68 comments

[ 1.6 ms ] story [ 102 ms ] thread
Let this be another lesson of relying on third party software completely.
What exactly do you think the alternative is?

If you want to accept payments online, you need to do so through a credit card processor. There is no "self-hosted" alternative.

> What exactly do you think the alternative is?

crypto?

I was able to send the USDC stablecoin to a business accepting crypto with Coinbase Commerce just fine and transaction was very quick.

I can see that even Stripe is getting involved in crypto as well.

So your solution for not using a third-party is to use a different third party?
What is wrong with accepting USDC?

Anyone can accept it, individuals, and even third parties.

People blame crypto for many things but at least crypto is not monopolized and you don't need the approval of a third party to use crypto to pay.
But what if they want customers to buy things?
They can buy things? Shopify, Woocommerce has integrations for this, this isn't really an issue.
They are blocked by MATCH. They will be banned from all of those as well.
What has MATCH got to do with crypto?

Do you have any evidence for this claim?

Good luck trying to turn that USDC back into dollars without significant tax implications, and definitely good luck trying to get your customers to use USDC instead of a credit card
> ...good luck trying to get your customers to use USDC instead of a credit card

It's already happening and Stripe, Coinbase, Stellar, Shopify, Woocommerce, and Moneygram are already using USDC in the real world.

No my point is not to rely on a single third party completely
If they’ve been add to MATCH (card provider blocklist) they won’t be getting service from any other third parties now.
These smarmy toldyouso comments always appear on these kinds of issues but the "third party software" here is... the global financial system. Stripe booted them because the credit card networks booted them because the US legal system booted them for dealing in illegal transactions. There isn't really an alternative to the root cause here. (Unless you're a bitcoin zealot in which case spare me.)
Developer of Hacki - a Hacker News client: https://github.com/Livinglist/Hacki

This you?

Unfortunately they are relying on the iOS app store to distribute their app, so safe to say they won't be around much longer due to third-party services etc etc.
If user don’t want to access the iOS App Store they can build the app themselves, I don’t really see what’s your counter argument here. The point I’m making is do not rely on any third party service completely
Says the guy who didn’t write his own operating system.
(comment deleted)
It seems a little unfair to blame Stripe here. Per their communication, the site has been assessed as selling illegal merchandise and is subject to a $425k fine by the payment card issuers, despite Stripe's efforts to dispute the issue on behalf of their client. It's not clear to me whether this is the first that Flurly has heard about the issue or represents the last stage of an ongoing story, which Flurly's users were unaware of until now.
FWIW, the site mentioned by Flurly (newsawp.com) looks like a dressed-up web spam tool. And that's assuming that it wasn't a front for something else.
Stripe is on the hook for that $425k as well because it is their merchant account use to process transactions. If they don't pay it, card brands will cut them off.

This why stripe is quick to ban merchants.

If the linked post is truthful, the issue here is the absolute opacity of the process and the fact that this "assessment" by the credit card network (I notice you used the passive voice "been assessed" - why?) seems very questionable.

I would certainly not trust stripe to effectively "dispute the issue on behalf of their client", based on experiences some of my friends have had with stripe. More likely, stripe just folded instantly upon receiving some automated nastygram from the CC issuer.

It's in stripe's best interest to fight the fine. Why would you think they would prefer to pay the networks and collect the fine from a merchant?
The opacity is by design. Fraudsters will use every bit of available information to make their businesses appear legit.

Having worked at Stripe (though not in risk), I'd wager that Stripe did not "fold instantly" for a 425k fine. It's unfortunate, but the OP is the one who made a costly mistake when they grandfathered existing accounts into a setup they knew had liabilities.

Is Flurly literally a front end for users to sell whatever products they want via stripe? Lol
I was pleasantly surprised at both of the emails they posted from Stripe. They seem to be more informational than similar situations in the past.

It's still a crap situation for Flurly and their customers, but if newsawp wasn't scammy or breaching credit card issuers' terms, then blame lies with whichever credit card company forced Stripe to take action, and if newsawp was behaving badly, then blame lies with Flurly for not doing a better job of vetting their merchants.

Yeah, it sounds like Flurly was shut down by Visa/Mastercard, not Stripe.
(Edwin from Stripe here.) This is a really unfortunate situation. I can't talk specifics since it's a regulatory/legal matter and the decision wasn't up to us. But as others have pointed out, Stripe Connect should be used if you're building a marketplace. This gives the marketplace owner, Stripe, and the card networks some visibility into what's being exchanged—and so the marketplace owner can put proper safeguards in place to keep the marketplace safe, for both sellers and their customers. I'm saddened by what happened and I hope this does not deter JR from building future products.
It is so weird to see multiple typos in form emails sent to Stripe customers.

https://flurly.com/images/stripe-email-1.png

Seriously, does anyone proof read this stuff?

Agreed. It makes me suspect something fishy about the whole thing.
On the bright side, you know you're at least dealing with a human.
TLDR: Use Stripe Connect if you build a marketplace.
Stripe strikes back and shuts down yet another startup.

Let this be a lesson to all about why you should not rely on one payment gateway. Stripe is certainly not your friend and never has been and this should be a wake up call to use more than one gateway.

This won't be the last and no-one should be surprised to see Stripe do this. As usual, we now wait for Stripe support to respond here on Hacker News.

Or, you know, don’t sell illegal merchandise in a very public and traceable way?
This seems like a decision passed down from the card networks through stripe. Multiple gateways wouldn't necessarily help here.
There's a spelling error in the mail from stripe: 'some information abotu'
So it was probably authored by a human rather than ChatGPT.
There’s another typo further down: ‘in roder’
This makes me consider using cryptocurrency for payments on my SaaS. The one I am most familiar with is not popular (instant downvote on HN) so I won't mention it.

But anyway with a cryptocurrency, at least I know that no one is going to "shut down my account" or some nonsense like that.

I’m assuming this is brilliant humor and not actually proposing crypto as safer for merchants. At least with Stripe you don’t have to worry about someone shutting down your currency.
I don't think it is possible to be shut down if you only accept a few established coins like BTC/ETH.
Parent implied some fringe coin. But even BTc you have to worry about your custodial wallet.
Should’ve just forced everyone into Stripe Connect
The weirdest thing to me is that this is happening though emails. Are there also account reps or something that call and discuss with customers? Business is business and I understand from the post that this appears to be out of Stripe's hands and consistent with agreed upon terms. It's still pretty weird to me to communicate it in a form looking email message though. I would personally not want to trust large amounts of money with a company that sends me existentially bad news this way.
How else? Calls? What if no-one picks up?

Mail? How do ensure it gets to the person needed?

Email is basically the fastest way to spread the knowledge that they are REQUIRED by their providers to shut you down.

Flurly’s selling point was dramatically lower fees compared to Gumroad. Unfortunately the take rate isn’t sustainable to run a marketplace that does things like vet sellers - the products sold on Flurly all seemed like spam/scams -wasn’t surprising to see Stripe shut it down.

If I remember correctly Flurly did $500kish in sales over maybe 6months? Sounds great but the take was only 1%. That’s $5000usd over 6 months. Not a sustainable model.

From the original Show HN[1] a commenter wrote:

""" As an intermediary in 2020, you're likely to see a lot of people target you in various ways because they don't like things that people are using your platform for. They may threaten you with lawsuits, complaints to law enforcement, boycotts, DDoS, trying to get your payment relationships cut off, trying to get your other platform providers to cut you off, etc. If your platform has a high profile or is used to sell something high-profile, journalists and politicians may publicly second-guess your content decisions (both things that you did remove and things that you didn't remove).

I don't want to alarm you about this, but it would be nice if you could figure out any content and moderation policies ahead of time, explain them clearly to prospective sellers, and then see if you can stick to them when other people disagree with them. """

Seems a bit prophetic - at least for the need for content moderation policies (and maybe not so much grandfathering)

[1] https://news.ycombinator.com/item?id=25482168

Heh, and similarly:

> I don't have digital content to sell, so I have no stake here whatsoever, but this response seems concerning. I have no problem with startups building a functional prototype without getting an army of lawyers involved. But you should then have a good gut sense that you're doing something that's pretty safe. This business model, as broad as it's positioned, clearly isn't. How can that ever be so much of an afterthought as here demonstrated? Does that also mean that the pricing is based on not factoring in the risk (penalties, legal costs) of selling copyrighted or restricted materials? Does it factor in the moderation that needs to happen?

-- https://news.ycombinator.com/item?id=25485294

Those clients weren’t “grandfathered”. You were processing payments for sketchy businesses that couldn’t possibly pass Stripe’s onboarding process through Connect under your merchant id. This payment aggregation is, of course, against card network rules so you got fined and placed on MATCH.
Ooh, interesting point. I can't find Newsawp listed anywhere on archived copies of Flurly's "discover" page, e.g.

https://web.archive.org/web/20221208201631/https://flurly.co...

But there are some incredibly suspicious "products" listed, like "Creditcardpayment", which makes me suspect that some clients were using Flurly as a generic payment gateway, or that Flurly was processing other payments under the table.

You'd think if people were selling illegal products they'd be a little more subtle with their product descriptions? Might as well write "definitely drugs, 1.5 grams".
MATCH, for those outside the industry, is run by Mastercard as deny list, which means NO credit card processor is allowed to take you on as a merchant. It stands for Member Alert to Control High-Risk Merchants, and if you get on this list, you can't accept credit cards for five years.
Thank you for the explanation of what MATCH is, I guessed something similar but had no idea about the five year rule.
Does Stripe really have so many spelling errors in their e-mail comms?
I don't understand. Didn't he use Stripe Connect? All the accounts are then siloed out and have to pass KYC. Is it just because he let them keep selling knowing full well that they are doing something sketch?
From the Stripe response upthread, it sounds like they weren't using Connect, just vanilla Stripe.
(comment deleted)
In Flurly's blog post, Flurly said the legacy payouts used stripe connect and other methods. And from Stripe (Edwin's) reply above, it sounds like Edwin is implying that this particular situation did not use Stripe connect.