you all or not, but several years ago I was consulting for a company who was having serious support issues similar to this where random customers swore they were sending support requests via email, yet the company wasn't receiving them. Because it was working properly for some and not others we didn't think it was an issue on the company side of things. In the end though it was overly strict spam filter setting was just junking emails randomly. I bring this up because there does seem to be a common trend occurring lately where people are saying they sent emails and you all are saying you didn't receive or are not seeing them.

A company that accepts support emails silently, without giving an immediate acknowledgement and a ticket number, isn't serious about support. If you're serious about support, you have a tracking system visible to the customer.

I suspect a large overlap between the words likely to be used in email to Stripe (support or CEO) and the words likely to be used in e.g. 419 scams. Bad Bayesian filter seeding could easily impact legitimate messages in that case.

Especially if you're forwarding from your company domain to a gmail, some will be stuck in the company domain email and not get forwarded (has happened to me many times).

Not to knock on you, but I'm starting to see this is a trend. I was on the hn irc channel, and numerous people complained about the same thing. That you're always very willing and ready to offer support here on HN by saying "Sure, just email me!" but when these folks do email you, they are ignored. I don't know if this is a clever PR strategy to contain and direct fallout to a private medium so it never sees light of day, or if it was a genuine mistake.

I think and hope it was the latter, but the frequency with which this seems to be happening starts to suggest it may also be a little bit of the former. E.g., just in this very comment thread there's a handful of people claiming you never responded to emails even after explicitly asking them to email you.

I wasn't in the IRC room, but I'll go take a look at what happened there -- thanks for the heads up.

I'm not trying to be negative, but the stripe channel is very active. Why aren't you assigning someone to give 100% attention to this concentrated collection of YOUR users?

Oh, we do -- we've hired a few people to help users in #stripe on a full-time basis.

Again, not to be negative, but a complaint about Stripe with 500 up votes and hitting the front page, after having full-time employees in the Stripe channel?

Something is not going well with the CX (Customer Experience) if we're seeing this many complaints in the comments section.

I don't believe this person posted in the IRC channel.

> I don't know if this is a clever PR strategy to contain and direct fallout to a private medium

Well to be fair, they pretty much have to go to a private medium to talk to their customers, especially in a financial setting.

Can you link to the HN IRC channel?

I've re-sent it. I have DKIM and SPF set up for my domain so if my emails are actually being dropped you must have a very aggressive spam filter!

> I'm sure being a CEO is a busy job, so I understand.

Why would you understand?

It is a simple feat to respond. At the very least, he could have forwarded your email to someone, CC'd you on it, and said "Hey X, please look into this case for me."

No response to an email is above all disrespectful, regardless of how busy he might be. It also implies that he is giving away his email address as a PR move.

These pieces of information that keep dropping on HN is going to make me move my business away from Stripe too.

Stripe, why would you screw yourself so badly when you could easily have been the only viable option by simply not behaving like PayPal?..

I think this is something that sets PayPal apart. Paypal just doesn't seem to care at all. Their customer service is appalling.

That being said Patrick, you can't do this forever, the service & support ought to be well without the need of a call for attention.

I think this is the 3rd or fourth one in the past 2 weeks. Is something going on at Stripe? Why are these all happening now?

Our overall support response times are actually substantially faster than, say, 3 months ago.

Part of it is, I think, because we're growing quickly -- even for the same problematic case percentage, there are going to be more in absolute number. (And, as Stripe becomes more prominent, the cases that happen will themselves get more attention.)

In addition, the cases that get public attention generally aren't clear-cut. For example, the other discussion on HN a few weeks ago was about a marijuana-related business that most likely violated our ToS.

We care a great deal about providing great support at scale. Each of these cases triggers a lot of internal discussion about how we might have been able to do things better.

For what it is worth, just my two-cents, but I think even having a customer-facing ticketing system (doesn't necessarily have to be public facing) would help quell some of the unrest. At least for myself, I don't mind a delay in support, but when a request is sent in and it seems to disappear into a black hole it can be frustrating. If there was a way to incorporate support into the dashboard so that users could open/edit/check status of tickets directly from there that would be a great step in my opinion.

This is a really good point. Having something where you can see that what you asked is at least in the system, and Nth in queue, helps a lot when dealing with the opacity of tech support.

This would require a meaningful and physical support presence, for certain. It would also enable users to really prove support times. These are costs and risks for Stripe respectively. I doubt they implement this.

Yes and no. Theoretically you could implement an online ticketing system and have one or two people going through the tickets with minimal support. Plus, they are already have the expense of having someone constantly monitoring IRC, Twitter, HN, and any other public forum so implementing a basic ticketing system within the dashboard should be minimal. As for proving support times I think that would actually benefit Stripe greatly. It is easy for me to send a support request to Stripe right now and get on HN in 5 minutes complaining I haven't received a response in hours or even days. Sadly, we live in a "now" society that when we don't get an answer in seconds we assume we are being ignored. I am not saying this is happening in every case, but IMO, proving support times can have a direct impact on reducing the negative PR around support such as posts like this one.

I get that this is super sensitive, but I really wish you were a bit more public about these things. Stribe is basically the best thing that happened to ordinary programmers since the internet - it is the missing (technical) part of making somehing people want and selling it online, in a way where you can provide almost all of the experience.

Unfortunately with the previous (and now this) it seemed like you guys had become paypal and thus dangerous to do business with.

As a developer, I've only had positive experiences with PayPal customer service. Prompt and helpful.

As a someone looking for a payment processor, I now know that the only way we'd be lucky enough to receive support is if we wrote a Hacker News thread that made it to the front page.

It's weird to find out this way, as I was procrastinating on HN instead of researching.

Just like when you told me to email you and then never responded. What a joke.

This is the reason I like to use something like BananaTag[0] for all my emails. It helps provide me peace of mind, and transparency, even if the person on the other end has no intention of doing so.

[0] http://bananatag.com

How'd Stripe solve the issue if HN did not exist and OP would never emit his disappointment publicly?

+5 for the CEO of the company responding in under 45 minutes to a post from a disgruntled customer.

-1 for CEO to be sitting around reading HN enough to respond within 45 minutes. Get back to work! :-)

This is called PR


We expect follow up posts if everything gets sorted - even if it embarrasses you or Stripe a little bit.

Disappointed Dev Update after 24 Hours: "After speaking with Stripe I have decided to end our dealings. Unfortunately the issue could not be resolved. We are looking at alternate providers."

Despite this being a public forum of great scale, and a certain degree of PR involved etc. etc., I think its great that you took the time to respond yourself (or even saw the post in the first place). I was considering a few services for transitioning a home grown billing system (old and tired), and this helped me decide to go with Stripe.

This response alone is why I will always recommend Stripe. The support may need support of its own, but knowing that you can get management's attention fairly easily says a lot of great things about the company and the people working there in my book.

Yeah, except not every Stripe customer knows that the real place to get support is (apparently) Hacker News, rather than Stripe support. The fact that the official channels are non responsive but a post on HN gets an immediate response could be construed as a red flag: the company cares more about avoiding bad PR than about having good customer service.

Well, the "support" here is just much more visible than everything else that we do. We provide support over as many channels as possible: we employ full-time folks in #stripe on IRC, we monitor Twitter, we send thousands of emails every day, we're rolling out phone support, we chat with customers on IM -- and, yes, we reply on HN. Obviously nobody should have to post here, but we'll certainly respond if they do.

Fraud-related cases are particularly hard, by the way. Thousands of people try to defraud us every day. (I guess it's a consequence of being highly-visible and easy to set up.) And so the support for those cases has to be handled a little differently.

> We provide support over as many channels as possible

Maybe that's the problem. Might be better to provide stellar support on one or two channels.

Has anyone defrauded you with a bitcoin payment yet? I assume volume is low, but out of that volume has there been any reports of fraud?

It was a genuine question?

No knock on the great work you guys have done to make Stripe easy to use and visible but I'm pretty sure thousands of people try to defraud you every day because you're a platform to transfer money. Money is a popular thing to steal.

Complaining on social media shouldn't be required to get management's attention. This is damage control, not that there's anything wrong with that...

Please note that I have nothing against Stripe, dealing with money looks very challenging, and these issues are probably not easy to solve/support for each and every user.

These keep popping up and Stripe quickly intervenes after it's on HN. Why not just answer your emails in the first place?

Definitely easier than getting the attention of paypal in the past.



People don't need to check his LinkedIn. He's a well-known entity on HN and a cofounder of Stripe. LinkedIn aside, try checking https://en.wikipedia.org/wiki/Stripe_(company)

Someone else posted last night (I'm on my phone or I would search for the post) about Stripe support. Looking at their Twitter stream it appears they are having a very difficult time managing their support infrastructure and do not have a trouble ticket system. I love Stripe's API and have helped several clients integrate it, but as the developer-friendly, anti-PayPal processor they were once known for, this development is very discouraging. I know Patrick and John are active on here so hopefully they will see this and come up with a solution.

We've run into this as well. It's absurd that a company of their size has no support ticketing system. There have been occasions when we've had to rely on personal relationships with staff at Stripe to simply get an email response to our account questions.

Engineering support is great and responsive through IRC but, stripe engineering staff there just shrug if you ask a business question.

It should be pointed out that traditional merchant gateway providers (larger, with more resources) are WORSE than stripe in this regard. Prior to stripe, we used cybersource. It was a support disaster, to say the least.

We once asked Auth.net support an API question. The response: "What's an API?"

What kind/level of support? Call center staff don't often know such things.

It was a long time ago - maybe 2008 - so I don't really recall. We called what seemed most likely to be technical support, and they had no freakin' idea what we were talking about.

Their engineering support is incredible, and their API is well-documented and so easy to integrate. It is hard to believe that they can't spend a little more time focusing on customer support, especially as they continue to add new features and countries the problem is only going to increase. At least adding a public-facing ticketing system would pull some pressure off. I don't necessarily mind waiting for support, it is the not knowing if you even received my support request that can be frustrating at times, especially when there are real dollars at stake.

I think one thing that is not well understood is that Stripe has a "Freemium" model. Prior to Stripe nearly all other payment processors required a minimum monthly fee. Stripe's lack of any minimum monthly fee is something that makes it very attractive and undoubtedly helped partly fuel their rapid growth. It's a great example of how you can leverage VC funding to build a business. Having said that it must mean a staggering amount of support emails from customers in "production". That developer doing just 1 or 3 transactions a month at $100 each still feels as strongly about getting an issue resolved as someone doing $1 million or $10 million a month. I've always wondered what that was like to manage.

Other payment processors that do not use a 'freemium' model charge less for their processing fees (and varying rates across cards). The reason it seems freemium for Stripe and other competitors is that they charge higher processing fees for the convenience than other traditional processors do.

It's a nice spread too. They take a 2.9% fee for charging a debit/check card, but pay Visa as little as 0.05% + $0.21.

How nice that spread is does depend dramatically on the size of the transaction, though.

I'm guessing a service like Stripe has plenty of customers in B2C markets, where selling something for $10 is hardly unusual. At that price, they are only making a few cents on the transaction in revenues (not profits).

Obviously on a $100 transaction the figures work out much better for them.

I think Stripe also still charge the same rate for all card types, but behind the scenes they are probably paying significantly higher rates to some card networks than others.

  Why do we pay that much again?
Assuming risk.

I'm paying 0.15% + $0.26 for those transactions through another MSP. I think many people are paying the 2.9% for the convenience Stripe and PayPal offer over applying for and integrating a merchant account and gateway, not because they're a huge risk and nobody else would take their business at lower rates.

Why doesn't someone do Stripe (or Square) with interchange-plus pricing? To little profit?

I always hear, but never believed, that businesses supposedly appreciate stable fees. After having several businesses I know I much prefer lower fees.

But that doesn't include the credit card association's 2.10% or whatever, does it? Stripe does.

Yes, collapsing the confusing levels of this process is certainly worth something.

No, it does include that fee. That 0.05% + $0.21 I referenced is the interchange fee charged by Visa. That fee was capped at that low level by the Durbin Amendment of the Dodd-Frank financial reform legislation in 2010. Stripe's pricing has been 95%+ markup when it comes to debit/check cards since then. Other card types don't have such an enormous fee spread, but unless all your customers are paying with corporate cards and AmEx, 2.9% flat rate is a real nice margin.

At the risk of being dense, are you sure you're not talking about debit cards? I've never seen interchange fees lower than about 1% for credit cards. In what I read from the Durbin Amendment, I've only found the specific numbers you mentioned in reference to debit cards.

If I'm wrong, I want the name of your merchant processor!

I am most definitely talking about debit cards. I said "fee for charging a debit/check card". They make up 25% of my online processing volume despite being a mostly B2B business. They're probably more than 25% of Stripe's volume.

Visa interchange fees: http://usa.visa.com/download/merchants/Visa-USA-Interchange-...

A screenshot of a transaction report at my processor: http://i.imgur.com/fSycwUS.png

Feel free to e-mail me if you'd like any other clarification or information. It's in my profile.

Whoops, you did say that, way back in the first post in our thread. Sorry, I've been focused on credit cards — all is clear now. I hadn't thought at all about that wrinkle of Stripe.

I suppose it's (only partially) balanced by the higher AMEX, etc fees.

Nice? 2.9% sounds horrible. Why do we pay that much again?

I think the comment meant it was a nice spread for Stripe. It then pointed out the delta.

Which service are you using?

I'd argue the processing fees do not make it freemium.

Yep. But even then you don't "pay" that fee (it's deducted and you get the net) and you don't have a set monthly fee. So there's no hard cost of setting up and maintaining a site with them.

No MRC (monthly reoccurring charge) on a service does not make it free, you're still paying for the service in a pay-per-use context.

Yep but you're getting a little hung up on definitions and missing the larger point. Ie by proving that it's not a freemium model you're not really negating the central point which is that the barrier to entry is substantially lower (non existent) than with any/other competing services thus drawing in exponentially more users than similar services resulting in a disproportionate strain on their customer support vs others.

Oh, Agreed.

Honestly, right or wrong - I've seen very few 'startups' really grok effective customer service (I realize I'm over generalizing). Yes, a good Knowledge Base/FAQ and ticketing/email system is important - but you need a phone number, you need a call center probably too (even if its only 2-5 people answering the phone) - you need more than email and ticketing - most technology is complex enough that you need a person to talk to over the phone to hold your customers hands - IMO - this is even doubled for anything that need to integrate with your systems or has a device on your premises, but is also applicable to a complex web service - I strongly believe it drives long term customer retention and eases on boarding.

I'll point out as to why I believe this - outside of the technology hubs, the folks with money are not the 'internet native' generation, they're older and less comfortable with technology then we are.

That developer doing just 1 or 3 transactions a month at $100 each still feels as strongly about getting an issue resolved as someone doing $1 million or $10 million a month.

Commercially, of course a big customer is more valuable in isolation than a little customer, and while it's unfortunate if you're the little guy, it's understandable that a business might prioritise supporting its larger customers first.

But even if a little customer is only running a microbusiness on the side -- and as we learned during the EU VAT discussions a few months ago, there are very many such businesses on-line -- it's still going to be a big problem for them if a payment service kicks them off for a 1% chargeback rate. That literally means a single chargeback within several years in the example given, and given the randomness of the chargeback process at the best of times, that could easily result from an accident and not be corrected because the customer's bank doesn't handle it well.

Similarly, the little business might only be doing a few thousand a year in revenues, but if a service is failing to collect 10-20% of their transactions every month for unspecified reasons (and, for subscription business models, probably terminating the entire subscription in practice as a result) then that's still a huge level of attrition as a proportion of their modest income.

I suspect the danger for Stripe lies not in losing the odd small customer, or even necessarily in the cumulative damage if they lose a few small customers the same way before fixing a problem, but in the damage to their reputation that any individual case may cause even if the customer does not go posting about it on HN, Twitter, #stripe, etc.

For example, today I only have one business that is taking money on-line via this kind of payment service, and it's a relatively small one. Losing us as a customer wouldn't exactly show up as a footnote in the payment service's next financial statement.

On the other hand, I have another business that develops systems for clients who may need payment processing in some cases, and often a client will follow your lead if you recommend a service for something and they don't know any better or have other preferences. Similarly, I know a lot of other local business people through work and socially, and through a chance discussion over a drink I once helped a business several orders of magnitude larger to find and ultimately switch to a different payment service.

I'm always happy to recognise good service and positive experiences. Usually everybody involved wins from such discussions, and I imagine that word-of-mouth advocacy is quite a big factor in the early growth of many on-line services. The downside is that presumably someone in a similar position who hadn't enjoyed the same positive outcomes that I have seen would not have made those same recommendations, and that would have cost one payment service a very noticeable amount of revenue in cases like the one I mentioned above.

So I guess it's inherently a tricky thing to balance support and management overheads between larger and smaller customers if you're in the kind of business where your main target audience is knowledgeable and probably technical people. Big customers generate revenues right now, but small customers might not only become big customers themselves but also refer other potential customers, and you probably have a lot more small customers who can make or break your reputation than large ones who don't really care about your reputation anyway.

If I were doing a high number of transactions and relying on Stripe to provide all my CC processing, I would gladly pay an extra $25-50 a month to have priority support in instances where there may be fraud. Shoot, even at a couple hundred in transactions each month I would gladly pay for priority support. I would rather have a $25 expense each month than risk business loss due to real or suspected fraud. Shoot at some level I might even consider an extra nickel per charge to have a dedicated account manager who was always there for me and knew my business inside and out.

If you're putting a lot of volume though Stripe, all those things are possible.

Notwithstanding Stripe's SaaS-y "all pricing and deals are public" branding, they definitely have a BD team who can set you up with more direct contacts for certain types of questions, different rates than are publicly posted, and APIs that aren't public (to name a few things).

They do have a user ticketing system (Uservoice), there is just no user facing view of it.

When you send an email to support@stripe.com (or any of the public email addresses they put on blog posts), it goes to Uservoice. Then it gets triaged, depending on the severity of the ticket, if it falls into account or developer related support it gets assigned into a queue (at times it gets put in the wrong queue and then has to get reassigned). But long story short there is a system.

Phone support is also being worked on were told.

That said I do love Stripe but I do agree that support needs to be fixed, though I may have a bias as I see a much higher percentage of upset users than most.

Same. I've sent them support emails and just never heard back.

Hm. Critical support failures right in time for Balanced Payment's going under... :/

It was very disappointing when Balanced Payments shut down, because they seemed to be the only online payments company with any ethics or competence. Is there anyone else?

> Is there anyone else?

Surely you jest. There are hundreds of online MSPs out there. Braintree, Authorize.net, etc.

--PSA regarding Credit Card Validation--

Last year I was testing Stripe integration. I tried using my own credit card with a fake name. Surprise, it went through. I emailed Stripe support. After half a dozen emails discussing CC authorization I learned that Stripe does not and can not validate Name & Address on credit card.

Stripe told me that Credit Card companies do not disclose this data to Payment Processors like Stripe. Thus, Stripe simply passes on the name & address to the CC API.

Interestingly enough, Name & Address are NOT validated by major credit card companies. You can use junk names on your name & billing address and that will NOT stop your credit card transaction from going through.

Try for yourself next time you order something online. Makes me wonder why they even collect the data in the first place...

Virtually all card issuers support AVS (Address Verification System) in US, UK and Canada. In other countries, it's less reliable. AVS checks only the numeric portion of the street address and postal code, and returns a code indicating whether AVS is supported and whether one or both of the numbers match the ones on file with the card issuer.

Stripe supports AVS the same as other processors. Whether you choose to reject cards that don't pass AVS is up to you: it's a setting. So is which of the codes you want to reject. That's the case at every payment processor I've used. Different businesses, collecting cards in different scenarios, are going to have different risk profiles and different needs. If you're running a store selling computers to strangers over the internet, you probably want full AVS in addition to other fraud checks. If you're taking an invoice payment from another business you've worked with for years, you might not want to bother collecting and verifying an address.

Also, depending on your processor the business' rates may vary depending on how much extra information they provide to help combat fraud. Ex: If you only give credit card info you might be in the highest bracket. If you also give zip code, you'll get dropped down to the next, etc.

Names and addresses are extremely difficult to verify as spelling, abbreviations, etc. can all come into play.

With that said, about 3 months ago I was having problems reloading my Starbucks card with my credit card. The charges would go through on my credit card, the balance wasn't updating on my Starbucks card, and Starbucks system got stuck in a loop somewhere and kept taking money out off my card until I called my bank to get them to stop approving the charges altogether. Long story short, I called Starbucks and after about an hour the poor girl on the phone told me they had implemented increased fraud protections that compared the name on your Starbucks card to the name on your credit card. Because my credit card used my full name and my Starbucks card didn't the balance wasn't getting transferred over and was getting stuck in a loop somewhere. Not sure how they were doing the name verification or if they were just doing a simple compare in house, but needless to say was a little frustrating.

There are many services that will do data sanitation. It can be difficult but certainly seems in the purview and capabilities of a $170 Billion company (visa).

You can get pretty far with with fuzzy matching or just a simple levenshtein distance between name on record and name sent with order.

I understand UPS is probably not the most popular name around here, but their address API is actually quite good. I would also trust them with the data quality as they actually got real people verifying the addresses when packages are delivered.

Why isn't UPS popular around here?

Is that available to all accounts?

It's up to the merchant / intermediary party to specify how much validation they want. Yes, you can choose that only card number & expiry have to be correct, or you can go the whole 9 yards and want name & address to be correct.

This isn't a Stripe-specific case. Moneris, a card processor in Canada, has a bunch of fields that a merchant can check on/off if they want them to validate the details during payment.

But you're right - if the validation isn't happening, why bother collecting the data? At the very least it might hurt conversion rates.

People are going to feel unsafe not giving you that information but also a credit card. (Which is pretty fair...)

This is correct.

A merchant can play a balancing act between having limited validations but a higher processing success rate against the chance of a higher dispute rate.

From my experience with our card processor (not stripe):

1) They have AVS checks, which can check the street number and zip code. But its up to us to decide what to do with this information (e.g. void the transaction).

2) They do not check anything else (country, name, state, phone, email, etc).

3) Some cards will fail if you put in the wrong expiration date, some won't - I would guess this is up to the card being charged. I get no information back when its incorrect but they let the charge go through.

4) Some cards will fail if you put in the wrong cvv code. Some will succeed but will just let you know through another field that the cvv code doesn't match - its up to us to decide what to do (e.g. void the transaction).

> Try for yourself next time you order something online. Makes me wonder why they even collect the data in the first place...

You're right, you don't need the billing address to process a payment, although it's not true to say it's not used at all. Sometimes card companies do validate it, it depends on the type of transaction and the fraud profile. Often it's fuzzily matched, so name may not matter.

But you can also use it for other things: for example, fraud detection. Say your billing address is in New York, but your shipping address is to some Eastern European country. That's a big flag for fraud. So merchants collect it because they want to avoid damage to their bottom line.

But it seems like you can just give them your Eastern European address for both and get through just fine, no?

Correct me if I'm wrong, but Stripe does verify the zip code if the administrator of the account enables that.

People are confused how these checks work. Banks do not enforce AVS. On the auth, you'll get back status codes whether there was mismatch in the information. Its up to merchant to decide whether or not to put it into the settlement batch so the money is transfer. Regardless, the authorization went through and funds are on hold.

Most Stripe orders I've done lately don't even ask for my name. Correct me if I'm wrong. It's only the CC number, CVV, and expiration. Maybe it's different if the total charge is higher?

This was using their mobile API. Their SDK allows for a name param.

> Last year I was testing Stripe integration. I tried using my own credit card with a fake name.

This sounds like a great way to get your account shut down.

They provide test/mock APIs for a reason.

That's a good point, hellbanner should have used the test API, but this is still troubling. First, due to the lack of the communication and a proper ticket system from Stripe. Second (and more troubling), the idea that someone could maliciously cause you to lose the ability to process payments on your site simply by submitting a bunch of fake (or half-fake) transactions.

Creating a system that processes payments can be an involved process, requiring significant development effort, even when using API and libraries like Stripe provides. It seems like Stripe should only be shutting people down as a last resort, after repeated warnings with a clear way on how to fix the problem. This is also just good business practice. No one wants to be shut down without a good reason and without any recourses for appeal or reconciliation.

I'm willing to wager that a huge number of Credit Card transactions are submitted with names that don't match the credit card. In 10+ years and hundreds (thousands?) of transactions, I've never submitted a credit card transaction that matched the name on my card (which has my full name, and I just use my first and last name in the fields) - I've never been rejected.

It's the "using my own credit card" that sounds like a great way to get your account shut down, not using it with a fake name. Charging your own cards is something payment processors don't like for a number of reasons, like the fact that it can be used to perpetrate all kinds of frauds: giving yourself cash advances the card issuer hasn't approved, gaming credit card reward programs, skewing your volume and reversal metrics the processor uses to evaluate your account risk, etc.

I wanted to verify their production code worked. Instead of using a real customer's credit card, I used my own. If there was a bug in my code, my own card would be at risk, not a customer's.

It would be nice if stripe offered name & address as an option to help prevent fraud, but they probably won't require it any time soon.

It may be odd for a company of their size to skip validating name & address, but I don't think this is unusual. I've implemented several medium-to-large payment processing systems and the processors didn't care about name & address -- they just wanted the numbers on the card.

That's how credit card processing works and it pretty much works fine. Names are not checked, which is fine because they have no bearing on anything. Addresses (and CSCs) are almost always checkable and almost always checked but merchants can decide what to do with the results depending on their business.

When I used to process credit cards for MetLife it would always error out if I messed up the name or address. This was only about a year ago. I forgot what system we were using, but just thought I would mention it.

Name is not validated and seems useless to even collect. However both billing Address line 1 and Zip code can be validated by processors, including Stripe.

Actually collecting a name can be valuable piece of data when combating fraud. Having as much personal data (name, address, phone, CVV, IP address) about the person making the charge can be used as evidence in disputes if you ever need to defend yourself against a chargeback.

yeah, but Line 1 is considered unreliable and stripe doesn't automatically use it - they have an API to let you know if line 1 fails, but you have to cancel the transaction yourself

The issue with AVS is that it only matches numbers (so 123 Main Street and 123 Maple Street could both return true). The other issue is apartment numbers. If the address on file is 123 Main Street #123 but the customer puts #123 on line 2 in your form is that a match or not?

our billing team has noticed this. Pretty crazy

It's not really crazy, it comes down to what data you have from upstream. It's not like you are swiping a card and have access to the magstripe data. With AVS it's only Amex that bothers with the cardholder's name.

usually it's because when you're buying something it needs to be delivered ;)

We've been with Stripe going on a year and a half and they've been one of the most responsive and with it service providers I've ever worked with.

Can you tell us how long it has been since you sent the email?

There must be some level of fraud prevention in any financial platform. You didn't give many details as to the type of charges you made or evidence past "no one charged back" as to how you made them. This is a public platform and I understand less than full disclosure but your narrative that:

1. You signed up

2. You charged people legitimately

3. You were cut off without notice

4. No one responded to multiple attempts over more than 1 business day

5. You were forced to take this action

Seems unlikely to be the full and absolute time line of events.

If it is, ok, post to HN and troll them. If not, is this really the medium? Doesn't stripe get a say on which transactions will and won't process on their own network?

If your expectation is "everything charges all the time period" then use bitcoin. These are credit cards. There are rules. :-)

Seems unlikely to be the full and absolute time line of events.

Ironically, we've seen this before with the many complaints about PayPal.

While I'm open to the idea we're getting the full story here, I think your view may turn out to the right one.

> Seems unlikely to be the full and absolute time line of events.

Credit card processors do this all the time.

I think you forgot a word:

>Doesn't stripe get a some say on which transactions will and won't their own network?

Sorry for the typo, updated.

Stripe is a Ycombinator company. I got downvoted when I told the CEO of Stripe my troubles with Stripe, he said to email but then never responded creating the public perception that they care, when they don't.

You will just find downvoting brigades of people on HN when it comes to any YC backed company. Which is probably why this will be my last post on HN. You can't get anything truthful on here if YC has backed them.

> Which is probably why this will be my last post on HN

It is pretty great that the CEO comes on HN and handles support. That is a skip-level meeting. Usually support requests are handled at the bottom of the heirarchy pyramid, not the top. Yes people openly support and defend YC companies, this community is only possible because of YC, and is comprised of many employees, founders and peers of these companies.

If you don't like being disagreed with though, you can pick up your ball and go home. I suspect that you will get a lot more value from this community than the one time you couldn't get a CEO to directly address your problems.

CEO is not handling support, he's handling PR

I work at Stripe, and I'm really very sorry about this. Mind emailing me at anurag@stripe.com with details?

Does the company have any plans to introduce a ticketing management system?

Obviously, no.

Hello Anurag,

I will send you an email shortly.

Can we please all take a look at disapointeddev's account and use just a little bit of salt here? Just one grain maybe?

His account was obviously activated for the purpose of submitting this post and he has provided NO follow up comments at this time. His post has been up for an hour.

I'm not saying anything about the validity of his claim, but we obviously need more information. Please check back and wait for him to respond to the many great questions already on here.

As I said, I will be writing a more lengthy blog post about this. The only reason I posted this on HN is because I want Stripe to give me attention and solve the problem. I love Stripe's API which is why I want them to solve the issue.

Also, I made a new account for my privacy.

Thanks for replying. I'd like it if you could link to the blog after you've finished writing it, but if you don't want to for privacy purposes I get that.

I just see people running off in a million directions in the comments on HN and it's nice to wait and let things play out a little before we jump on any bandwagons, this is an event that requires a follow up to be a complete story. So please also follow up with your experience with Stripe after coming to this forum (through link to your blog or in the comments or an edit). I'm sure we'd all like to get the complete story.

> let things play out a little

Dude will be losing money while you get your popcorn ;)

> So how could it be true that the payments are unauthorised?

Stolen cards, for instance, which may be more likely to happen in some industries than others.

While I understand the need for ambiguity with respect to your business operations, this post is too vague to give any understanding as to why Stripe blocked your account.

I think the ambiguity is transitive, and is the primary point of the OP, coupled with the lack of support received from Stripe thereafter.

The post talks about unauthorised charges. There is no way to validate the card prior to Stripe capturing payment, so they certainly are not upset about people using stolen cards on your own site, as you have no way of mitigating that. The migration to Stripe that I handled a year or so ago had 5 or 6 stolen cards/people iterating card lists looking for working cards per day and never had a complaint from Stripe.

Once you have a card you can absolutely take arbitrary amounts of money from it, and this appears to be their suggestion. It could well be that they are using (purposely) vague wording that confuses people about their charging structure (in one off payments or subscriptions) which generates complaints to banks and then Stripe have to deal with it. Or it could be a big misunderstanding Stripe side and they have done nothing wrong. I have an opinion on which one I think is most likely.

Sort of. Some products are real magnets for stolen card use, for example anything that sells "gift cards" or "stored value card" where the crooks can convert a one time use of a stolen credit card into a 'clean' gift card. Some forms of merchandise are similar.

Some products are real magnets for stolen card use

Charities also have huge problems with CC fraud, as they're seen as an easy target to test card details against before making the "full" purchase elsewhere:


> as you have no way of mitigating that.

Actually, you do. In many cases, fraud follows a pattern. If you're a merchant, and you're getting a lot of fraudulent charges, you'll often get into a discussion with your upstream processor's fraud department about the details and how to mitigate it. I don't work in payments anymore, but as an example of how this works, I was talking a few weeks ago with a merchant who does tens of millions gross every year, but also faces five digits of fraudulent transactions. They sell car parts, so it's quite easy to buy one or two things for a lot of money. While working with their processor, they discovered that a significant amount of fraud was coming from two cities. And not just two cities, but two neighborhoods. And not just two neighborhoods, but two streets.

They simply reject any transaction from that street before even sending things to the processor, and now they're saving tens of thousands of dollars a year.

Why doesn't the processor do this?

Preventing fraud is the most difficult part of payment processing; are they outsourcing it to the merchants?

Processors do their own fraud as well. But, as they're based on heuristics, the more context you can give, the better. Depending on how exactly they do fraud, they may not see a specific kind of fraud coming through one customer, but may be better at seeing fraud spread out amongst customers.

You know your customers and business better than anyone, even your own upstream.

> they certainly are not upset about people using stolen cards on your own site, as you have no way of mitigating that

They get upset about it anyway, because Visa/MC mandates it. A reversal ratio above ~1% threatens Stripe's ability to act as a processor. A bit of Googling will turn up plenty of people with terminated accounts for excessive chargebacks, just the same as any credit card processor.

You're partly incorrect. Stripe has supported auth+capture for a while now. You're no longer required to capture the payment immediately.


Stripe lets you validate address and zip code prior to charging.

I tried to help a business that received the exact same message as you. They had $7.500 on their account.

We eventually gave up, as no one from Stripe answered with other than pre-written answers. I even tried pinging them on IRC, but they couldn't help with these matters.

They had no disputes, and Stripe provided no reason for the cancellation.

I recently reached out to Stripe to get their opinion on whether or not I should bother trying to integrate stripe.js with my browser based game. I obviously didn't want to invest the effort if they were just going to shut me down a few weeks later. It says in their TOU that virtual currency sales are allowed so long as it's self contained and can't be traded for real money or across other websites - that was the case with my game.

After over a week of waiting for a reply (PayPal's initial responses are rarely helpful, but at least they tend to respond..), they told me I shouldn't use Stripe because I would almost undoubtably be considered high risk. Why not just say it isn't allowed?

They do in their TOS.


>Video game or virtual world credits: Sale of in-game currency unless the merchant is the operator of the virtual world

I am.

>Virtual currency or stored value: Virtual currency that can be monetized, resold, or converted to physical or digital products and services or otherwise exit the virtual world (e.g., Bitcoin); sale of stored value or credits maintained, accepted and issued by anyone other than the seller

It can't and isn't.

Their TOS actually makes no mention of virtual currency whatsoever.

Game currency purchases that aren't converted or sold are still disgustingly, ridiculously high risk, bordering internet pharmacy level stuff, especially if a lot of under-18 play your game.

Again - then why not just explicitly ban it altogether? Why say it's allowed under certain parameters and then ban users anyway when they meet those parameters exactly as required? They obviously have a list of products/transactions deemed too high-risk by their contract, they need to state what they are explicitly if they want to stop the PR bleeding.

I've been doing this for four years and we've never had a single dispute, but that's really neither here nor there.

What were you selling, how and to whom? I feel like there's probably more to this.

I feel like this was the key part: "This makes no sense as I have had hundreds of payments and not a single payment has been disputed. So how could it be true that the payments are unauthorised?" Disputed and Unauthorized are two very different things - especially with the time frame of less than a month. It would have been much more convincing if he'd said "I've had hundreds of payments and all have been authorized by the end user" I suspect there's some sort of crowd funding element but either way shall wait to see what the blog post says.

It is quite likely that certain outrage deflating details were left out. Stripe and Paypal are polar opposites in my experience.

"I've had a good experience with Stripe so everyone must have unless it was their fault" is a good example of the Halo Effect. It's entirely possible that Stripe have failed one of their customers without it being the customer's fault.


I said "quite likely" not "must have" which makes your argument very weak.

I'm trying hard to read your words, but I can't stop noticing your username and having Clerks flashbacks. Have a great day - you (inadvertently) started mine with a good laugh! :)

Update: After speaking with Stripe I have decided to end our dealings. Unfortunately the issue could not be resolved. We are looking at alternate providers.

When you are vague and refuse to elaborate, it can only lead us to think that your business isn't as squeaky clean as you make out.

I believe you meant to say "it proves your business isn't as squeaky clean as you make out". With a response like that, clearly their business was operating in some kind of grey area. It's unfortunate that when this happens, the company (ex: Stripe) can't come back and disclose specific details about the scumbag making a stink on HackerNews over something that the company was perfectly in the right to shut down.

Unfortunately, a lot of businesses want to accept credit cards online with little to no effort in managing the risk. 1-2% doesn't sound like enough wiggle room, but if a company isn't using misleading marketing, is not defrauding users, has a product actually worth what they are charging, and offers instant support for refunds - then staying under 2% is not difficult. Too many businesses want the risk to be handled by external forces. If you want to accept money online, make sure your business is prepared to manage the risks. You can't just drop in the payment processing and wait for the money to roll in.

Could you explain with some details? I'd be quite interested in understanding what happened, and I imagine others would too.

Elaborate please?

This is what happens when you replace business relationships with APIs. APIs should complement a business relationship, not replace it.

It's worth noting: if you do 100K+ monthly via PayPal, you get a VIP support team for all business issues, and a Christmas card with their faces printed on the front. No kidding.

It's actually quite a bit lower than 100K. My company does about $20K/mo with PayPal and we have an assigned account rep who we contact directly for support. I don't think they've ever sent us a Christmas card, though. Maybe that's the difference between $20K and $100K. :)

That's actually a surprisingly nice gesture.

I have a feeling that PayPal may be able to rebuild the trust it lost in hacker minds.

The one thing that surprises me most is why banks don't provide an payment processing API for their customers. I consult at a top bank in Canada ,and I brought this issue up several times in the online banking division and was met with complete indifference. The middle management ( all PMP certified) dont have the vision and the upper management is busy coasting along. My reasoning was that the bank is already doing a lot of business with the business customers and there is trustful relationship and quite a lot of these customers had some form of online presence ,so helping them with online payment processing would be cheaper for the bank ,given their working relationship. and these businesses would not consider taking their business to competition as that would entail switching costs. Also, fraudulent transaction would be less given the relationship history. But what do I know ? I am just an engineer .

Actually no they don't : atleast not in the way paypal or Stripe et al do. I have had meetings with some their "small business advisors" and and I ran screaming to Stripe. Getting and using Interac device and connection was simple enough but their solution for online payment processing will set your hair on fire.

Every time I see a post like this it makes me wonder if other businesses have unfairly gotten a bad reputation because of anecdotes reported by anonymous customers whose version of the story is subjective, biased, possibly exaggerated, etc.

When a company is huge, even one out of 100,000 transactions going badly adds up to a lot of anecdotes.

In case of PayPal the bad reputation is deserved

In case of Stripe i sent last week a question in reply to an email from them from last year, there is no ticketing system it seems I got replies from 2 different people today after a week (not the same person one who originally was friendly and talked to me and might not be working there). Both answers were somewhat positive but a bit contradictory.

I do not believe that Stripe are fundamentally "evil" like PayPal, well not yet anyways we will see how turns out with more growth and more staff who might not care about customers.

Full disclosure, we are still in the implementation stage with Stripe, nothing in production yet, but customer service has been excellent so far. Sure, it's non-traditional, and I think they need a better user facing ticket system especially for important things that need tracking + accountability.

Every time I have had a question about functionality, needed someone to take a look at test cases in my account, etc.., someone from Stripe has ALWAYS been available in IRC and quick to respond.

That said, if they really are canceling accounts on short notice, that's pretty shitty. No reasonable sized application can realistically swap to a completely new payment provider in a week. There should be a bare minimum of a month or two of notice if your account is getting terminated.

In all honesty you probably got stuck in some automated loop.

It is kind of sad that the support isn't more expedited for things like this.

Seems like more and more people are turning to HN in order to get visibility and get their Stripe problems resolved. That is quite unfortunate...

I upvoted for visibility, as I know how frustrating it is to deal with payment processors, especially when your living / business depends on it.

Have you tried tweeting at them? https://twitter.com/stripe/ They're way more responsive over twitter than email.

You shouldn't have to publicly tweet at a company about an issue regarding your bank accounts/debit cards to get their attention though

You don't have to, they accept DMs from people they don't follow.

Kind of reminds me of doing business with Google. Most times they ban you it is just a robot that has no clue it is wrong. They just set the thresholds ridiculously high and put up with false positives intentionally as a business choice. Throwing out some innocents is worth it to them to throw out anyone faking clicks or whatnot.

Fraud is an incredibly difficult problem for payment processors, for both technical and business reasons. It's well worth studying if you're into this sort of thing.

Fraud is a sensitivity/specificity problem. For sensitivity, Stripe wants to detect as many actual fraud cases as possible, because undetected fraud is expensive. For specificity, they want as few false positives as possible, because false positives mean angry customers who feel mistreated.

Generally, there's a sensitivity/specificity tradeoff, and priorities need to be set (which is worse - letting criminals get away, or frustrating honest customers?). But at such a scale, and with so many creative minds working on new mechanisms for fraud, it's impossible to achieve perfect numbers on either side.

Pick two:

- Strongly regulated banks/strong consumer protection in financial services.

- Good merchant customer service.

- Cheap credit card processing.


Security and Convenience are a classic tradeoff. I suppose you could argue that a good implementation of either isn't cheap.

Stripe hardly qualifies as "Cheap credit card processing".

I'm just surprised the handle disappointeddev was still available.

Do you sell cheap virtual goods? They're sometimes used to test stolen cards I heard.

I use the MinFraud service from MaxMind to try to avoid unauthorized transactions. Using Braintree, I first do an Authorization, if that goes through, I send details to MinFraud. If that passes a threshold, then I submit the payment for settlement. If not, I void the transaction.

This process has helped to avoid all kinds of scammers using my website to try to validate stolen credit card details.

Maybe you should build it. YC RFS Maybe? https://www.ycombinator.com/rfs/

How did you like it? Have you looked at Sift Science, by any chance?

How much does this cost?

This is pretty useless. You should give some context.

Using a disposable HN account does not help either.

If every time a company popular on HN did something that one HN user found inexplicable we had a top-of-the-front-page story about it, the front page would be nothing but complaints. An "Ask HN" would make more sense, since that would (a) generate information instead of just broadcasting a complaint, and (b) reveal whether there was a trend behind it.

I flagged this story, and hope other people will too.

With all due respect, take a quick look through the replies, there are a lot of "I experienced this too" comments. If you go further and search HN you'll see that this tends to be a common problem with Stripe support.

I think that this type of post is fine for HN. It's a YCombinator backed company, with the founders and most of the team commonly browsing the site and people here are usually able to point you in the right direction.

It's a YCombinator backed company, with the founders and most of the team commonly browsing the site and people here are usually able to point you in the right direction.

That's understandable.. but this isn't a support forum, and people would stop visiting if it became one.

In most circumstances that'd be fine, but as the OP states, he's tried getting in touch with them. This is essentially the last resort.

Can one HN user, working alone, get something on the front page? I thought it took multiple votes.

It's almost like you're arguing against accountability and transparency. Should posts about HN companies not show up on HN, and instead be written about on a different website? Maybe BusinessInsider or Bloomberg? It's true that many will upvote it merely because an HN company was mentioned, but like the other response says, there are many "me too"s in this thread.

Wouldn't it help in a lot of cases to have an automatic escalation system in place, via SLA rules or other triggers, to raise up the visibility of messages from people whose accounts are being shut down? Have it post to IRC, Slack, PagerDuty, etc. when an email comes in from a customer flagged as "account closing by administrative action" or whatever?

>So how could it be true that the payments are unauthorised?

It could be no fault of your own but maybe your customers are using stolen credit cards.

As mentioned by many others - there are a number of details missing here that are extremely relevant. What are you selling? Where? To whom? If you had hundreds of charges in your first month, did you migrate over from another payment supplier or are they brand new customers? If you migrated, how did you migrate?

I used to work on fraud operations at a payment processor and there was always more to the story. There were four categories that account's broadly fell into:

* The quiet fraudster. These would either have a scam business model with real victims attempting to pay, or would not have a business and were using stolen payment details to pay themselves. The quiet fraudster would not argue when you closed their account - they would just sign up again and try a different approach to get round your system.

* The loud fraudster (the vast majority of fraudsters). These come in all shapes and sizes. They were often the most obvious frauds (100 payments from the same IP at our max payment amount, within 10 minutes of each other). Unfortunately they sometimes came in the form of someone deluded - for example the man that sold 'magic beans' that cured AIDS. These are the loud fraudsters because they will either shout down the phone at your support team (shouting never helps when calling support - by the way), or try and drum up negative PR to create pressure.

* The accidental fraudster. These people have good intentions, but are none-the-less breaking the rules. For example, migrating all of your customers over to a new payment supplier by filling out a new payment form on their behalf (note - I worked for a payment processor that was not based on cards - this method may be allowed for CC though I doubt it). The accidental fraudster might also have fraudulent customers paying them yet be a legit business - for example online sellers of jewellery will have a lot of people pay with stolen details hoping that the business will ship the goods before the payment is flagged. Sometimes you can work with the business to fix the issue, many times you have to let them go (remember, they will have all the signs of an obvious fraudster - so you have to be sure that their story is true).

* The innocent. As you can imagine, sometimes there are people that have all the signs of a fraudster yet are perfectly legitimate. There can be many reasons for this.


Without a lot more information, I cannot begin to speculate what category the author falls into - hopefully one of the latter two.

That said, as much as I love what Stripe in general, it is completely unacceptable for them not to have an escalated support/appeals process for fraud complaints. If they have made a mistake (which happens even with the best fraud systems), then they could be destroying a business that might have customers/employees/suppliers that are also relying on them to receive their payments on time.

Reminds me of this tangentially-related comment from jwz a few days ago:


Square might be the new PayPal in that they're (finally) big enough to have banks breathing down their neck. Honestly, I think the hate is misplaced (for both Square and PP), and should be directed towards the banks who have pushed the security burden upon these tech providers.

Why isn't there a standard way of filing complaints against a company and/or discussing them online? It would be so helpful if a consumer could just go to www.company.com, and click on a "discuss website" or "complain" button in the browser.


>I am only writing this post because Stripe are not responding to my emails.

Stripe's CEO left his email here after the last kerfuffle and I never got a response to my emailed question.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact