49 comments

[ 6.1 ms ] story [ 117 ms ] thread
It is pretty clear by now Stripe has big guns pointed at enterprise customers. What others like Checkout.com, Adyen thought was a relatively safe moat, has now clearly disappeared.

However, I'm sorry to always be the sour grapes guy when it comes to talking about Stripe neglecting us SMEs.

I'm pretty sure a lot of these things mentioned in the article are being passed down to "regular" customers, but to be honest, it lately hasn't felt like that.

Last year there were a few price spikes, Radar fees that were initially negotiated where reinstated, same for refund fees.

Radar works great when it does, but has a lot of wonky stuff like not catching heavy carders which defeats the purpose of using rules.

Acceptance rates internationally are still lacking. If you have a European Stripe account, billing US customers will not provide the same acceptance rates as if you use a US account. In some Latam countries the difference can be important.

Stripe is vital to our growth, but it is a complicated marriage.

I really hope they don't forget about us, the regular merchants.

> If you have a European Stripe account, billing US customers will not provide the same acceptance rates as if you use a US account.

Is this due to Stripe or due to the credit card providers blocking transactions? I ask because I have a card that routinely declines charges if I am not near my home. (I can temporarily expand "home" by adding travel plans in their app, but it's inconvenient.)

I might be oversimplifying but when you pay with a US card at a European Stripe Merchant, the acquirer they use locally will show up at your US Bank as "foreign", and this will trigger all sorts of things at the fraud/compliance level.

Stripe offers Atlas so you can "easily" open a US Stripe account and serve your US customers from there, but wouldn't it be great if Stripe did that for you automatically?

Edwin from Stripe here. Postmates started using Stripe as an SME, when they were probably smaller than your company. We’ve been scaling alongside them for the past decade, and the auth optimization features mentioned in the post weren’t built for them—they’re built for and used by businesses of all sizes. In fact, Radar’s ML was designed to become better as the network grows—the more card transactions it sees, the more effective it becomes (imagine the fraud data we learn from every Postmates transaction can be applied to your transactions too!). This is one of the principles of Stripe—and it’s our goal to help scale your company’s growth, just like Postmate’s.

That said, could you email me at edwin@stripe.com and we can take another look at the issues you mentioned? (For example, we honor rates for their negotiated term.)

Why is stripe doing fraud detection, when someone like Visa or MasterCard would have far more data and be able to offer much better fraud detection?
The card issuers do their individual basic fraud detection (e.g. security code) but we built our own on top after users asked for something more advanced. Imagine Stripe seeing data across all the card networks, compound that with customer info (like email or IP, which card networks don’t always collect) across all businesses on Stripe, then that’s fed into our ML network that’s constantly tuned by Stripe engineers. And then businesses have the opportunity to customize all that with Radar.
True, but the big networks process far more transactions than stripe does, have access to more data (where else has this card been used lately, has the bill been paid, has this customer used the card in a shop abroad, etc), and seem in a better position overall to combat fraud.

The network also has access to the account holders phone number so can actually call to validate risky transactions.

Lower fraud rates would also make issuing banks more likely to choose visa over MasterCard, so be a competitive advantage.

Yes I feel roughly the same. Our experience as an EU stripe merchant with charging US cards is pretty great though. 97%+ acceptance if I recall... Brazil however is a very sore point. We hope to localize to Spanish and reach Latam though so we’re a bit worried. We heard it’s better than Brazil.

We’re still a tiny B2C though, so we definitely feel the complicated marriage side of things. Not to mention PayPal. The missing elephant in the room.

For Latin America, the best option is MercadoPago (Market Pay)I believe. I have no relation to them by the way.

It is from the same company that created MercadoLibre (Market Free) which originally was a clone of ebay. MercadoPago is a clone of Paypal.

Mercadolibre/Pago is worth about 51.000 billion dollars today.

Again no relation.

Brazilian dev with some experience in developing systems used across LatAm.

Honestly, it is a mess...

There are specific payment methods that are common in a single country where people prefer to use that instead of credit cards, as a result sometimes we have to integrate a bunch of different payment processors, a couple of them with non-existent or terrible documentation which result in a ton of emails and calls to clarify stuff.

Stripe is in Beta in Brazil for a while but I never developed something with it for the local market, there is a countrywide processor here that have great documentation and support everything that Brazilian customers are used to and the fees are in the same ballpark, so there's no need to use it.

> We heard it’s better than Brazil.

Which is funny for me, integrating payment processors in Brazil isn't a big deal and I had a lot of trouble with a few LatAm processors, but if I had to guess the reason I would say that a lot of old cards and cards for people with low income used to be national only, they couldn't pay anything in other currencies, nowadays the card situation is a bit better and most issued cards can purchase international goods but since stripe apparently is coming to Brazil, if you could process your payments through it it should work flawlessly.

Alternate headline: Stripe helps Postmates screw their customers out of $70 million

> "By intelligently updating the credentials on saved cards that have expired or been replaced, CAU optimizes authorization rates to keep subscription payments recurring seamlessly."

This is the shady practice of charging people's new credit card when their old one expires or they replace it to get rid of their subscription accounts. People assume they'll rid themselves of their accounts on things like Postmates, but thanks to this shady shit they keep getting milked. In many cases they might not notice for a while and/or not be able to get a refund.

This should be completely illegal. It's extremely unethical. Customers should have to consent to sharing a new credit card with a service that they've only shared a previous one with. This "innovation" is rich people at rich companies figuring out how to screw people, many of them poor.

The other stuff is probably shady too, but $60 million of the $70 million came from this implementing this practice alone.

It's safe to assume that Stripe and Postmates set a large number of people back financially, some undoubtedly went hungry, some had trouble paying their bills. And Stripe does this for many other companies presumably.

As someone clearly smart and good enough to see the ethics of this practice, Patrick Collision should be ashamed of himself. Instead, they're bragging about it.

> This is the shady practice of charging people's new credit card when their old one expires

Is this really shady? I’d personally find this behavior super convenient.

Seems a bit shady if say I use a refillable gift card for certain services that are hard to cancel
That seems like it's not this situation though? It's not like they're going to refill the gift card for you or somehow guess the new card number.
Imagine being a poor person that gets a replacement credit card expecting to ditch your subscriptions, to get your finances in order, and then getting billed anyway on your new card.
This "life hack", just like doing chargebacks to your gym because it's easier than calling them, isn't valid. Your complaint is an extreme example of https://www.xkcd.com/1172/
The way you describe it, switching to a new credit card is a slightly easier way to get rid of a recurring charge than going through the proper channels and calling to cancel a subscription, and people who do so are just being lazy.

But in reality, many companies make it nearly impossible to cancel a subscription, even when the customer has the right to do so. I have experienced cases where the only way to cancel is to call a designated phone number, but you're put on indefinite hold by the phone system and can never actually get through to the person who can cancel. Or you need to fax a cancellation request, and somehow the system never actually processes it, despite repeated attempts.

So, in these cases, cancelling an old card is an act of desperation, not an act of laziness.

It was a loophole that happened to work but that's not one of the design objectives of the credit card system. It isn't Postmates', or Stripe's, or Visa's fault that some companies refuse to let you cancel (ahm... Shipt...). They don't need to make the card replacement process _worst_ for everyone just because of those few bad companies, when they have a different process for dealing with non-cancelling subscriptions (dispute with your bank and show you attempted to cancel - ahm... Shipt...).
The practice of charging a replacement card is relatively new and not how credit cards worked for decades.

Why wasn't customer consent part of the process? Because that would lead to a huge number of denials and account cancellations for unwanted services.

I think replacement cards are explicitly not included based on some Stripe responses in this thread. My quote of the parent comment intentionally ends at “old one expires”.
In one way, this is exactly the comment I came here to read. The article made my eyes glaze over it was so press-release-y and so I wanted to know what the actual plain language detail is. You delivered that, thank you.

However, in the specific case of Postmates, have they actually used this feature to screw people over? I get what you are saying in the case of a subscription like Netflix. But with Postmates, the user is making a concrete in-the-moment decision to spend money. This actually feels like a minor convenience in that the customer is hungry and can get the order in without having to fish out their credit card details again.

Not sure how heavily used it is, but FWIW Postmates does offer a $10/month subscription service for reduced fees/free delivery like most other food delivery services do
In the specific case of Postmates listed in the linked article,

> By intelligently updating the credentials on saved cards that have expired or been replaced, CAU optimizes authorization rates to keep subscription payments recurring seamlessly.

So either Stripe is referring to a feature that Postmates didn't directly use (unlikely), or they are referring to Postmates Unlimited subscriptions, which is $10/month (and not an in-the-moment decision)

I think the issue isn't that they're spending money on an order in the moment, it's an auto-renewing subscription that users may not even remember about.
Isn't replacing a card usually triggered b/c your card was lost or stolen? As a consumer it seems that I would want to keep my subscriptions ongoing if that happens vs having to type in my cards in all my services again.

I've rarely heard of people replacing a card b/c they want to cancel all their subscriptions.

I've honestly come to like when services remind me that they couldn't charge my card. It reminds me of the services that I don't use still taking money.
Cards expire. I don't have data on which is the most common, but based on my personal experience, the majority of my replacement cards are from expiration, not from being lost or stolen.

When my cards are lost/stolen, they provide a whole new card number. To my knowledge, they are not eligible for these auto-update programs.

You're just looking to complain here. It's super convenient and I would argue less surprising that an updated credit-card retains the subscriptions that were on my expired card. It's not going to follow you if you completely replace the credit-card

https://stripe.com/blog/smarter-saved-cards

Wrong. I'm speaking from the personal experience of knowing poor people who have been hurt by this practice.

There's no reason this couldn't have been implemented by asking customers for consent. Consent isn't asked because it's not likely to be granted in many cases and they fucking know it.

Exactly. If Postmates (or Stripe, they can pass this logic through if they really wanted to) already knows (or thinks it knows) your new card details, it could just as easily be an in-app pop-up or push notification of "We've detected that your card you use on Postmates has been replaced. Would you like to update your account to the card ending in XXXX?"

Extremely little use friction, it's a single button press, but it actually informs the user or what is happening.

It would be really interesting to me to see the stats on how many users who have had their cards automatically updated actually make a purchase afterwards, and how many are zombies.

If a cardholder cancels their account and gets a new one, that card number won’t be shared and updated with Stripe’s Card Account Updater. We work directly with each card issuer to update the number if the physical card is lost, stolen, or got renewed. The most common use case I’ve seen: a customer losing their wallet and then getting a replacement card. But when checking out on a site where they saved their card, they don’t have to re-enter their new number. This is why we call it Card Account Updater.
Yeah, in other words, Stripe engages in exactly the unethical behavior I described above.

Why does Stripe not insist on requiring customer consent for this feature created supposedly for their convenience?

And we all know why: because a lot of customers would not consent to the thing Stripe does supposedly for their benefit.

And then you couldn't write articles and sell Stripe as a solution to extracting money from people who, in many cases, don't actually want to be customers.

You can blame people for not handling their finances better or claim that "everyone else is doing it" too, just like banks do with overdraft fees, but that doesn't make it less evil.

Rationalize it however you want. You're hurting poor people.

Thanks for bringing this issue up. I've added the concern to my list of items to cover with policymakers I interact with. This behavior should be better regulated by financial regulation and governed by the CFPB, similar to what currently applies to direct debits [1].

User consent should absolutely be required for such changes to financial obligations by way of charge subscriptions.

[1] https://www.consumerfinance.gov/about-us/blog/you-have-prote...

The crux of the question is, I guess, if a renewed credit card (with a new expiration date) is a "new credit card". Presumably this feature wouldn't work if you changed your card to one with a different CC number because it's a new account. If I lose/damage my card and have to get a new physical card, I at least don't think of that as a "new" card in terms of billing. It's not a new account with the card company in a contractual sense.

I understand the issues with some companies making it really hard to cancel a subscription, and I agree that there should be more regulation around being able to unsubscribe easily, but in the abstract, a subscription is a contract to pay X a month for Y service until you give the vendor notice of cancellation under some terms. If anything "canceling" by intentionally voiding your payment information in this way is a hack of the system, and a little unethical, even if it's expedient.

I would guess that, in the majority case, people's subscriptions lapsing due to their card expiring isn't intentional. I know I've certainly had to re-subscribe to a lot of things before, due to my card having to be replaced because of fraudulent activity, and if it could have just automatically incremented my expiration date by a couple months, that would have saved me hours of work.

If they didn't have a clickbait title, the post wouldn't be as interesting
Wait, this kind of thing is legal in USA?
Where is it illegal? Can you point me to the law that makes it so? Curious to see the wording of how they identify and enforce something like that.
How much better is the cost per payment for one of Stripe's big customers? It's 2.9% + $0.30 for most, but if a company is doing, like Postmates are, millions of dollars or tens of millions of dollars in sales volume, what sort of 'preferred' rates do they receive from Stripe?
These rates will posted a while back. YMMV.

$0 – 100,000 / month 2.9% + 30¢

$100,001 – 500,000 / month 2.7% + 30¢

$500,001 – 1,000,000 / month 2.4% + 30¢

$1,000,001 – 5,000,000 / month 2.2% + 30¢

$5,000,001+ / month 1.9% + 30¢

Thanks for looking that up for me! It was something I had been thinking about.
As an aside, is anybody else getting spam from Postmates? I gave a tagged email address only to Plex in 2012. They sent me a compromise notice in 2015. It started getting used by spammers in late 2016, with ~4400 spam messages received since then. In the last month or so, Postmates, who I have never used, started spamming that address. I'm now receiving circa one thing from Postmates a day.
Interesting, maybe they have a referral program so now some spammer is masquerading as the real thing to earn some affiliate money?
We also used Stripe for our crowdfunding efforts. It was convenient and the fees were reasonable. QuadraClicks.com this is our product, the crowdfunding site is machi-ya
The largest chunk of savings (~85%!) is from Card Account Updater, which many payment processors offer. In some ways that says more about the B in the A/B test than it does about Stripe.