Stripe obviously records data around friendly fraud, (At minimum they implement Visa Compelling Evidence 3.0 https://support.stripe.com/questions/how-does-stripe-support... ) and since you did not include screenshots of the messages sent by Stripe support I suspect they were saying something carefully noncommittal and legally compliant to get you to go away, which then got spun into an outraged blog post.
There aren't any screenshots of conversations with Stripe support in the blog post, but I'm guessing one other reason is that support agents are incentivised to close tickets or end conversations as quickly as possible.
Just force 3d secure, as it shifts the liability to the customer's bank. Most people don't mind opening their banking app on the phone for confirming the transaction if they really want the product for itseprice.
if customer fraudulently claims to their bank that they haven’t received the product, the bank files a chargeback and 3DS does not protect the merchant against it.
I got hit with a fraudulent chargeback (claim was the purchase was unauthorized and the person showed up in person to a class) and it was doubly bad because they paid via Link which means that Stripe actively verified them via 2FA.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
> They told me they don’t use evidence of chargeback abuse from one merchant to create cross-merchant fraud signals, or to take action against the customer’s card, email, or other details for other merchants.
I'm surprised they were able to get Stripe to actually state all of this clearly. It's nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
I had a customer do something similar with a thousand-dollar product. They had signed for delivery and provided no evidence, but banks always side with the customer.
I'm no longer convinced those high trust societies will remain so. Every high trust society has been pushed to opened it's doors wide and the changes have been stark.
At this point I’m fairly convinced Stripe is Paypal 2.0, at least in spirit:
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
The customer screwed you over, and then their bank did too. Stripe didn't. I'm not sure why Stripe is getting blamed in the title and the article.
Yeah, maybe Stripe could do more without Radar, but I imagine it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint. Obviously a lot could go wrong with such an approach.
No, Stripe did. It is a common misconception that chargebacks are decided by the customer's bank. Actually, there is a multiple cycle back-and-forth process after which they are finally decided by _the network_.
I have worked in card issuing for years and I have seen various submissions by merchants I know that use Stripe where I _know_ that they have an absolute winning case under the network rules that Stripe refuse to contest.
Stripe have decided that fighting most chargebacks is not worth the money, probably becasue they can just pass the costs onto the merchants and let them eat them and the merchants will not go elsewhere.
That’s news to me. Stripe always presents it as if they’re simply a conduit and it’s all in the issuing bank’s hands. Do you have any links/info for learning more about it?
You can find copies of the Mastercard and Visa chargeback manuals online if you do a search, some of them (mildly redacted) from the networks themselves.
Genuinely not recognizing a charge is not fraud, as that to me requires intent (or at least gross negligence, e.g., something like "I'll just dispute everything I don't remember, and not make a particularly good effort to remember anything at all").
"Just fraud" is already taken for "criminal c uses unwitting cardholder a's card at unwitting merchant b", so what's your objection against "fiendly fraud"?
I am pretty convinced that friendly fraud is about 90% of chargebacks. I have seen some genuine fraud, but dwarfed by friendly fraud over time across 3 companies.
A friend of mine has a "1 dispute and your banned rule"... sounds like it could help in this situation. He'll catch wind of someone disputing they didn't receive a product he makes, despite his OCD with packaging, and gets a chargeback. He sits down each week with all the chargebacks he's gotten and bans them from future sales. It's not often but when he does, he complains about it when I see him.
Solid post. The key takeaway for me was Stripe admitting they won't use post-dispute evidence of friendly fraud to build cross-merchant signals in Radar. That, plus the customer literally bragging about it after winning the chargeback, shows how lopsided the system is against indie sellers. Thanks for sharing.
Yeah I didn’t really go into it, but I can imagine a bank prefers to take care of their own customer than about a small merchant. I’m definitely frustrated with the whole system. But I expected at least Stripe to try to protect its own customers (merchants).
I assume that this is basically just not worth pursuing for small-scale orders (e.g. $15ish for Ciglue), but for larger ones what are the reasonable approaches for scenarios that don't involve stolen card fraud?
Notably disputing a credit card charge is completely independent of whether someone owes the debt, the credit card is simply a convenient way for that payment to be handled. What's the point where other collection methods make sense? As an example, if you're consulting for someone and they pay you $x,xxx via card then charge it back, at least in most of the US I believe it's legal for you to do your own collection efforts and contact them repeatedly (this changes if you sell the debt and it's a third party attempting collections).
54 comments
[ 2.8 ms ] story [ 64.0 ms ] threadAs a rule of thumb, when you get a chargeback you need to completely ban the customer from your db. This includes:
- card ban - email address ban - fingerprint their access and ban
This will save you a lot of hassle when they try to signup/buy your product again and cause you the same amount of grief.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
I'm surprised they were able to get Stripe to actually state all of this clearly. It's nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
I'm not going to name those countries outright but you should never ever be launching globally until you have these safeguards in place.
Once you are known to be vulnerable to a certain scheme, it quickly becomes known in that region/country.
Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society.
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
Yeah, maybe Stripe could do more without Radar, but I imagine it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint. Obviously a lot could go wrong with such an approach.
I have worked in card issuing for years and I have seen various submissions by merchants I know that use Stripe where I _know_ that they have an absolute winning case under the network rules that Stripe refuse to contest.
Stripe have decided that fighting most chargebacks is not worth the money, probably becasue they can just pass the costs onto the merchants and let them eat them and the merchants will not go elsewhere.
"Friendly fraud" is accidental or with the correct intentions – such as the customer not recognising the charge and charging back.
"Just fraud" is already taken for "criminal c uses unwitting cardholder a's card at unwitting merchant b", so what's your objection against "fiendly fraud"?
How is it natural if DHL had proof of delivery.
Notably disputing a credit card charge is completely independent of whether someone owes the debt, the credit card is simply a convenient way for that payment to be handled. What's the point where other collection methods make sense? As an example, if you're consulting for someone and they pay you $x,xxx via card then charge it back, at least in most of the US I believe it's legal for you to do your own collection efforts and contact them repeatedly (this changes if you sell the debt and it's a third party attempting collections).