Stripe has decided to nuke my entire business

1624 points by yaythefuture ↗ HN
Saw https://news.ycombinator.com/item?id=32261868 from a couple weeks ago and figured I'd share my own story.

3 weeks ago, I woke up to a pissed off customer telling me her payments were broken. My startup uses Stripe Connect to accept payments on behalf of our clients, and when I looked into it, I found that Stripe had decided to deactivate her account. Reason listed: 'Other'.

Great.

I contact Stripe via chat, and I learn nothing. Frontline support says "we'll look into it." Days go by, still nothing. Meanwhile, this customer is losing a massive amount of business and suffering.

After a few days, my team and I go at them from as many angles as possible. We're on the phone, we're on Twitter, we're reaching out to connections who work there / used to work there, and of course, we reach out to patio11. All of these support channels give us nothing except "we've got a team looking into it". But Stripe's frontline seems to be prohibited from offering any other info, I assume for liability reasons. "We wouldn't want to accidentally tell you the reason this happened, and have it be a bad one."

We ask: 1. Why was this account flagged? "I don't have that information" 2. What can we do to get this fixed? "I don't have access to that information. 3. Who does? "I don't have access to that information" 4. What can you do about this? "I've escalated your case. It's being reviewed."

I should mention at this point that I've been running this business since 2016, my customers have been more or less the same since then, and I've had (back when it was apparently possible) several phone conversations with Stripe staff about my business model. They know exactly who our customers are and what services we offer, and have approved it as such.

After a week of templated email responses and endless anxiety, we finally got an email from Stripe letting us know that they had reviewed the account and reactivated it. We never got a reason for why any of this had happened, despite asking for one multiple times. Oh well, still good news right? Except nope, this was only the beginning.

This morning I woke up to an email that about 35% of my client accounts had been deactivated and were "Under review", the kicker here being that one of those accounts is the same one they already reviewed last week! This is either the work of incompetent staff or (more likely) a bad algorithm. No reasonable human could make this mistake after last week's drama.

So currently, my product doesn't work for 35% of my customers. Cue torrent of pissed off customer emails.

And the best part is, this time I have an email from Stripe this time: Apparently these accounts are being flagged, despite the notes on our file, and despite the review completed literally last week, as not in compliance with Stripe's ToS. They suggest that if I believe this was done in error, I should reach out to customer support. Oh, you mean the same customer support that can't give me literally any information at all other than "We have a team looking into it"? The same customer support that won't give me any estimates as to how long it's going to take to put this fire out? The same customer support that literally looked into this a week ago and found no issues!?

I feel like I'm going crazy over here. These accounts have hundreds of thousands of dollars in them being held hostage by an utterly incompetent team / algorithm that seems to lack any and all empathy for the havoc they wreak on businesses when they pull the rug out from under them with no warning, nor for the impact they have on customers when they all of a sudden lose all ability to make money. And all that for an account that has been using Stripe for nearly 7 years without issue!

This goes so far beyond...

704 comments

[ 3.1 ms ] story [ 394 ms ] thread
At what point does it make sense to sue these companies to compel them to answer these questions? I know, that's expensive... but I'm willing to contribute to a legal fund to make payment processors answer questions.
I’ll contribute a few hundred bucks too
Of course a logical question is: with whom do you set up a "Fund me" drive to sue the likes of PayPal and Stripe?
(comment deleted)
Usually you would start with a “lawyer letter” and hope it adds some urgency to resolving your issue. Those are way faster and cheaper than actually filing suit.
A law firm probably has an escrow account set up for this.
I second this!

Also, a lobbying effort should be funded, to compel these companies by law to provide detailed feedback.

(comment deleted)
Same here... from a developing country, but still will contribute. These kind of actions by such monopolies piss me off badly.

Go sue them. Also, cannot a class-action lawsuit be initiated against them? We already have many people going through such cases...?

Hint: at this point. Right here. Right now.
Corporations that provide critical services that would otherwise be hard to find elsewhere (Stripe, perhaps) use these legal threats to completely shut their customers out of their closed ecosystems. If you hold them to account, you pay a stiff penalty on the other end being denied access to the services they monopolize. And you are very likely compelled to operate using their arbitration schemes and you will have no path to swift action. I don't know how to get around this and it remains the primary reason I walk away from companies that operate terribly with their customers (I see you, AirBnB -- https://www.airbnbhell.com/), but who provide services that I sometimes really need. I'd love to understand from a lawyer what REAL paths customers have to finding swift and fair (I should lose sometimes too!) justice without an extra-judicial penalty put down by a company operating a semi-monopoly.
> If you hold them to account, you pay a stiff penalty on the other end being denied access to the services they monopolize.

Looks like they've already paid that penalty

I'm not sure if suing is a reasonable way to go - suing would work if there's a legal right to continued service or "answers" but IMHO there is not, technically for such B2B deals Stripe has the legal right to say "you haven't broken any explicit restriction or terms of service, but we simply decided to terminate the contract because we didn't like your business" or "we threw a bunch of dice and arbitrarily chose to".
Maybe it's just some competitor using bots to falsely report you and/or your customers to ruin your business intentionally?
I've heard accusations of companies purposefully hiring bot farms to click on their competitors' ads and blow their budgets / get them dropped for excessive click fraud. It's rough out there.
This kind of stuff really scares me. I'm bootstrapping a SaaS and my big competitors could crush me real easy with stuff like this.
I'm about 90% certain it's an algorithm. This sounds like the classic PFA vs PD tradeoff...Stripe either lets the bad guys get away with using their "platform" for ill gotten gains or stripe stops the cretins while at the same time ruining people's lives.

And it looks like Stripe has been targeted by US State Attorneys frequently https://decrypt.co/42444/stripe-pays-120000-to-steer-clear-o.... So I can't fault them. They've got hundreds of thousands of irate algorithm victims that they're dealing with but those victims can't throw them in jail or seize their assets.

It sucks this happened to you, but like with all the PayPal hate stories, I notice you're very careful not to describe what type of business you operate.
Does it matter? PayPal and Stripe don't advertise that they will only do business with organizations with which they agree. To accept a business as a client for a mission critical service like payment processing and then summarily cancel or suspend service without notice should be able to be prosecuted the same as someone who vandalizes a physical storefront to the point they cannot open for business. This is non-trivial and PayPal and others are acting like rat bastards to accept a client, get them dependent, and then dump them without warning.
It does matter if it actually violates the TOS, or could be vaguely interpreted to do so I guess?
And how many times does a company claim you have violated TOS and then refuse to tell you how you violated the TOS? To act in this manner nullifies the TOS in my opinion.
It definitely sucks for the merchant companies ending up on the pointy end of the TOS. But you also need to consider the payment company side of things. They face a relentless tide of fraud and shady merchants. If they are too transparent about exactly how they detect a problem, that makes it much easier for the criminals, scam artists, and dodgy merchants to get around TOS enforcement.

The real culprits here are the people trying to violate the TOS, plus everybody's desire for cheap services and easy onboarding. The historical alternative was very expensive setup (e.g., spend a few years building a relationship with your local bank branch manager and establishing a financial track record). Making it easy to get started means that most problems will show up down the road, and the lower merchant costs means less money to pay for smart people to carefully untangle the truly dodgy from accounts that just look that way.

> If they are too transparent about exactly how they detect a problem, that makes it much easier for the criminals, scam artists, and dodgy merchants to get around TOS enforcement.

I get that, but I don't see how actually telling people what term of service was violated gives too much leverage to the bad guys.

Neither do I, but I wouldn't expect to see it without really understanding the bad actors and what they're up to. So this could be their best effort. Or it could be that they're just going with a blanket "say nothing" policy because it's too hard to create a more nuanced policy that the CSRs can apply consistently. Or it could just be laziness and a lack of customer focus. It's impossible to say from the outside.
Never. In 20+ years of using Internet I have never been banned unduly from any service.

I have seen way to many stories about people claiming to have been banned for no reasons from services (online video games are a popular one) before it is revealed the ban was 100% legitimate, to take any new story like this at face value.

I was banned by PayPal once because I didn't sign up with an SSN or EIN and proceeded to make enough to trigger a review because they couldn't file a proper 1099-K on me. This was an oversight on my part and I offered to correct the situation by submitting any documentation they needed -- photo ID, SSN, prior year tax returns to PROVE that I was paying tax on the revenue coming from PayPal, the new LLC and EIN I had for that company's activity. They refused to update my account, told me to start over with a new account, and then similarly ban-hammered me again (probably because I started an account after getting banned even though it's what they told me to do!).

I made a mistake out of inexperience, was refused the chance to correct that mistake, and all of my PayPal accounts -- including my PERSONAL account that I had had for years -- were banned because they were started by a person (me) who had an account frozen or banned. Is that a legitimate enough story?

No, not legitimate at all.

PayPal had banned me because I was under 18 when I opened my account, they then allowed me to open a new one (right after this one got suspended) and it has been working fine without any issue since then (10 years+).

Stop doing shady stuff.

(comment deleted)
> Stop doing shady stuff.

If PayPal requires an SSN or EIN, why do they even allow you to create an account without one?

Because it doesn't require one. You can see the holes in OP's story. First he starts saying that he can give them an ID or his SSN and then all of a sudden it becomes a company account?

The guy can't keep his story straight for 3 lines on HackerNews, he is obviously doing stuff that he shouldn't and using his PayPal in a sketchy manner.

But at least you knew why you got banned!
Only the first time. They never told me why my other accounts -- which were following all of the rules -- were frozen.
Somewhere between occasionally and almost always, depending on the reason.

In most cases, you will not be given details if fraud is suspected. The reason being that companies don't want to tell fraudsters how they got caught.

Whether or not the TOS can be said to be legally nullified (not being a lawyer, I have no idea) canceling or suspending someone's account without telling them some kind of reason they can do something about is absolutely unethical.

It is also very common.

It is very common because it is not benefial for the company to clarify reasons. It includes many risks.

They can be proved to be incorrect, for exmpale if they refer into their own ToS, which is public information and binding. And then some legal expert says that this is not how it goes and it ends up into court, because customer sees risks being lower.

If they made a mistake or there was a software failure, it is bad PR.

If they ban someone for some specific reason but not someone else, there will be drama.

It is very beneficial to just say nothing.

Maybe there is a market for insurance to initiate a "Wrongful ToS Ban Lawsuit." I take no right/wrong position on the below gentleman but note that he did bring a lawsuit against Twitter for being banned and his account reinstatement coincides with a settlement of the suit. Right now the payment facilitators only have loss of an account in terms of incentive to reduce false positives in detecting fraud.

One year ago this month, Twitter permanently suspended a 340,000-follower account for “repeated violations of our COVID-19 misinformation rules.” The owner of that account, the former New York Times reporter and vaccine skeptic Alex Berenson, responded with a lawsuit demanding reinstatement. . . .

. . . Earlier this summer, Twitter put Berenson’s account back online, noting that “the parties have come to a mutually acceptable resolution.” Berenson wasted little time in calling out mainstream media for failing to cover the “pathbreaking settlement” that led to his return. . . .

https://www.theatlantic.com/technology/archive/2022/08/alex-...

They did say they had been running the business for several years and have prior discussions with Stripe about TOS on file.
Ok but is that a green flag or a yellow flag?

How many companies using Stripe have had multiple conversations about the TOS? I would guess it’s a minority. Not a topic anyone is usually excited to talk about.

The TOS can be updated/changed/clarified over time and they could end up falling outside of what they cover as a result. It's not great and sucks as a customer but it can happen.
NO, it does not in this case

They can determine up front if it violates the TOS

They can notify the customer of the SPECIFIC violation IN DETAIL, and what can be done to cure it, and provide time to do so.

They can deny access to the transaction instead of nuking the entire business for some algorithmic flag.

The Stripes and PayPals of the world do NONE of this. Instead, they act like they accept almost all businesses, get them dependent on that piece of infrastructure, then willfully trash the business on a whim.

The type of business matters if we're trying to guess whether they violated the TOS or not.

I completely agree with you that how these companies handle these issues is completely wrong, if not fraudulent.

I agree that in general, it matters.

However, by a long series of deliberate actions, Stripe has made it irrelevant to the fact that they are now deliberately, unilaterally, and with zero notice whatsoever shutting down that biz' critical infrastructure.

They could have, and should have as a part of KYC compliance, already figured out what type of business it is. If they failed at that, then fine, give them 60 days notice to find other infrastructure. Stripe is taking its OWN FAILURE to properly vet their customers according to their own standards and dumping the consequences onto the ex-customers. Sorry, but unless we're talking actual provable international criminal/autocratic money-laundering, that's just wrong.

The part where they said everything was fine and then re-locked so much a week later is completely unacceptable even if the business does violate the TOS.
Is it all companies that can no longer decide who they do business with in accordance with the terms of the contracts in place?
> PayPal and Stripe don't advertise that they will only do business with organizations with which they agree.

https://stripe.com/legal/restricted-businesses

> Firearms, explosives and dangerous materials

> Guns, gunpowders, ammunitions, weapons, fireworks and other explosives. Peptides, research chemicals, and other toxic, flammable and radioactive materials

Why does the payment processor get to dictate whether I can run a defense ordnance company or run a scientific chemical supplies store?

Some of this stuff needs to be challenged in the court or regulated so that payment processor has no say whatsoever in whatever their belief system says about legitimacy of a business.

> Why does the fucking payment processor get to dictate whether I can run a defense ordnance company or run a scientific chemical supplies store?

Because they have the legal right to do so? They could ban companies run by redheads, if they like. As long as they're not discriminating based on very specific sets of criteria established by law, they get to choose who they do business with.

The government requiring private citizenry to associate with everyone who wishes to associate with them seems like a very dark path to go down.

While I agree with your point, I think banning redheads would violate Title II of the Civil Rights Act of 1964.
No; hair color is not what that legislation covers.

It is entirely legal in the United States to discriminate against redheads, or people whose names start with B, or Hacker News users, or people who enjoy skiing.

I do believe that there could be an argument that discrimination on hair color could fall under national origin or color:

Under 29 CFR § 1606.1, national origin is defined as but not limited to: An individual's, or his or her ancestor's, place of origin; or because an individual has the physical, cultural or linguistic characteristics of a national origin group.

With the current court, almost certainly not; they're not inclined to expand the definition of "disparate impact" like that.

If a future Court ever decides hair color denotes national origin, fall back to a different example of your choosing; people with tattoos, Mac users, viola players.

Hair color is something you're born with and is a genetic mutation based off lineage and other factors. I don't think they directly corelate and it wouldn't necessarily even make it to the Supreme Court. Most businesses aren't going to appeal to say that they can discriminate based on hair color nor willingly admit to doing so, nor would they ever likely make the argument that they did it and that it is okay.
The law doesn’t say “things you are born with”, though. That’s a common theme with the specific categories it does name, but only those specific categories are protected.
It isn't specifically limited to those specific narrow words by the most limited means you're thinking. I'm sure they could make that argument, but only a fool would risk a discrimination lawsuit based on hair color. Even if that is the specific reason a person would have to be either a fool or want to try to challenge the law, and there is no guarantee after losing that the Supreme Court would even take the case. I don't think the Supreme Court would even want to touch such a case nor that it would be ruled on in the manner you're thinking.
You could discriminate against people with dyed hair colors, but I find it hard to believe that any court would say that a person's natural hair is not a physical characteristic of a national origin group.
They are common carriers. The elephant in the room is the Visa/Mastercard duopoly.
As a red head, this made me chuckle. Thank you.
Why do you believe that private companies shouldn't have freedom of association? Or put differently, why should the government be able to force Stripe to do business with people who Stripe thinks would not be good for their business?
In a world of free association Stripe would probably be more willing to do business with "high risk" companies because they could charge them substantially higher fees. The government directly and indirectly tries to discourage business with these kinds of companies which is why companies like porn websites, fireworks wholesalers and check cashers have a hard time getting bank accounts these days.
Sorry, who do you believe is preventing Stripe from charging higher fees to riskier accounts? Please be specific.

Also, what's your evidence that some payment processors don't handle porn because of government pressure, rather than just natural market forces? I had a friend who did tech for a porn company, and from what he says, even a well-run porn company has much higher rates of chargebacks (e.g., next-day regrets and "no honey I don't know what that charge is") and fraud (stolen cards, fraudulent affiliate program participants).

You mean the belief system of wanting to not get sued by someone who get's hurt or killed?
I was considering starting a weapons ordnance company, getting federal ATF license and bid on a contract to USG and NATO forces. I guess Stripe billing isn't going to be our choice of service. Stripe has really good invoice/PO processing APIs.
On the off chance there are more regulatory requirements to accept this sort of business and they don't want to build out the support necessary to do so? Maybe there's different risk profiles that they're not willing to accept
Stripe has an internal list of "instant ban, no questions allowed" activities/triggers.

Think about how they can accept 100+ currencies without a relationship with some dodgy central banks in developing countries.

There are absolutely items on that list for political reasons.

>Does it matter?

That is indeed the question. There is no way of knowing if the nature of the business is a factor unless you know that nature of the business.

This is more a function of the fact that I don't want my business to be identifiable from this post than that it's a sketchy business. You'll have to take my word for it, but it's exceedingly benign.
Are you sure it's not a medium risk business that IS benign, but STILL is considered medium to high risk?

For example, selling video game digital products like a strategy guide is benign, but gaming industry is ripe with fraud so most processors will give you shit if you're in the gaming niche, let alone (non-crypto) digital currencies, crypto, health products, non-snakeoil supplements, etc.

Even if this is the case, it doesn't mean that Stripe should just be able to turn off a 3rd of the guy's business with no warning or reason. If they don't like what he's doing, tell him and give him notice to switch to another provider rather than just tanking his business over night.
Yeah that isn't how payment processors work. If his clients are in breach of Stripes TOS it puts Stripe at odds with the compliance teams at Visa/MC/Amex immediately if they are processing his payments.

Source: I used to run adult websites which is considered 'high risk' and also these days responsible for overseeing 1M/m in CC processing for a state agency.

They only reason theyd do this is for reputation. They don't want a good reputation with people in risky business.
I believe you, but I was also triggered by this line here

> They know exactly who our customers are and what services we offer, and have approved it as such.

which sounds like you offer services out of the ordinary.

Which is besides the point.
It is not. A company like Stripe is free to decide it does not want to be associated with certain services. You may disagree with that, and I would certainly agree they should at least be upfront about it, but it is not beside the point.
It certainly sounds like it’s some sort of e-pimp business based on what we know so far.
Source for that? OP is usign a throwaway account and hasn’t said anything about the business.
That's most of it; having clients that have their own sub-stripe accounts that are triggering fraud detection and not mentioning the business.

It's not much to go on but it's all we have.

It is free to do that, but if it decides it wants to kick customers out immediately without explanation, we are free to tell one another and use a different provider. That is the point we're discussing, whether the dev community can still consider Stripe reliable and professional.
Since HN is a community, you might have more luck getting this fixed if you posted this with your regular username? Never mind this suggestion if you have previously posted "sketchy" opinions that would harm your business, although you may be past that point now...
Agree. The OP account was created today. If it was a long-standing user with lots of comment history, then I’d be more inclined to wonder what was going on etc.

Creating a new account on here to potentially get support is just plain wrong, and needs dealing with IMO. Should never hit the front page.

The problem is that my real HN account is my actual name. It'd be like 2 clicks to figure out what my business is.
Yeah, me too. I was wrong to suspect that you wanted to avoid associating your business with your HN content. So, are you trying to avoid leaving an online record of "this business helped Stripe screw over its customers"? Unless your customers have strong incentives not to talk publicly about their experiences, that ship has sailed...
Ha, not quite. It's more I'm concerned that people considering using my product will see this in the future (hopefully when this issue is resolved) and be wary of doing business with us.
Is it an animal, a mineral, or a vegetable? Surely you can give us enough generic information that we can know roughly what kind of business you run without making it searchable.
We operate in the public sector where the number of startups is small. If I shared the vertical you'd be able to narrow it down to 2 or 3 companies.
Totally understandable, but what kind of business is it? If you just keep saying 'it's a business' but refuse to provide any further details then people are gonna make assumptions, eg adult entertainment. Nobody's asking what your specific business model is.

Also consider that if the situation continues your pissed-off downstream customers will ID you sooner or later.

He's ignoring the "what type of business" questions. I'm getting downvoted. I don't care. He's ignoring it for a reason still.
Assuming it's legal, should it matter?
Yes, it matters deeply, because some product categories are so rife with fraud (or are positioned so prominently in the fraud value chain, from carders to cashers) that they can't be served cost-effectively by conventional payment processors.
That still does not excuse the total information blackout.
I don't know what that statement has to do with my comment or the comment I replied to.
The post does note that Stripe has been supporting this business and these customers for years.

If for some reason Stripe wants to withdraw that support, they must give their reasons and a proper period for transition to another provider.

you're implying the business is illegal or violates TOS?

if it's egregious, I'm assuming someone from stripe could get in here and ask permission from the OP to explain to the community what happened?

The overwhelming majority of stories I hear about paypal fucking over businesses are about benign transactions.

I don't think your judgmental paranoia is founded.

FWIW, there was a story about this sort of issue on national radio (in the US) a few weeks ago. The gist of it was "I can't rely on Stripe for my payment system because they vanish too much for too long."

The businesses were very not shady, and nowhere near morally controversial.

My impression from that piece and these stories is that Stripe is having some technical problems and it's wreaking havoc everywhere.

I'd be curious to listen to this if you have a link?
I was trying to find it but can't... I thought it was on Planet Money but might not have been. I'm pretty sure it was a program on NPR because that and college radio are about all I listen to on the radio, and it wasn't a podcast.

I wish I could remember the details better. They were focused on small business owners, retail mostly. I think they started out with an interview of someone with an interior design-related business.

Where can we read your marketing copy? Where is the link to your website?
I can understand the need for anonymity. It wouldn't fill customers with confidence to Google the seller and find a giant thread about how his payments service cut off 35% of his customers.
You didn't say how it ended, is it still ongoing?
I assume it's still happening since he posted this 13 minutes ago (at my posting of this).
An incredibly unhelpful comment.
If I were helpful, I'd probably drop a comment on HN for the first time in a week to shit on someone's advice for moving forward with no advice of my own and nothing else to say.

Talk about the ultimate hypocrite.

(comment deleted)
This victim blaming has to stop. These companies shouldn't be able to just shut down an account like this, especially for something so critical and core to a business survival. We shouldn't have to live in a world where you need multiple backups for every service you use in case one decides to fuck you over for no good reason!
Not to agree with the grandparent comment, but we do live in exactly that world. Even as a private citizen I deliberately carry more than one kind of payment card.
You have a large selection to pick from! You can use Visa or you can use Mastercard.
I guess the response to this is, "it depends." Like I agree with you on an some level, but really it depends on what kind of SLA you have with the vendor. If you are not paying for one, you really are not owed an explanation, and you should be multi vendored on that function to prevent outages.
No - this would be an example of GETTING fucked by a company, BECAUSE you trusted them. Which is exactly the kind of thing we write laws about; you shouldn't be able to get fucked because you believed what a company told you. You should only be able to get fucked by a company because you agreed to the penalties of how they intended to fuck you, should you break that agreement, and proceeded to intentionally and/or maliciously break that agreement.

Consumer protection is "good, actually", and while a financially robust entity is always better served by having options and backups, it's reasonable to assume that those luxuries are not available to everyone and should thus not be the expected modus operandi of a standard enterprise.

Charitably, I'll assume you meant "you should have other methods, as backup", which is decent advice. It's just really shitty when you frame it as a default expectation that was "fucked up".

Sometimes when fucking happens, both parties did the fucking.

Betting the farm on Stripe should never be the modus operando of a 'standard enterprise' and thank god I have never worked with anyone in any position of power over money that shared your beliefs. That is just insanity.

Running a successful business that is intrinsically tied to a well-known or well-trusted institution is not only common, it's the case for the majority of businesses. Which is WHY we have consumer protection (it's not to protect your typical "consumer", it's to protect the money interests of business people). How many businesses do you think could survive a disruption to their banking access? Or maybe their internet access? Electricity access? These things get laws to guarantee their functionality, even though they're private industry, because keeping businesses running is pretty important.

So no, in no universe is it rational to believe that trusting a resource to deliver on their promises is, in any way, "fucking yourself". You're just projecting your paranoia onto others as a mechanism for rationalization. You have the privilege of living with backups, and pretend that it makes you more reasonable than others, because it boosts your ego while simultaneously satiating your paranoia. It's fine - I always carry a full sized spare tire in my compact car. Inconvenient and hardly used, sure. But it stifles my paranoia about the many times I've needed to ad-hoc replace a tire. And has saved me more trouble than I can quantify. That doesn't mean people who can't afford a full-sized spare are 'fucking themselves' by not prioritizing it over, say, other or less-costly needs. It just means that I have privileges they don't.

Yes, I'm paranoid and privileged, that's why a single point of failure doesn't result in me going bankrupt. Can I cry into some $100 bills? You can dish out the hate and I can keep on keepin on enjoying my lavish privilege of having backup plans. The only thing better than boosting my ego is boosting my bank account as I draw pictures of Scrooge McDuck while my soul nourishes on the insults of HN'ers (hopefully I incorporated them all here, I lost count).
No hate here, brother. Only love. And perception. Your sarcasm is a fine enough shield, and you hold it well! I hope that it protects you until you can be honest with yourself. In the mean time, I'm happy to take your admission as a win, even if you'd like it to be insincere. Thanks for admitting your a privileged paranoid; that's the first step!

I'm sorry you felt insulted by my assumptions about you. I honestly assumed that a sober recitation of the obvious flaws in your framing would be enough to deflect what was a small amount of candid anger that you decided to parlay into self-aggrandizing "advice". Instead, I can see that I touched a nerve and only invoked more hatred from you. For that, I am truly sorry! I hope you get less hateful in the future as I will try to be more cautious of similar types of lashing out.

I apologize, you see I am a simple hillbilly from backwater America. I would speak this same way to my best friends, and I'm not joking. Making everything delicate like I'm speaking to an 8 year old child is not really my thing, if I think someone dun fucked up I'm going to say so. Perhaps certain more refined segments of America conider this anger, and you can self console yourself of your moral superiority.
Your apology is accepted. Thank you! I hope you feel better soon!
Worth noting that he's using Stripe Connect, which is more complicated than just a regular "payment pathway". Having a second provider for that is decent advice, but it's not as simple as your pretty flippant comment would suggest.
Stories like this are why ultimately all payments will transition to crypto based and self custody. Having your livelihood at the whim of an algorithm is not only not cool. It is not sustainable. None of the legacy payment rails can be trusted to run without interruption. This includes Stripe, paypal and even the expected FedNOW service being introduced next year.
Self custody means having/being a custodian that does not make mistakes, ever. That is not sustainable either.
> Having your livelihood at the whim of an algorithm is not only not cool. It is not sustainable.

Yeah!

> all payments will transition to crypto based and self custody

But... but... you said...

Agreed, the no intermediary for a payment is a beautiful use case.

However I acknowledge the issue with volatility (to be solved!).

I think volatility will go down over time as crypto becomes more normal and boring.
You'd think stories like this call for standardization of payment processors (using APIs such that changing providers is possible in an instant), as an extension of monetary sovereignty, mandated by law.
It was just last month that all of the big players in the cryptocurrency space blacklisted all addresses that have ever interacted with TornadoCash from using their services, essentially transforming that monopoly money into even less than monopoly money.

Crypto is not at all decentralized.

Uh, yes if you use Circle (centralized), Coinbase (centralized), etc etc. Get your coins off of exchanges and learn how to actually use crypto with the way it was intended.
Sure, you can sell the coins off an exchange. But they're worth a lot less if so many entities won't touch them.
With defi, if your money falls through the cracks of automation you can kiss it goodbye -- it's gone for good. At least here there's a chance of a resolution.
That's the trade-off and it's a feature, not a bug.
This is why we need a decentralized Internet payment system, like email.

This was a non-controversial opinion not long ago.

Your sentence caught me off guard, maybe I am reading it wrong. Do you mean email as a payment system, or do you mean email as an example of a decentralized system?
The latter - a system that is like e-mail (decentralized) but allows people to send money to each other.

We have many such systems being developed, but you get downvoted on HN for promoting them, since people assume you are a scammer, a criminal, etc.

Ironically, email is becoming increasingly centralized. See this story from just a few days go

https://news.ycombinator.com/item?id=32715437

Yes, as with any protocol email is always subject to centralizing forces. But protocols like email (to me) represent the best possible approach to trying to counteract these forces for Internet applications. They aren’t a silver bullet but maintain the best forms of optionality for undermining and correcting them.
How can they still be in development when the underlying tech has been available for 12 years or so?

In the real world, there is no anonymous e-money that doesn't end up having to be laundered back into good old cash.

Lol yeah so you are talking about a cryptocurrency but actually afraid to use that word. I know, I just did in my other comment and I know I will be attacked here.
If gmail/outlook/yahoo bans you or mark you as spam, you are not gonna get much done.
Yes the maximally centralized form of a protocol like email is the one we have now where a few large actors can collude to cut you off from large swaths of the network.

However, that’s different than a singular actor, but more importantly, nothing is stopping a counterforce from coming in and correcting that regime. It’s possible we may see email revert to a less centralized form over time as various people choose to prioritize working that problem (and can make headway, because of how email works.)

The point is email as a protocol is extremely open, but email as a network is quite centralized. There aren’t any great options here because buildings a system is easy but interfacing it with the real world and all it’s laws and bad actors is hard.

What people forget is interfacing with systems designed to operate in the real world is at best an abstraction over this difficulty and eventually it gets exposed for the mess it actually is.

This is unlikely the spam problem is too hard to solve at the small scale for you to ever be relevant.
We should, but the problem is consumers want the protections offered by PayPal and VISA who do fraud analysis and can clawback money etc. etc..

There's definitely a space for 'digital cash', for sure, but consumers will prefer the former.

When it comes to money, there are just deeply inherent issues of dealing with fraud, spam, goods not delivered etc. etc.. which adds significant overhead to the whole system.

Most people playing above-above board don't have a problem.

Usually in these cases, it's because something semi-shady is being sold, and it usually contravenes one of the T&Cs of Stripe.

The OP here didn't tell us what line of business they were in.

Yes, of course this is a huge challenge. That’s the point tho, the high order bit is we should want to solve these problems and support good faith actors who are actually trying to.
What problems? There are organizations that are not Stripe where they have much better support.
A payment system like that would run face first into Know Your Customer (KYC) laws and bet shut down.

This isn't a hard problem for technical reasons, it's all political. It's about preventing money laundering and trying to fight crime via financial instruments. But it also means any payment system that doesn't implement these restrictions will almost instantly be overrun by criminals because they are highly motivated to find ways of moving money.

A payment system like that would run face first into Know Your Customer (KYC) laws and bet shut down.

Great, then let's change those laws.

Good luck, not going to happen.

Democratic systems won't change these laws because there is no popular support for change - there is a reasonably large 'law-and-order' and 'corruption-as-main-concern' voter demographic who strongly support these laws, and the niche of HN techies and libertarians who'd oppose them is insignificantly small in comparison; and authoritarian systems won't change these laws because their leadership supports them even more.

I acknowledge that that is the prevailing sentiment, and the obviously correct conclusion. And yet I can't accept that kind of defeatist thinking. To embrace defeatism on that level is to basically accept that nothing will ever change, and we know that things do, occasionally, change. It's not always clear exactly what it takes to create wide-scale societal change, and yes one could easily spend their whole life engaging in activism and die with nothing to show for it. Yet people do still persist, for their own reasons. And sometimes the good guys do win.
It's not passive giving up - many people, including me, consider the social change you want to drive as harmful in aggregate, and would fight against it; and I'm asserting that at the moment we are in the majority.

I understand the idealistic benefits of freedom of payments, however, the KYC/AML restrictions are there for valid reasons that simply have much more magnitude of importance (for example, the scale of corruption and its social harm is so big that even a slight decrease in that due to KYC/AML enforcement far outweighs all the current social costs of KYC/AML) and removing them would mean that in aggregate the bad guys have won. I'm not saying that you're a bad guy, but you are an "ally of convenience" to them as achieving your position would let the bad guys win and I would consider it immoral to allow that.

We definitely should strive for better, more accurate AML/KYC implementations that have less impact on legitimate trade. But arguing for removing AML/KYC just because of that is effectively throwing out the baby with the bathwater.

The most compelling reason to argue against these kinds of laws is to think of their full consequences if suddenly illegal transactions were virtuous, as they have been in the past when totalitarian regimes have gained power. The present day doesn’t put a high value on freedom to transact in the west, because most illegal transactions in the west are for things many would consider criminal or immoral. But if times change (as they do in history) then not securing the freedom to transact and a vibrant economy rooted in this freedom will be come to seen as a grave error imo.
Why? They are a net benefit to society and above board businesses.
If you subscribe to the belief that criminal activity is a drain on society then there is a case for trying to combat it. Then it becomes a question of "do these KYC laws cost more to society than the crimes they prevent?" That is a harder question, but it is hard to overstate the amount of damage to a society rampant corruption and crime can cause and the benefits of allowing anonymous finance are somewhat more nebulous.
I wonder if criminals didn't have so much money to launder, would bitcoin have ever managed to jump the "belief gap" to the extreme degee it did, from computational bits of cryptographically unique data into actual spendable dollars?
Isn't that what cryptocurrency is?
Could a report to the CFPB move the needle?
I work at Stripe. Could you email me at edwin@stripe.com and I can dig into this?
Here it is! The raison d'etre of these posts to HN!
Bless Edwin for being here for us, always, time after time, but what a sad state of affairs.
Edwin has saved me before too. Love Edwin.
I'm proud to announce that Edwin officially pulled through for us today. All our accounts have been reactivated.

There are clearly problems at Stripe. But this kind human is not one of them.

I would still recommend you change your payment backend to direct your customer payments via one or more "backup" processors asap. Perhaps leave Stripe altogether if you prefer, once that's done, or keep Stripe around as the backup.

After all, they have a track record of screwing you over again, after fixing and checking your account. Whatever triggered that could do it again when you least expect it, despite Edwin's good work. Probably the triggers haven't changed as you are still running the same business.

(Like several other commenters, I was thinking of using Stripe as a main payment processor before seeing this article because of their great API, documentation, test mode and ease of setup. They seemed like a good choice, but I had wrongly assumed they were reasonable and reliable and if there were issues they could be resolved; that I didn't need to worry about Stripe being shady themselves. Now I've learned Stripe is like the Paypal of old when it comes to killing a business abruptly with no warning or recourse. That's so severe it cancels out every benefit and feature. With much disappointment I now feel it will be necessary to evaluate other services instead.)

Someone reaching out in this case is nice but what about folks who can't get their complaint to the top of the HN front page? I'm hopeful the OP gets everything sorted out but these no-warning, no-explanation, no-recourse suspensions need to be prohibited when the only thing a company says is "TOS violation."
Completely agreed. In the past, my employer has been in the same position with a different platform and to say it is an existential and Kafkesque nightmare is an understatement.
There's a variety of cases where the only legal messaging around the suspension is approximately that. Whether or not Stripe is doing wrong here, they do have to comply with US law and that type of law will result in that shape of suspension and therefore this type of story appearing on HN.
It is nice that people can get a quick fix by hitting the front page here, but for the rest of the community we have to realize that this is does nothing to fix the systemic issue (of course I'm just stating the obvious here, but might as well make it explicit).
You should ask OP first for their email; right now anyone can email you claiming to be OP.
Does that really matter much? There will be additional account authentication after an email is sent, and half of hacker news at this point already knows “email patio11 or Edwin for stripe support”
They could verify by having OP change their "about" text, here on HN.
Or just anyone with an issue actually ...

.. and then it would become a bit unmanageable for 'edwin', and then they would have to create support@stripe.com or whatever (like literally every other company on earth) and set up an appropriate way of dealing with customer complaints.

You’re a nice guy to try and solve OP’s problem. But OP’s problem isn’t really the problem. The problem is that OP’s problem is reposted here weekly by someone new and they have to pray that you or someone else use backchannels to solve their hellish issue. There’s a meta-problem. Can you just dig into that problem instead? Then you won’t have to dig into these sub-problems once a week.
I'm sure OP would prefer he dig into the specific problem first
What we really need is some sort of default arbitrator for cases like this. Support gives no answers because "reasons" too frequently for too many business critical applications and the courts are too slow to fix the problem and building in redundancy too costly to compete for most integrations.
Your support process shouldn't be so fundamentally broken that it requires this to get a resolution. I'm sure this same situation has played out with thousands of devs/merchants that don't even know HN exists.
In case this helps, this thread (and others like it) have convinced me never to use Stripe. There needs to be an official, public policy posted to Stripe's website that outlines transparency over deactivations and the process for resolution.
If only there were some kind of permissionless, censorship resistant payments system, so that we could operate our businesses without being arbitrarily crushed by faceless corporations.
There is none. Everything can be censured, including Bitcoin to which you implied with this comment.
I will take the OP's story at face value, but I think a common theme in these sort of posts is the "Stripe not happy with my business model" angle which typically does not actually include any details about the business model.

For example, a few weeks ago the founder of Tailwind tweeted [0] about how Stripe had shut down their account when they were set to launch the Tailwind Job Board, despite many other job boards also using Stripe and there being no obvious increased risk. Any rational person would protest the fact that Stripe does not approve of this business.

Compare that to what I've seen on various Facebook groups about Stripe shutting down accounts. People aren't descriptive about what exactly they're selling and it usually boils down to "coaching" or some other gray area.

[0] https://twitter.com/adamwathan/status/1550092016242946049

Stripe reactivated the Tailwind account the same day, which means something at Stripe was broken in that case.

How is "coaching" an obvious gray area?

When I bought the All-Access pass from Tailwind Labs last night it went through Paddle.

Looks like this erroneous holds/deactivations are costing Stripe real business.

I'd imagine many "coaches" promise the world and deliver very little. They likely have very high chargebacks / returns / disputes that Stripe would rather not deal with.
There's no real product so they're easy to spin up and run a bunch of stolen CC numbers through.

ETA: Either the site all together or as an individual coach on the platform.

I'd wager if Adam didn't have over 100k followers on Twitter, and wasn't a big deal in the web development community (most have heard of either him, or at least TailwindCSS), he'd get the same treatment as the OP, which is "you did one or more things wrong that's listed on this huge page of conditions, go figure it out."
> Any rational person could see the issue with Stripe not approving of that business.

I think of myself as a fairly rational person, and I don't see the issue. Would you mind spelling out whatever you're trying to imply?

The comment was phrased poorly and is difficult to parse. Better worded, same meaning: any rational person would protest the fact that Stripe does not approve of this business.
It sounded OK in my head :-)
I think they're saying Stripe thinks those businesses are scams, illegal, or otherwise in gray areas that Stripe would rather not support. There's probably some automated decision-making happening on the backend so there are edge cases where good business are getting shut down on accident.
If that is the case, that is fine.

Then Stripe can FORKING SAY SO UP FRONT.

And those businesses can grumble but go elsewhere

Implying that you are happy to take on responsibility for infrastructure of someone's business, then unilaterally and without notice or opportunity to cure any issue, is pretty much tantamount to theft. Stripe in this case appears to be accepting money, then failing to provide service, and in this case is even holding onto money paid to their customers. This causes a lot more damage to others than it does to Stripe.

I don't like externalizing problems to other parties as a business model.

> I don't like externalizing problems to other parties as a business model

You just described the entire gig economy

YES! I have no idea why you are being downvoted on that - while it wasn't in mind while I wrote it, it does indeed apply! All the problems are at placed on the gig worker and the Ubers/AirBnBs/Instacarts of the world provide the software and work to shed as much responsibility as possible onto the drivers/hosts/workers. Apparently, there's a fair number of ppl on here who either do not see that or whose salary depends on them not seeing it.
I think the author refers to "Stripe not approving the business" as an issue.
A Job Board not being approved, despite many other job boards also using Stripe and there being no obvious increased risk.
maybe I'm not a rational person but could you explain why they would not approve of that business?
> Any rational person could see the issue with Stripe not approving of that business.

I guess I'm not rational. What's the issue with running a job board and charging for posts through Stripe?

What is wrong with a job board or a coaching business?
Nothing is wrong.

The risk profiles are different. That is only thing the payment processor cares about, same reason why adult services get shunned. Not because they are puritans, it is because of risk of frauds and chargebacks etc are much higher .

Coaching is a service unlike Tailwind the software that can varying success and satisfaction levels customers probably do higher chargebacks and stripe's automated systems or low level staff with a playbook likely rejected it until someone senior got to see the bad press and got it fixed.

Why would this be such a difficult thing to communicate to a customer?

"Hi, we've noticed an increase of frauds/chargebacks on your account so we have taken X action"

That also doesn't really explain why long-standing, established customer accounts were frozen with this particular business.

Unless you get a decision overridden by Edwin your pretty much stuck using an alternate payment process. I have been thankful Edwin was available here on HN, and Stripe definitely has a much more reliable product than competitors.
Who’s Edwin? Is that the username here? I’m having the same issue. Was hoping to resolve this using customer service rather than through social media. But I just can’t seem to talk to any real human at Stripe.
What issue are you seeing? Could you email me at edwin@stripe.com?
Thanks Edwin for reaching out. I’m on mobile right now, but I’ll email you tomorrow.
It'd be great if companies' support processes worked well, and there was no need to reach out to specific individuals on HN, etc, but ... those individuals, like Edwin, who end up being "the Stripe guy" on HN do such amazing value-add for their business.

It's incredible to me that despite the sheer size of these companies, and the enormous number of customers from all over the world, that there's a place you can go and get someone who will pay personal attention to your issue.

Kudos Edwin.

See this comment: https://news.ycombinator.com/item?id=32854831

Email Edwin and also reply to their comment on HN conveying the high level summary of what you think is going on with your account.

Normal Stripe support reps seem to stick to the script no matter what. Edwin has fixed edge cases for HN users in the past thankfully.

There's actually a response from Patrick Collison in that thread that may shed some light on OP's case.

https://twitter.com/patrickc/status/1550136569482252289

""What is happening?" => basically, a major uptick in attempted fraud over the first half of this year that necessitated making our systems stricter. But have an idea for a structural fix here. More soon. (DM me if you've had problems on this front.)"

The DM part may only apply to the high profile person he's responding to. :-)

Making your systems stricter will have the obvious side effect of increasing false negatives. Not scaling support, or fixing what is clearly a fundamentally broken support system, is incompetent.
Exactly. Especially when your decision is hitting a business right where it hurts: Cutting off revenue and invalidating customer-facing payment links.

How can any founder rely on Stripe, much less recommend the platform, if you need to have a backup system in place “just in case”.

> Any rational person could see the issue with Stripe not approving of that business.

Genuinely can't tell what you're suggesting the business model problem is with Tailwind Jobs?

According to the CEO at Stripe, the issue with the Tailwind example you listed was "a major uptick in attempted fraud over the first half of this year that necessitated making our systems stricter. But have an idea for a structural fix here. More soon." And then Tailwind Jobs was reactivated.

> Genuinely can't tell what you're suggesting the business model problem is with Tailwind Jobs?

They're saying the opposite. Paraphrased, "any rational person could see that Tailwind Jobs is a legit business and that it's wrong for Stripe to shut them down".

"The issue" in the sentence you quoted is referring to Stripe's behavior, not Tailwind Job's business model.

(comment deleted)
Yes, they almost always fail to mention it. Then it turns out they’re selling cannabis to Iran or something. And (rightly so) payment processors can’t tell us what the problem is. So I’m inclined to flag all such stories missing the obviously key information.
"rightly so"

What possible benefit could there be to anyone in "golly gee, who could possibly know?" vs. "It's because you're selling cannabis to Iran, stupid"?

My guess is that it's because most people aren't selling cannabis to Iran, and the Real Problem is the liability they [Stripe, et al] would be exposed to if they admitted their billion-dollar system (and/or call center employees) can't distinguish between Cuba and a cubano.

This really sounds like you're biased since your YC affiliation means you're invested in Stripe, and your statement essentially reads as "the (YC company) is always right, and the customer must prove otherwise." This mentality is largely the reason people hate tech/SV in the first place.
I'm not making that claim. I'm pointing out that a customer saying "X locked my account" without the relevant information for HN readers to decide whether or not X acted improperly doesn't make for a good HN submission.

If this company sells T-shirts or something, then Stripe may have acted improperly. If they sell cannabis, then Stripe would have acted as the law requires, as everyone in that industry knows perfectly well. So it's pretty relevant information, and HN readers deserve to have the information they need to make informed decisions. There are plenty of other places online for uninformed outrage bait.

> There are plenty of other places online for uninformed outrage bait.

There aren't though. People come to HN to complain about getting fucked over by YC companies because it's basically the only place people will get a response. I'm not saying all, or even most, complaints are valid. But your immediately siding with the YC company just shows your bias, which is expected since you're literally invested in the company.

Regardless of whether or not Stripe is legally in the right, their customer support is absolutely abysmal. And the problem is that this is clearly a trend with YC companies and the fact that people have to vent about it on HN so frequently, and with such fanfare, says a lot.

Huge warning signal to not use Stripe if this is their level of support for large business. If you're this large how do you not have one guy right accessible through a direct phone call? Stripe's slipping.
As you are, I'd focus on my business first. How do you get Stripe out of the equation? Stripe exists, in part, because of how bad the incumbents were, and could never innovate. But now that they have competition, could you switch?

I mean I love supporting startups, and YC, but Stripe has a $100b or whatever valuation... They'll be cool.

Just switch to a different merchant. This entire post seems weird to me because it seems like you are doing nothing here but just being a middleman in between Stripe and people who need to process payments lol. Why cant they just enable Stripe themselves?

>So currently, my product doesn't work for 35% of my customers. Cue torrent of pissed off customer emails.

Okay? You should have always had a plan for this bc its bound to happen eventually. Switch them to a new merchant or drop them as clients and take the heat. The cost of just being a middleman.

I presume they are using Stripe Connect and are trying to help their customers who have their individual Stripe accounts blocked.
> Just switch to a different merchant.

Yes because that is so simple and there are so many competitors that provide the same level of service /s. Also there is no guarantee anyone else in this space is better than Stripe (when it comes to customer service). I can tell you the company I attempted to switch to had terrible docs, a bad API, horrible support, oh, and their shit just didn't work randomly. This is not clear-cut or simple.

> You should have always had a plan for this bc its bound to happen eventually.

Throw some victim blaming in as well for good measure.

> The cost of just being a middleman.

Middleman, aka providing a platform that uses payments? That's what we are calling a "middleman" now?

This is bad.

There are more and more Stripe horror stories like this, and from an outsider perspective it looks awfully like PayPal behaved back in the day (probably still does but I'd never touch it again as a merchant).

I have positive experiences with using Stripe in my last startup and we're currently building Stripe integration on another, which will process about 50% of our revenue (the other payment method being direct wire transfer).

There might be just a tiny minority of people that end up treated like this, but with every story, I'm less confident about our move.

I have personal knowledge of more than one instance where stripe totally screwed over small companies and simply decided to ignore any contact for more than half a year, withholding the money and putting everyone in limbo.

yeah, im sure its a minority of accounts at stripe, but seriously, do not take the chance!

Not to mention the several instances where pc will come into threads like this and outright lie about reaching out to customers, or will ask them to reach out then ghost them again, etc.
Do you have specific examples? Not to imply you’re wrong, I’m just curious
There is no way they ignored legal service.

Op speaks of calling and emailing and reaching out … instead, pay your lawyer 30 minutes and have the letter hand delivered to their legal department.

I can’t predict what will happen but it won’t be ignored.

In the contract with stripe I can guarantee there's a "we can do anything we want" clause. The solution to these issues is functional government so we can regulate out that language and hold entities responsible.
yeah.. in the real world people cut their losses rather than sue the company a gazillion times larger than themselves, in foreign juristictions etc.

But I seriously ask anyone, how important is processing payments to you? what do you suspect the chances are? would you prefer to go through a bit more hoops upfront with a non-stripe alternative, or roll a 1/100 or even 1/10000 dice that one day you're just gonna be royally screwed over?

I have seen it happen very close, so I know my choice. It always "only" happens to other people... until it happens to you. Its easy to say "yeah.. they were doing shady things, I dont", but when the algorithmic gods determine you to be shady, no mere mortal, except perhaps a couple of very influential people lurking HN(cough edwin cough) will do anything. Will you catch his eye? is it worth the risk?

ANYTHING you depend on, spend serious serious time doing vetting, making sure its proper, and I would say, for the love of god, make it someone you could go visit physically.

Shopify has treated me in this exact same way. No customer service.. no response.
That's because Shopify Payments is just a front for Stripe. We've seen both sides at our company and they behave exactly the same.
It could be called the fintech compliance cycle. They start out with a single compliance officer (who is equipped with not much more than the OFAC list) and no identification requirements other than name and email. Then they get lots of customers due to how easy they are to use and how they don't arbitrarily steal your stuff like Paypal. Eventually they get a letter from some government agency telling them to implement "best practices" because one of their customers did something bad. Then in order to make the government happy they go and buy fancy screening software and hire a bunch of compliance monkeys who go around causing trouble like that described in the OP. At this point they are just a smaller version of Paypal and have very little reason to exist.
That sounds a lot like the stories I heard about Paypal, and their fraud detection team. There was an article interviewing someone about it. Back in the day, Paypal had to build tools to detect fraud because no one else was doing it at scale, at the time. I recall something about investigators outside of Paypal started to use those tools as well. I would not be surprised if Stripe had to create similar tools for themselves as well. Without transparency, it's hard to say what the false positive rates are, or what has changed in internal processes or in the regulatory landscape that might have triggered something different.

Stripe abstracts away a lot of the complexities involved in the payment and banking world, but there's a ton of infrastructure there related to detecting fraud and money laundering. Unfortunately, the lack of transparency makes what might be a leaky abstraction look like a Kafkaesque bureaucratic nightmare.

I also noticed the suspiciously absent description of OP's business model. That said, though Stripe has never wronged my business, our dependence on them is such a large liability that it obviously has to be treated as such in our business planning. Our integration with Stripe is kept light and somewhat abstract, and we're able to replace it without putting a ton of work into overhauling our billing system. Naturally, this rules out the full use of Stripe's offerings, but the risk/reward trade-off is overwhelmingly in favor of a light integration. I would strongly advise a similar approach for anyone else integrating with any payment processor.

Side note: the cryptocurrency shills in this thread are pathetic.

My first thought is this is a paycam business of some kind, or something very similar.
This happened to NewProject2 awhile ago - but the owners were hated for being political dissidents, so no one helped them. Now that it's happening to you... Sucks, doesn't it?
The worst part about these type of cases is not being able to get a straight answer. There is a whole subset of big tech that has taken the "you must be a fraudster therefore we can't unfuck the situation" approach to customer support.

It's an arms race with fraudsters that eventually sucks in legitimate businesses.

IMO it is not the "you must be a fraudster" logic as much as "we have enough other customers that we can burn you without much worry of repercussions".

As much as I hate government intervention in business, it really seems like there needs to be a way to force companies to actually be direct, accessible, and reactive in cases like this. I went through something similar with Venmo randomly locking my account after I received a large-ish payment, and not getting any real action or sense of urgency on their side.

This seems similar to anti-trust in a way. Taking a wider view of anti-trust, the goal is to keep the market healthy by ensuring there are choices available to consumers; there are no unhealthy monopolies and anti-competitive practices. Well, as a consumer I would like to be able to choose tech products where I can get effective support. Customer support is lacking in some markets, it's not healthy. The anti-trust fix is to bust up a company, but I don't see how that would help here. This is a new economic problem where dominant companies are run by computers and algorithms that serve 95% of the people, but if you're in the unlucky 5% you're screwed.
>it really seems like there needs to be a way to force companies to actually be direct, accessible, and reactive in cases like this

That's what SLAs/contracts are for.

Yeah, I had a trouble with Wise (formerly transferwise), with a rather large payment. The annoying thing was they delayed the payment of the 10% deposit, I sent the contract, approved, and then a month later they held up the balance as well.

I still love them. That issue aside they allow me to have a personal and business account in multiple currencies, and don't screw me on the exchange rates.

Not to put on too much tinfoil but the government probably benefits from opaque ban processes in large oligopolistic private companies. “It’s private enterprise, sure we may request it periodically but their cooperation is entirely voluntary based on their civic pride.”
I think it is called GDPR in Europe

Depending on amounts, small claims in the US might be viable.

> we have enough other customers that we can burn you without much worry of repercussions

This. This is a common tune to about 100% of "BigSomething killed my business" stories that appear on HN almost weekly. If you go to BigSomething, you get a polished, automated, convenient, cheap service that would not hesitate to kill you account the moment something looks wrong to any of the robots watching it, and the customer support (the non-robotic kind, I don't count "we are working on it" auto-replies) is not part of the package because it doesn't scale. You have to either accept this as the risk for doing business, or not use BigSomething as you primary or critical vendor.

Making competition easier in this space is another way to solve it. If Stripe had 15 competitors all of whom were API compatible so you could switch in 5 minutes, any bad PR would drive customers away in droves.

Government has made entry to this space hard which is why there aren't enough competitors, so they're really the source of the problem.

Might be time to build an analytics.js equivalent, but for payment processing. A single API lib that you can then use to process payments with Stripe, Braintree, etc.
Government hasn't made entry to this space hard, the banks that Stripe partners with have. Because they don't want to deal with high-risk transactions. They are the gatekeepers here, and Stripe has to bend over backwards to make them happy. They'd much rather burn individual customers, than jeopardize their entire business.
Certain banking regulations make those transactions "high risk".
Some of them are due to government regulations like 'don't launder money' and 'don't process money for illegal activities'. Which are, like, basic operations of society 101 level stuff.

Others (adult services) are not due to government regulations, they are there simply there because banks don't want to deal with chargebacks.

The crime of "money laundering" was invented out of nowhere one day. Society predates it by thousands of years.
+1 "Oceania Has Always Been at War with Eurasia"
And that day was less than 100 years ago. "Money laundering" as a concept was invented during the Prohibition (as were a lot of other private rights violations) in order to not let alcohol sellers - which the government was not able to prosecute directly - to use their money. But most of the current US AML regulations are based on the Bank Secrecy Act from 1970.
> Some of them are due to government regulations like 'don't launder money' and 'don't process money for illegal activities'. Which are, like, basic operations of society 101 level stuff.

Except the operationalization of those rules is: here are some vague guidelines that you have to follow, and if we don't like you we'll retroactively decide you were committing a crime even if you followed those guidelines to the letter. See HSBC for a case in point.

> Some of them are due to government regulations like 'don't launder money' and 'don't process money for illegal activities'. Which are, like, basic operations of society 101 level stuff.

No, that's wrong. Firstly, as others have pointed out, society long predates any such notions.

Secondly, determining what is illegal activity, and putting a stop to it, is ostensibly the job of law enforcement and the courts, not the bank.

Are we still pretending that USA government is a distinct entity from USA's large corporations? If the banks didn't like the regulations, the regulations would change. If some random elected official didn't like how the banks operated, after the next election she would be an ex-official.
From what I understand, the government introduced legislation sometime in the past 20-30 years (Was it the PATRIOT act? I can't remember) - which I believe put the onus of blame on the credit card processing companies instead of the government when it came to fighting fraud.

I assume the government didn't want to put all the work in of making sure the currency they've societally coerced the world to use isn't being used for fraudulent transactions, they'd rather pawn it off onto the banks because it's easier for the government to not do anything about it.

Now the banks have been shooting anything and everything that has even a semblance of fraud with account locks/funds freezing/etc., because if they don't the government will go after them.

How does this system make any sense to anybody? So frustrating. Let me exchange currency with anybody for any reason at any time.

Being direct, accessible and reactive at scale when you’re processing billions of dollars of transactions simply is not possible.

Stripe and other companies are doing their best, but they are in an arms race with more and more elaborate fraudsters. At planet scale.

right a company that makes billions of dollars can't hire more people to staff up their risk/compliance/fraud teams
That does not scale with the fraudsters. To have zero situations like OP is describing, Stripe would need to linearly scale its support team with the number of fraudsters, which would make their business simply non-viable.

This would be the same as saying: I want zero car accidents on the road, so I'll scale the police headcount linearly with the number of reckless drivers.

This could be a simple regulation - put a burden of proof on the company, and a prescribe escalation process with comment from the customer at each stage.
(comment deleted)
I hate seeing comments like this because Stripe’s hands are tied here. Anytime a bank or payment processor has frozen or shut down an account and you’re getting stonewalled it’s almost guaranteed to be an AML related issue and it’s against the law for them to tip a customer off that their account is being or might be investigated for suspicious activity. This isn’t Stripe deciding that you’re a fraudster and so you’re undeserving of help. This is Stripe doing business in compliance with the law. I’m not saying that makes it acceptable but if you’re upset about the behavior described in this post call your Senators and Representative to complain about the Bank Secrecy Act and the USA PATRIOT Act; they’re to blame for this sort of frustrating non-response.
Sure, and my experience is outside finance (more spam and fraud prevention).

Even if it is government under the hood you have to know what you're accused of. Not American so I doubt the US political system is interested in hearing from me, but I agree that's the only way of solving the deeper AML problems.

> Even if it is government under the hood you have to know what you're accused of.

This is exactly why the whole process is suspect. The government farms out the policing of certain financial crimes onto the financial institutions as a prerequisite for operating the business. If the government came along and froze your bank account you’d have a right to ask why and a right to get some answers. But instead the government pawns the responsibility off onto businesses and then prohibits those businesses from telling you why.

And so the BSA and Patriot Act effectively allow the government to take your property and take away your right to confront the government about why they took your property. And it’s all on merely a vague suspicion of misconduct. No proof whatsoever.

I can’t help but laugh at the irony— the federal government laundering their otherwise unconstitutional activities through the banks.

I'm trying to understand your position here:

You think AML/KYC laws, as they currently exist, are unconstitutional?

edit:

That's a fine position to have, but it's a fringe one, and I don't think you should be offering it as a reason why Stripe does what it does that's generally accepted by everyone else.

No. I don’t think it’s unconstitutional which is why I said “otherwise unconstitutional”. And you’re (perhaps deliberately) completely misunderstanding and conflating my two comments. I am quite confident that OP’s problems with Stripe are AML related which is not at all a “fringe” position.
> I am quite confident that OP’s problems with Stripe are AML related

I'm curious as to why you think that? Is this a way way more common thing than I expect? Or is "My startup uses Stripe Connect to accept payments on behalf of our clients" a raging red AML flag I don't recognise (I've never done that, so it could easily be)?

I’m confident it’s an AML issue because they’re getting stonewalled which is standard operating procedure when a Suspicious Activity Report has been filed. I don’t think using Stripe Connect is the red flag.

The thing with SARs is that they tend to be cascading as OP described. So if I (innocently and totally coincidentally) do a transaction with someone who has been flagged for suspicious activity my account might now be flagged as “higher risk” for suspicious activity and will be monitored more closely.

And, if they decide they’ve found suspicious activity in my account then everyone who does business with me is at risk of having their accounts flagged as “higher risk” for closer monitoring and so on.

And the bank isn’t allowed to tip anyone off because if any of those accounts are actually laundering money they might suddenly withdraw it and then the “lead” from the SAR is moot. It’s actually a crime to notify someone about the suspicious transaction(s). Which is why you get stonewalled.

Those laws certainly feel like guilty until proven innocent or in many cases, guilty no chance to prove innocence.
Exactly. Not fringe. Part of the normal struggle for existence.
It'd be unconstitutional, were the government in charge, without due process.
Interesting to notice the censorship of speech on social media is implemented the same way. The government does not remove undesirable information directly, instead it calls up all major platforms "for a chat" and tells them to voluntarily remove it, or face Congressional hearings and likely further unpleasantries down the road. An offer they can not refuse. Looks like they think they found a loophole in the Constitution and they are going to mine it for all the power they can get from it.
> it’s against the law for them to tip a customer off that their account is being or might be investigated for suspicious activity

What law do you think forbids this? In my experience running global payments through multiple rails, on an OFAC/risk ping you typically get a request for enhanced due diligence, which normally looks to the payee like “send me a picture of your drivers license”.

The most common result is that O Bin Laden (matching the OFAC list) is actually Oscar bin Laden; with further info you disambiguate the payee from the OFAC listed entity and are allowed to transact.

I have never encountered a reg that says you are obliged to ghost your customer.

The Bank Secrecy Act. And I don’t “think” it. I know it.
Which bit of the BSA?

edit: As I re-read the thread I see that I am thinking more of onboarding KYC, as opposed to this case which would be ongoing-activity investigation. So that would explain the difference in expectations here. Still interested in learning more about the regs for ongoing investigations if you have time to share!

The bit at 31 USC § 5318(g)(2)(A) under the title “Notification prohibited.” FinCEN has also promulgated confidentiality rules thereunder. I don’t have a pincite for that but I believe it’s tucked amongst their record keeping rules.
While this is clearly "a thing", I would be a fine bottle of wine that the OP's issue is not one of those things, and is just some dumb algorithmic or overworked fraud prevention contractor problem.

I would bet that 99.9% of the Stripe (and Paypal) horror stories that get posted almost weekly are _not_ federal money laundering or terrorism financing investigations with legal secrecy provisions imposed on the payment processor.

Unless you are a federal prosecutor, law enforcement officer, or bank executive that has actively worked on a Bank Secrecy Act case, I don't think you can authoritatively state that this sort of cowboy-style, "Move Fast and Break Things" way of blitz-scaling revenues while downscaling customer service favored by companies such as Stripe has ANYTHING to do with the Bank Secrecy Act.

If anything, I would bet that regulators would be concerned about the fact that companies such as Stripe have triggered a race to the bottom whereby underwriting has become an after-the-fact exercise that can severely damage and/or kill a high-growth SME. The old way, where you filled out a ton of paperwork, provided every bit of information possible about you and your business, and then went back and forth with a human to get approval, was a much more stable way to business. But alas, when you've got former bank governors on your payroll and political mega-PAC donors on your cap table, people don't scrutinize very much.

I am indeed more than qualified to “authoritatively state this”. Even by the ridiculous standards you’ve outlined. And I would be more than happy to take that bet.
So you’re stating that you have been involved in a situation in which a merchant account was frozen due to circumstances involving the Bank Secrecy Act? I just want to be completely certain that this is the assertion?
I don't think that's accurate.

I do some payments that are ridiculously suspect but legal.

I have never been completely blackholed and given robot responses, any time a problem comes up.

Stripe is lower margin than other banks/payment providers, so they don't look very hard.

They have a very strong incentive to throw away troublesome customers, which they do.

I don't think it's right to say Stripe's "hands are tied".

They could spend more to identify false positives, but they don't.

If I used Stripe for all of my transactions I would be blocked. I know this because I have 100% confirmed this from an inside source at Stripe and at a countries central bank.

Yet somehow I have and continue to maintain accounts with other banks without breaking the law.

Wouldn’t that only apply to investigations by e.g. Fincen? How many of these are just internal risk triggers by Stripe? Why would they have to stonewall you in those cases?

(Obviously it’s quite difficult to know the ratio of cases like these involving government investigations and those involving their own internal risk procedures.)

>almost guaranteed

The issue most people in this thread are talking about exists in the almost. If it was always guaranteed, then there would not be so much evidence to the contrary.

It's the YCombinator startup way: scale large enough so that you don't have to worry about customer complaints until they threaten to go public and generate enough press to cause real damage.

But in all seriousness, being a YCombinator startup is now a big red flag outside of the VC-funded bubble. My current employer, and the previous one, have strict no-YC policy for SaaS due to numerous issues with previous YC companies. And these are both tech-friendly/tech-adjacent companies.

It's even worse at stodgier companies; an executive sees "Stripe froze my payments" and that's what they remember when a Stripe salesman tries to pitch them on using stripe for their online store. Stripe is quickly becoming Google, in the bad way: it's a name people are learning to avoid, and if that hits critical mass they're dead.

This is the first I've heard about a "no-YC policy for SaaS" outside of my own employer (after three back-to-back horrible experiences) but glad to see it's catching on.

As executives and purchasing managers get more tech-aware I think we're going to see an increase in due diligence into who is running companies, who their investors are, what other companies they've invested in, etc. Brands like YC will end up getting punished (and all their portfolio companies, by extension) for the bad actors.

At which point YC will come up with an algorithm to evaluate companies and blackhol certain companies without warning or process and we'll see HN posts "YC just blackholes my business!" but on Reddit, since they won't be able to post here.
And the inevitable calls for HN to be made a public utility.
The problem is that Stripe has identified you as possibly being a fraudster. Any information that they give you about what they suspect and why is information that a real fraudster could use next time to try and evade the detection algorithms.

It is like this with virtually any security system. Adding feedback you can use for debugging also makes the system much easier to compromise.

How many fraudsters are maintaining a business relationship for 6 years? 6 years! And the OP doesn't even get a courtesy phone call before termination. That's messed up.
The answer is, "A lot more than you think."

One of the attacks that fraudsters have developed is to buy businesses to use their accounts for fraud. That going out with a fraudulent bang is better than trying to run a marginal business.

Ha! Clearnet exit scams. Kinda an obvious thing in retrospect. Of _course_ somebody was going to try it.
Part of what makes these situations so frustrating is that there's no due process, and there are significant ramifications to your livelihood. You aren't told what you're being accused of, you have no way to contest the allegation, and you might lose your entire business over a clerical mistake.
"Let the fires burn."

Onboarding new customers looks better and gets more funding than maintaining quality for existing customers, so they just don't care.

Welcome to the cloud! This is the kind of thing that happens when everyone follows the siren song of cloud computing. I certainly understand the draw of these offerings (access, easy configuration, scalability, low initial cost, etc.) but you are handing control of all your processes and data to a centralized entity who can jerk you around any time they want and doesn't have to account when they make a mistake.

The pendulum of centralized vs de-centralized architectures has been swinging full tilt in the direction of centralized for some time. It is stuff like this which will eventually swing it back the other way.

Is there a self-hosted payment gateway that just works?

I hear you about cloud dependencies, but this isn't one of those cases.

I wasn't suggesting that there are decentralized options for every cloud dependency that is viable today. I am just saying that it is issues like this one which will drive innovation toward solutions that do not require you to put your fate in the hands of some central authority.
Fair enough, payments (credit cards, in particular) is a particularly hard area to decentralize... or at least democratize a bit more.

I'd love for an open payment standard for p2p payments and individual-to-business/institution payments to become available so that individuals could establish their own connection point to a fair payment exchange network.

This will only come with regulation that forces it, though. See India's UPI system, for example.

From my experience it sounds like one of your clients or even you are considered for doing fraudulent transactions... a bank would do the same.