Stripe has decided to nuke my entire business
3 weeks ago, I woke up to a pissed off customer telling me her payments were broken. My startup uses Stripe Connect to accept payments on behalf of our clients, and when I looked into it, I found that Stripe had decided to deactivate her account. Reason listed: 'Other'.
Great.
I contact Stripe via chat, and I learn nothing. Frontline support says "we'll look into it." Days go by, still nothing. Meanwhile, this customer is losing a massive amount of business and suffering.
After a few days, my team and I go at them from as many angles as possible. We're on the phone, we're on Twitter, we're reaching out to connections who work there / used to work there, and of course, we reach out to patio11. All of these support channels give us nothing except "we've got a team looking into it". But Stripe's frontline seems to be prohibited from offering any other info, I assume for liability reasons. "We wouldn't want to accidentally tell you the reason this happened, and have it be a bad one."
We ask: 1. Why was this account flagged? "I don't have that information" 2. What can we do to get this fixed? "I don't have access to that information. 3. Who does? "I don't have access to that information" 4. What can you do about this? "I've escalated your case. It's being reviewed."
I should mention at this point that I've been running this business since 2016, my customers have been more or less the same since then, and I've had (back when it was apparently possible) several phone conversations with Stripe staff about my business model. They know exactly who our customers are and what services we offer, and have approved it as such.
After a week of templated email responses and endless anxiety, we finally got an email from Stripe letting us know that they had reviewed the account and reactivated it. We never got a reason for why any of this had happened, despite asking for one multiple times. Oh well, still good news right? Except nope, this was only the beginning.
This morning I woke up to an email that about 35% of my client accounts had been deactivated and were "Under review", the kicker here being that one of those accounts is the same one they already reviewed last week! This is either the work of incompetent staff or (more likely) a bad algorithm. No reasonable human could make this mistake after last week's drama.
So currently, my product doesn't work for 35% of my customers. Cue torrent of pissed off customer emails.
And the best part is, this time I have an email from Stripe this time: Apparently these accounts are being flagged, despite the notes on our file, and despite the review completed literally last week, as not in compliance with Stripe's ToS. They suggest that if I believe this was done in error, I should reach out to customer support. Oh, you mean the same customer support that can't give me literally any information at all other than "We have a team looking into it"? The same customer support that won't give me any estimates as to how long it's going to take to put this fire out? The same customer support that literally looked into this a week ago and found no issues!?
I feel like I'm going crazy over here. These accounts have hundreds of thousands of dollars in them being held hostage by an utterly incompetent team / algorithm that seems to lack any and all empathy for the havoc they wreak on businesses when they pull the rug out from under them with no warning, nor for the impact they have on customers when they all of a sudden lose all ability to make money. And all that for an account that has been using Stripe for nearly 7 years without issue!
This goes so far beyond...
704 comments
[ 3.1 ms ] story [ 394 ms ] threadAlso, a lobbying effort should be funded, to compel these companies by law to provide detailed feedback.
Go sue them. Also, cannot a class-action lawsuit be initiated against them? We already have many people going through such cases...?
Looks like they've already paid that penalty
And it looks like Stripe has been targeted by US State Attorneys frequently https://decrypt.co/42444/stripe-pays-120000-to-steer-clear-o.... So I can't fault them. They've got hundreds of thousands of irate algorithm victims that they're dealing with but those victims can't throw them in jail or seize their assets.
The real culprits here are the people trying to violate the TOS, plus everybody's desire for cheap services and easy onboarding. The historical alternative was very expensive setup (e.g., spend a few years building a relationship with your local bank branch manager and establishing a financial track record). Making it easy to get started means that most problems will show up down the road, and the lower merchant costs means less money to pay for smart people to carefully untangle the truly dodgy from accounts that just look that way.
I get that, but I don't see how actually telling people what term of service was violated gives too much leverage to the bad guys.
I have seen way to many stories about people claiming to have been banned for no reasons from services (online video games are a popular one) before it is revealed the ban was 100% legitimate, to take any new story like this at face value.
I made a mistake out of inexperience, was refused the chance to correct that mistake, and all of my PayPal accounts -- including my PERSONAL account that I had had for years -- were banned because they were started by a person (me) who had an account frozen or banned. Is that a legitimate enough story?
PayPal had banned me because I was under 18 when I opened my account, they then allowed me to open a new one (right after this one got suspended) and it has been working fine without any issue since then (10 years+).
Stop doing shady stuff.
If PayPal requires an SSN or EIN, why do they even allow you to create an account without one?
The guy can't keep his story straight for 3 lines on HackerNews, he is obviously doing stuff that he shouldn't and using his PayPal in a sketchy manner.
In most cases, you will not be given details if fraud is suspected. The reason being that companies don't want to tell fraudsters how they got caught.
It is also very common.
They can be proved to be incorrect, for exmpale if they refer into their own ToS, which is public information and binding. And then some legal expert says that this is not how it goes and it ends up into court, because customer sees risks being lower.
If they made a mistake or there was a software failure, it is bad PR.
If they ban someone for some specific reason but not someone else, there will be drama.
It is very beneficial to just say nothing.
One year ago this month, Twitter permanently suspended a 340,000-follower account for “repeated violations of our COVID-19 misinformation rules.” The owner of that account, the former New York Times reporter and vaccine skeptic Alex Berenson, responded with a lawsuit demanding reinstatement. . . .
. . . Earlier this summer, Twitter put Berenson’s account back online, noting that “the parties have come to a mutually acceptable resolution.” Berenson wasted little time in calling out mainstream media for failing to cover the “pathbreaking settlement” that led to his return. . . .
https://www.theatlantic.com/technology/archive/2022/08/alex-...
How many companies using Stripe have had multiple conversations about the TOS? I would guess it’s a minority. Not a topic anyone is usually excited to talk about.
They can determine up front if it violates the TOS
They can notify the customer of the SPECIFIC violation IN DETAIL, and what can be done to cure it, and provide time to do so.
They can deny access to the transaction instead of nuking the entire business for some algorithmic flag.
The Stripes and PayPals of the world do NONE of this. Instead, they act like they accept almost all businesses, get them dependent on that piece of infrastructure, then willfully trash the business on a whim.
I completely agree with you that how these companies handle these issues is completely wrong, if not fraudulent.
However, by a long series of deliberate actions, Stripe has made it irrelevant to the fact that they are now deliberately, unilaterally, and with zero notice whatsoever shutting down that biz' critical infrastructure.
They could have, and should have as a part of KYC compliance, already figured out what type of business it is. If they failed at that, then fine, give them 60 days notice to find other infrastructure. Stripe is taking its OWN FAILURE to properly vet their customers according to their own standards and dumping the consequences onto the ex-customers. Sorry, but unless we're talking actual provable international criminal/autocratic money-laundering, that's just wrong.
always read the fine print
Huh? Of course they do. Just one example:
https://www.paypal.com/us/smarthelp/article/what-is-paypal%E...
https://stripe.com/legal/restricted-businesses
> Guns, gunpowders, ammunitions, weapons, fireworks and other explosives. Peptides, research chemicals, and other toxic, flammable and radioactive materials
Why does the payment processor get to dictate whether I can run a defense ordnance company or run a scientific chemical supplies store?
Some of this stuff needs to be challenged in the court or regulated so that payment processor has no say whatsoever in whatever their belief system says about legitimacy of a business.
Because they have the legal right to do so? They could ban companies run by redheads, if they like. As long as they're not discriminating based on very specific sets of criteria established by law, they get to choose who they do business with.
The government requiring private citizenry to associate with everyone who wishes to associate with them seems like a very dark path to go down.
It is entirely legal in the United States to discriminate against redheads, or people whose names start with B, or Hacker News users, or people who enjoy skiing.
Under 29 CFR § 1606.1, national origin is defined as but not limited to: An individual's, or his or her ancestor's, place of origin; or because an individual has the physical, cultural or linguistic characteristics of a national origin group.
If a future Court ever decides hair color denotes national origin, fall back to a different example of your choosing; people with tattoos, Mac users, viola players.
Also, what's your evidence that some payment processors don't handle porn because of government pressure, rather than just natural market forces? I had a friend who did tech for a porn company, and from what he says, even a well-run porn company has much higher rates of chargebacks (e.g., next-day regrets and "no honey I don't know what that charge is") and fraud (stolen cards, fraudulent affiliate program participants).
Think about how they can accept 100+ currencies without a relationship with some dodgy central banks in developing countries.
There are absolutely items on that list for political reasons.
That is indeed the question. There is no way of knowing if the nature of the business is a factor unless you know that nature of the business.
For example, selling video game digital products like a strategy guide is benign, but gaming industry is ripe with fraud so most processors will give you shit if you're in the gaming niche, let alone (non-crypto) digital currencies, crypto, health products, non-snakeoil supplements, etc.
Source: I used to run adult websites which is considered 'high risk' and also these days responsible for overseeing 1M/m in CC processing for a state agency.
> They know exactly who our customers are and what services we offer, and have approved it as such.
which sounds like you offer services out of the ordinary.
It's not much to go on but it's all we have.
Creating a new account on here to potentially get support is just plain wrong, and needs dealing with IMO. Should never hit the front page.
Also consider that if the situation continues your pissed-off downstream customers will ID you sooner or later.
If for some reason Stripe wants to withdraw that support, they must give their reasons and a proper period for transition to another provider.
if it's egregious, I'm assuming someone from stripe could get in here and ask permission from the OP to explain to the community what happened?
I don't think your judgmental paranoia is founded.
https://www.reddit.com/r/paypal/
and
https://www.trustpilot.com/review/paypal.us
and
https://www.bloomberg.com/news/articles/2022-06-03/paypal-cu.... (which was attempted as a class action lawsuit)
The businesses were very not shady, and nowhere near morally controversial.
My impression from that piece and these stories is that Stripe is having some technical problems and it's wreaking havoc everywhere.
I wish I could remember the details better. They were focused on small business owners, retail mostly. I think they started out with an interview of someone with an interior design-related business.
Talk about the ultimate hypocrite.
https://news.ycombinator.com/item?id=30363800 (Feb 2022)
https://news.ycombinator.com/item?id=30106006 (Jan 2022)
https://news.ycombinator.com/item?id=30105990 (Jan 2022)
If you keep doing it, we're going to have to ban you, so if you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.
Consumer protection is "good, actually", and while a financially robust entity is always better served by having options and backups, it's reasonable to assume that those luxuries are not available to everyone and should thus not be the expected modus operandi of a standard enterprise.
Charitably, I'll assume you meant "you should have other methods, as backup", which is decent advice. It's just really shitty when you frame it as a default expectation that was "fucked up".
Betting the farm on Stripe should never be the modus operando of a 'standard enterprise' and thank god I have never worked with anyone in any position of power over money that shared your beliefs. That is just insanity.
So no, in no universe is it rational to believe that trusting a resource to deliver on their promises is, in any way, "fucking yourself". You're just projecting your paranoia onto others as a mechanism for rationalization. You have the privilege of living with backups, and pretend that it makes you more reasonable than others, because it boosts your ego while simultaneously satiating your paranoia. It's fine - I always carry a full sized spare tire in my compact car. Inconvenient and hardly used, sure. But it stifles my paranoia about the many times I've needed to ad-hoc replace a tire. And has saved me more trouble than I can quantify. That doesn't mean people who can't afford a full-sized spare are 'fucking themselves' by not prioritizing it over, say, other or less-costly needs. It just means that I have privileges they don't.
I'm sorry you felt insulted by my assumptions about you. I honestly assumed that a sober recitation of the obvious flaws in your framing would be enough to deflect what was a small amount of candid anger that you decided to parlay into self-aggrandizing "advice". Instead, I can see that I touched a nerve and only invoked more hatred from you. For that, I am truly sorry! I hope you get less hateful in the future as I will try to be more cautious of similar types of lashing out.
Yeah!
> all payments will transition to crypto based and self custody
But... but... you said...
However I acknowledge the issue with volatility (to be solved!).
Crypto is not at all decentralized.
This was a non-controversial opinion not long ago.
We have many such systems being developed, but you get downvoted on HN for promoting them, since people assume you are a scammer, a criminal, etc.
https://news.ycombinator.com/item?id=32715437
In the real world, there is no anonymous e-money that doesn't end up having to be laundered back into good old cash.
However, that’s different than a singular actor, but more importantly, nothing is stopping a counterforce from coming in and correcting that regime. It’s possible we may see email revert to a less centralized form over time as various people choose to prioritize working that problem (and can make headway, because of how email works.)
What people forget is interfacing with systems designed to operate in the real world is at best an abstraction over this difficulty and eventually it gets exposed for the mess it actually is.
There's definitely a space for 'digital cash', for sure, but consumers will prefer the former.
When it comes to money, there are just deeply inherent issues of dealing with fraud, spam, goods not delivered etc. etc.. which adds significant overhead to the whole system.
Most people playing above-above board don't have a problem.
Usually in these cases, it's because something semi-shady is being sold, and it usually contravenes one of the T&Cs of Stripe.
The OP here didn't tell us what line of business they were in.
This isn't a hard problem for technical reasons, it's all political. It's about preventing money laundering and trying to fight crime via financial instruments. But it also means any payment system that doesn't implement these restrictions will almost instantly be overrun by criminals because they are highly motivated to find ways of moving money.
Great, then let's change those laws.
Democratic systems won't change these laws because there is no popular support for change - there is a reasonably large 'law-and-order' and 'corruption-as-main-concern' voter demographic who strongly support these laws, and the niche of HN techies and libertarians who'd oppose them is insignificantly small in comparison; and authoritarian systems won't change these laws because their leadership supports them even more.
I understand the idealistic benefits of freedom of payments, however, the KYC/AML restrictions are there for valid reasons that simply have much more magnitude of importance (for example, the scale of corruption and its social harm is so big that even a slight decrease in that due to KYC/AML enforcement far outweighs all the current social costs of KYC/AML) and removing them would mean that in aggregate the bad guys have won. I'm not saying that you're a bad guy, but you are an "ally of convenience" to them as achieving your position would let the bad guys win and I would consider it immoral to allow that.
We definitely should strive for better, more accurate AML/KYC implementations that have less impact on legitimate trade. But arguing for removing AML/KYC just because of that is effectively throwing out the baby with the bathwater.
There are clearly problems at Stripe. But this kind human is not one of them.
After all, they have a track record of screwing you over again, after fixing and checking your account. Whatever triggered that could do it again when you least expect it, despite Edwin's good work. Probably the triggers haven't changed as you are still running the same business.
(Like several other commenters, I was thinking of using Stripe as a main payment processor before seeing this article because of their great API, documentation, test mode and ease of setup. They seemed like a good choice, but I had wrongly assumed they were reasonable and reliable and if there were issues they could be resolved; that I didn't need to worry about Stripe being shady themselves. Now I've learned Stripe is like the Paypal of old when it comes to killing a business abruptly with no warning or recourse. That's so severe it cancels out every benefit and feature. With much disappointment I now feel it will be necessary to evaluate other services instead.)
.. and then it would become a bit unmanageable for 'edwin', and then they would have to create support@stripe.com or whatever (like literally every other company on earth) and set up an appropriate way of dealing with customer complaints.
For example, a few weeks ago the founder of Tailwind tweeted [0] about how Stripe had shut down their account when they were set to launch the Tailwind Job Board, despite many other job boards also using Stripe and there being no obvious increased risk. Any rational person would protest the fact that Stripe does not approve of this business.
Compare that to what I've seen on various Facebook groups about Stripe shutting down accounts. People aren't descriptive about what exactly they're selling and it usually boils down to "coaching" or some other gray area.
[0] https://twitter.com/adamwathan/status/1550092016242946049
How is "coaching" an obvious gray area?
Looks like this erroneous holds/deactivations are costing Stripe real business.
Just like here. We have those "Stripe shut me down" posts on HN regularly.
Oh look! 49 days ago: https://news.ycombinator.com/item?id=32263421
ETA: Either the site all together or as an individual coach on the platform.
I think of myself as a fairly rational person, and I don't see the issue. Would you mind spelling out whatever you're trying to imply?
Then Stripe can FORKING SAY SO UP FRONT.
And those businesses can grumble but go elsewhere
Implying that you are happy to take on responsibility for infrastructure of someone's business, then unilaterally and without notice or opportunity to cure any issue, is pretty much tantamount to theft. Stripe in this case appears to be accepting money, then failing to provide service, and in this case is even holding onto money paid to their customers. This causes a lot more damage to others than it does to Stripe.
I don't like externalizing problems to other parties as a business model.
You just described the entire gig economy
I guess I'm not rational. What's the issue with running a job board and charging for posts through Stripe?
The risk profiles are different. That is only thing the payment processor cares about, same reason why adult services get shunned. Not because they are puritans, it is because of risk of frauds and chargebacks etc are much higher .
Coaching is a service unlike Tailwind the software that can varying success and satisfaction levels customers probably do higher chargebacks and stripe's automated systems or low level staff with a playbook likely rejected it until someone senior got to see the bad press and got it fixed.
"Hi, we've noticed an increase of frauds/chargebacks on your account so we have taken X action"
That also doesn't really explain why long-standing, established customer accounts were frozen with this particular business.
It's incredible to me that despite the sheer size of these companies, and the enormous number of customers from all over the world, that there's a place you can go and get someone who will pay personal attention to your issue.
Kudos Edwin.
Email Edwin and also reply to their comment on HN conveying the high level summary of what you think is going on with your account.
Normal Stripe support reps seem to stick to the script no matter what. Edwin has fixed edge cases for HN users in the past thankfully.
https://twitter.com/patrickc/status/1550136569482252289
""What is happening?" => basically, a major uptick in attempted fraud over the first half of this year that necessitated making our systems stricter. But have an idea for a structural fix here. More soon. (DM me if you've had problems on this front.)"
The DM part may only apply to the high profile person he's responding to. :-)
How can any founder rely on Stripe, much less recommend the platform, if you need to have a backup system in place “just in case”.
Genuinely can't tell what you're suggesting the business model problem is with Tailwind Jobs?
According to the CEO at Stripe, the issue with the Tailwind example you listed was "a major uptick in attempted fraud over the first half of this year that necessitated making our systems stricter. But have an idea for a structural fix here. More soon." And then Tailwind Jobs was reactivated.
They're saying the opposite. Paraphrased, "any rational person could see that Tailwind Jobs is a legit business and that it's wrong for Stripe to shut them down".
"The issue" in the sentence you quoted is referring to Stripe's behavior, not Tailwind Job's business model.
What possible benefit could there be to anyone in "golly gee, who could possibly know?" vs. "It's because you're selling cannabis to Iran, stupid"?
My guess is that it's because most people aren't selling cannabis to Iran, and the Real Problem is the liability they [Stripe, et al] would be exposed to if they admitted their billion-dollar system (and/or call center employees) can't distinguish between Cuba and a cubano.
If this company sells T-shirts or something, then Stripe may have acted improperly. If they sell cannabis, then Stripe would have acted as the law requires, as everyone in that industry knows perfectly well. So it's pretty relevant information, and HN readers deserve to have the information they need to make informed decisions. There are plenty of other places online for uninformed outrage bait.
There aren't though. People come to HN to complain about getting fucked over by YC companies because it's basically the only place people will get a response. I'm not saying all, or even most, complaints are valid. But your immediately siding with the YC company just shows your bias, which is expected since you're literally invested in the company.
Regardless of whether or not Stripe is legally in the right, their customer support is absolutely abysmal. And the problem is that this is clearly a trend with YC companies and the fact that people have to vent about it on HN so frequently, and with such fanfare, says a lot.
I mean I love supporting startups, and YC, but Stripe has a $100b or whatever valuation... They'll be cool.
>So currently, my product doesn't work for 35% of my customers. Cue torrent of pissed off customer emails.
Okay? You should have always had a plan for this bc its bound to happen eventually. Switch them to a new merchant or drop them as clients and take the heat. The cost of just being a middleman.
Yes because that is so simple and there are so many competitors that provide the same level of service /s. Also there is no guarantee anyone else in this space is better than Stripe (when it comes to customer service). I can tell you the company I attempted to switch to had terrible docs, a bad API, horrible support, oh, and their shit just didn't work randomly. This is not clear-cut or simple.
> You should have always had a plan for this bc its bound to happen eventually.
Throw some victim blaming in as well for good measure.
> The cost of just being a middleman.
Middleman, aka providing a platform that uses payments? That's what we are calling a "middleman" now?
There are more and more Stripe horror stories like this, and from an outsider perspective it looks awfully like PayPal behaved back in the day (probably still does but I'd never touch it again as a merchant).
I have positive experiences with using Stripe in my last startup and we're currently building Stripe integration on another, which will process about 50% of our revenue (the other payment method being direct wire transfer).
There might be just a tiny minority of people that end up treated like this, but with every story, I'm less confident about our move.
yeah, im sure its a minority of accounts at stripe, but seriously, do not take the chance!
Op speaks of calling and emailing and reaching out … instead, pay your lawyer 30 minutes and have the letter hand delivered to their legal department.
I can’t predict what will happen but it won’t be ignored.
But I seriously ask anyone, how important is processing payments to you? what do you suspect the chances are? would you prefer to go through a bit more hoops upfront with a non-stripe alternative, or roll a 1/100 or even 1/10000 dice that one day you're just gonna be royally screwed over?
I have seen it happen very close, so I know my choice. It always "only" happens to other people... until it happens to you. Its easy to say "yeah.. they were doing shady things, I dont", but when the algorithmic gods determine you to be shady, no mere mortal, except perhaps a couple of very influential people lurking HN(cough edwin cough) will do anything. Will you catch his eye? is it worth the risk?
ANYTHING you depend on, spend serious serious time doing vetting, making sure its proper, and I would say, for the love of god, make it someone you could go visit physically.
Stripe abstracts away a lot of the complexities involved in the payment and banking world, but there's a ton of infrastructure there related to detecting fraud and money laundering. Unfortunately, the lack of transparency makes what might be a leaky abstraction look like a Kafkaesque bureaucratic nightmare.
Palantir came out of Paypal fraud detection
https://thehustle.co/%F0%9F%92%B3-how-paypal-fraud-made-pala...
Side note: the cryptocurrency shills in this thread are pathetic.
It's an arms race with fraudsters that eventually sucks in legitimate businesses.
As much as I hate government intervention in business, it really seems like there needs to be a way to force companies to actually be direct, accessible, and reactive in cases like this. I went through something similar with Venmo randomly locking my account after I received a large-ish payment, and not getting any real action or sense of urgency on their side.
That's what SLAs/contracts are for.
I still love them. That issue aside they allow me to have a personal and business account in multiple currencies, and don't screw me on the exchange rates.
Depending on amounts, small claims in the US might be viable.
This. This is a common tune to about 100% of "BigSomething killed my business" stories that appear on HN almost weekly. If you go to BigSomething, you get a polished, automated, convenient, cheap service that would not hesitate to kill you account the moment something looks wrong to any of the robots watching it, and the customer support (the non-robotic kind, I don't count "we are working on it" auto-replies) is not part of the package because it doesn't scale. You have to either accept this as the risk for doing business, or not use BigSomething as you primary or critical vendor.
Government has made entry to this space hard which is why there aren't enough competitors, so they're really the source of the problem.
Others (adult services) are not due to government regulations, they are there simply there because banks don't want to deal with chargebacks.
Except the operationalization of those rules is: here are some vague guidelines that you have to follow, and if we don't like you we'll retroactively decide you were committing a crime even if you followed those guidelines to the letter. See HSBC for a case in point.
No, that's wrong. Firstly, as others have pointed out, society long predates any such notions.
Secondly, determining what is illegal activity, and putting a stop to it, is ostensibly the job of law enforcement and the courts, not the bank.
I assume the government didn't want to put all the work in of making sure the currency they've societally coerced the world to use isn't being used for fraudulent transactions, they'd rather pawn it off onto the banks because it's easier for the government to not do anything about it.
Now the banks have been shooting anything and everything that has even a semblance of fraud with account locks/funds freezing/etc., because if they don't the government will go after them.
How does this system make any sense to anybody? So frustrating. Let me exchange currency with anybody for any reason at any time.
Stripe and other companies are doing their best, but they are in an arms race with more and more elaborate fraudsters. At planet scale.
This would be the same as saying: I want zero car accidents on the road, so I'll scale the police headcount linearly with the number of reckless drivers.
Even if it is government under the hood you have to know what you're accused of. Not American so I doubt the US political system is interested in hearing from me, but I agree that's the only way of solving the deeper AML problems.
This is exactly why the whole process is suspect. The government farms out the policing of certain financial crimes onto the financial institutions as a prerequisite for operating the business. If the government came along and froze your bank account you’d have a right to ask why and a right to get some answers. But instead the government pawns the responsibility off onto businesses and then prohibits those businesses from telling you why.
And so the BSA and Patriot Act effectively allow the government to take your property and take away your right to confront the government about why they took your property. And it’s all on merely a vague suspicion of misconduct. No proof whatsoever.
I can’t help but laugh at the irony— the federal government laundering their otherwise unconstitutional activities through the banks.
You think AML/KYC laws, as they currently exist, are unconstitutional?
edit:
That's a fine position to have, but it's a fringe one, and I don't think you should be offering it as a reason why Stripe does what it does that's generally accepted by everyone else.
I'm curious as to why you think that? Is this a way way more common thing than I expect? Or is "My startup uses Stripe Connect to accept payments on behalf of our clients" a raging red AML flag I don't recognise (I've never done that, so it could easily be)?
The thing with SARs is that they tend to be cascading as OP described. So if I (innocently and totally coincidentally) do a transaction with someone who has been flagged for suspicious activity my account might now be flagged as “higher risk” for suspicious activity and will be monitored more closely.
And, if they decide they’ve found suspicious activity in my account then everyone who does business with me is at risk of having their accounts flagged as “higher risk” for closer monitoring and so on.
And the bank isn’t allowed to tip anyone off because if any of those accounts are actually laundering money they might suddenly withdraw it and then the “lead” from the SAR is moot. It’s actually a crime to notify someone about the suspicious transaction(s). Which is why you get stonewalled.
What law do you think forbids this? In my experience running global payments through multiple rails, on an OFAC/risk ping you typically get a request for enhanced due diligence, which normally looks to the payee like “send me a picture of your drivers license”.
The most common result is that O Bin Laden (matching the OFAC list) is actually Oscar bin Laden; with further info you disambiguate the payee from the OFAC listed entity and are allowed to transact.
I have never encountered a reg that says you are obliged to ghost your customer.
edit: As I re-read the thread I see that I am thinking more of onboarding KYC, as opposed to this case which would be ongoing-activity investigation. So that would explain the difference in expectations here. Still interested in learning more about the regs for ongoing investigations if you have time to share!
For anyone following along, text at https://www.fincen.gov/resources/statutes-and-regulations/ba... > https://www.govinfo.gov/content/pkg/USCODE-2020-title31/pdf/....
This is for SARs (Suspicious Activity Reports). (At least, that's the one I've encountered before, there may be other forms too).
I would bet that 99.9% of the Stripe (and Paypal) horror stories that get posted almost weekly are _not_ federal money laundering or terrorism financing investigations with legal secrecy provisions imposed on the payment processor.
If anything, I would bet that regulators would be concerned about the fact that companies such as Stripe have triggered a race to the bottom whereby underwriting has become an after-the-fact exercise that can severely damage and/or kill a high-growth SME. The old way, where you filled out a ton of paperwork, provided every bit of information possible about you and your business, and then went back and forth with a human to get approval, was a much more stable way to business. But alas, when you've got former bank governors on your payroll and political mega-PAC donors on your cap table, people don't scrutinize very much.
See https://www.lawsociety.org.uk/topics/anti-money-laundering/t...
I do some payments that are ridiculously suspect but legal.
I have never been completely blackholed and given robot responses, any time a problem comes up.
Stripe is lower margin than other banks/payment providers, so they don't look very hard.
They have a very strong incentive to throw away troublesome customers, which they do.
I don't think it's right to say Stripe's "hands are tied".
They could spend more to identify false positives, but they don't.
If I used Stripe for all of my transactions I would be blocked. I know this because I have 100% confirmed this from an inside source at Stripe and at a countries central bank.
Yet somehow I have and continue to maintain accounts with other banks without breaking the law.
(Obviously it’s quite difficult to know the ratio of cases like these involving government investigations and those involving their own internal risk procedures.)
The issue most people in this thread are talking about exists in the almost. If it was always guaranteed, then there would not be so much evidence to the contrary.
But in all seriousness, being a YCombinator startup is now a big red flag outside of the VC-funded bubble. My current employer, and the previous one, have strict no-YC policy for SaaS due to numerous issues with previous YC companies. And these are both tech-friendly/tech-adjacent companies.
It's even worse at stodgier companies; an executive sees "Stripe froze my payments" and that's what they remember when a Stripe salesman tries to pitch them on using stripe for their online store. Stripe is quickly becoming Google, in the bad way: it's a name people are learning to avoid, and if that hits critical mass they're dead.
As executives and purchasing managers get more tech-aware I think we're going to see an increase in due diligence into who is running companies, who their investors are, what other companies they've invested in, etc. Brands like YC will end up getting punished (and all their portfolio companies, by extension) for the bad actors.
It is like this with virtually any security system. Adding feedback you can use for debugging also makes the system much easier to compromise.
One of the attacks that fraudsters have developed is to buy businesses to use their accounts for fraud. That going out with a fraudulent bang is better than trying to run a marginal business.
Onboarding new customers looks better and gets more funding than maintaining quality for existing customers, so they just don't care.
The pendulum of centralized vs de-centralized architectures has been swinging full tilt in the direction of centralized for some time. It is stuff like this which will eventually swing it back the other way.
I hear you about cloud dependencies, but this isn't one of those cases.
I'd love for an open payment standard for p2p payments and individual-to-business/institution payments to become available so that individuals could establish their own connection point to a fair payment exchange network.
This will only come with regulation that forces it, though. See India's UPI system, for example.