Stripe Is the New PayPal
I am only writing this post because Stripe are not responding to my emails.
I started using Stripe last month and everything was going smoothly. However, this week they sent me an email saying:
"Stripe provides a service between banks and our users. In order to provide service to our users, we are urged by our banking partners to keep an eye on all accounts that sign up for our services. We've noticed that you have processed charges that seem to be unauthorized--in order to make charges with credit and debit cards, the owner of the card must consent to the charge. Charges on your account do seem to lack this consent, which unfortunately means that we will no longer be able to offer service"
This makes no sense as I have had hundreds of payments and not a single payment has been disputed. So how could it be true that the payments are unauthorised? I have sent Stripe emails explaining this and they will not respond.
I am very disappointed. As a member of this community I assumed Stripe would treat developers making a living online with a little more respect. I plan to write a lengthy blog post explaining this in more depth.
Update: I am currently in contact with Stripe CEO over email. He is dealing with the issue. I will keep everyone updated.
328 comments
[ 9.1 ms ] story [ 208 ms ] threadhttps://en.wikipedia.org/wiki/Halo_effect
It is kind of sad that the support isn't more expedited for things like this.
Seems like more and more people are turning to HN in order to get visibility and get their Stripe problems resolved. That is quite unfortunate...
I upvoted for visibility, as I know how frustrating it is to deal with payment processors, especially when your living / business depends on it.
Stolen cards, for instance, which may be more likely to happen in some industries than others.
While I understand the need for ambiguity with respect to your business operations, this post is too vague to give any understanding as to why Stripe blocked your account.
Once you have a card you can absolutely take arbitrary amounts of money from it, and this appears to be their suggestion. It could well be that they are using (purposely) vague wording that confuses people about their charging structure (in one off payments or subscriptions) which generates complaints to banks and then Stripe have to deal with it. Or it could be a big misunderstanding Stripe side and they have done nothing wrong. I have an opinion on which one I think is most likely.
https://stripe.com/docs/api#capture_charge
Charities also have huge problems with CC fraud, as they're seen as an easy target to test card details against before making the "full" purchase elsewhere:
http://www.bankinfosecurity.com/stolen-cards-tested-on-chari...
They get upset about it anyway, because Visa/MC mandates it. A reversal ratio above ~1% threatens Stripe's ability to act as a processor. A bit of Googling will turn up plenty of people with terminated accounts for excessive chargebacks, just the same as any credit card processor.
Actually, you do. In many cases, fraud follows a pattern. If you're a merchant, and you're getting a lot of fraudulent charges, you'll often get into a discussion with your upstream processor's fraud department about the details and how to mitigate it. I don't work in payments anymore, but as an example of how this works, I was talking a few weeks ago with a merchant who does tens of millions gross every year, but also faces five digits of fraudulent transactions. They sell car parts, so it's quite easy to buy one or two things for a lot of money. While working with their processor, they discovered that a significant amount of fraud was coming from two cities. And not just two cities, but two neighborhoods. And not just two neighborhoods, but two streets.
They simply reject any transaction from that street before even sending things to the processor, and now they're saving tens of thousands of dollars a year.
Preventing fraud is the most difficult part of payment processing; are they outsourcing it to the merchants?
You know your customers and business better than anyone, even your own upstream.
Engineering support is great and responsive through IRC but, stripe engineering staff there just shrug if you ask a business question.
Honestly, right or wrong - I've seen very few 'startups' really grok effective customer service (I realize I'm over generalizing). Yes, a good Knowledge Base/FAQ and ticketing/email system is important - but you need a phone number, you need a call center probably too (even if its only 2-5 people answering the phone) - you need more than email and ticketing - most technology is complex enough that you need a person to talk to over the phone to hold your customers hands - IMO - this is even doubled for anything that need to integrate with your systems or has a device on your premises, but is also applicable to a complex web service - I strongly believe it drives long term customer retention and eases on boarding.
I'll point out as to why I believe this - outside of the technology hubs, the folks with money are not the 'internet native' generation, they're older and less comfortable with technology then we are.
Yes, collapsing the confusing levels of this process is certainly worth something.
If I'm wrong, I want the name of your merchant processor!
Visa interchange fees: http://usa.visa.com/download/merchants/Visa-USA-Interchange-...
A screenshot of a transaction report at my processor: http://i.imgur.com/fSycwUS.png
Feel free to e-mail me if you'd like any other clarification or information. It's in my profile.
I suppose it's (only partially) balanced by the higher AMEX, etc fees.
I always hear, but never believed, that businesses supposedly appreciate stable fees. After having several businesses I know I much prefer lower fees.
I'm guessing a service like Stripe has plenty of customers in B2C markets, where selling something for $10 is hardly unusual. At that price, they are only making a few cents on the transaction in revenues (not profits).
Obviously on a $100 transaction the figures work out much better for them.
I think Stripe also still charge the same rate for all card types, but behind the scenes they are probably paying significantly higher rates to some card networks than others.
Commercially, of course a big customer is more valuable in isolation than a little customer, and while it's unfortunate if you're the little guy, it's understandable that a business might prioritise supporting its larger customers first.
But even if a little customer is only running a microbusiness on the side -- and as we learned during the EU VAT discussions a few months ago, there are very many such businesses on-line -- it's still going to be a big problem for them if a payment service kicks them off for a 1% chargeback rate. That literally means a single chargeback within several years in the example given, and given the randomness of the chargeback process at the best of times, that could easily result from an accident and not be corrected because the customer's bank doesn't handle it well.
Similarly, the little business might only be doing a few thousand a year in revenues, but if a service is failing to collect 10-20% of their transactions every month for unspecified reasons (and, for subscription business models, probably terminating the entire subscription in practice as a result) then that's still a huge level of attrition as a proportion of their modest income.
I suspect the danger for Stripe lies not in losing the odd small customer, or even necessarily in the cumulative damage if they lose a few small customers the same way before fixing a problem, but in the damage to their reputation that any individual case may cause even if the customer does not go posting about it on HN, Twitter, #stripe, etc.
For example, today I only have one business that is taking money on-line via this kind of payment service, and it's a relatively small one. Losing us as a customer wouldn't exactly show up as a footnote in the payment service's next financial statement.
On the other hand, I have another business that develops systems for clients who may need payment processing in some cases, and often a client will follow your lead if you recommend a service for something and they don't know any better or have other preferences. Similarly, I know a lot of other local business people through work and socially, and through a chance discussion over a drink I once helped a business several orders of magnitude larger to find and ultimately switch to a different payment service.
I'm always happy to recognise good service and positive experiences. Usually everybody involved wins from such discussions, and I imagine that word-of-mouth advocacy is quite a big factor in the early growth of many on-line services. The downside is that presumably someone in a similar position who hadn't enjoyed the same positive outcomes that I have seen would not have made those same recommendations, and that would have cost one payment service a very noticeable amount of revenue in cases like the one I mentioned above.
So I guess it's inherently a tricky thing to balance support and management overheads between larger and smaller customers if you're in the kind of business where your main target audience is knowledgeable and probably technical people. Big customers generate revenues right now, but small customers might not only become big customers themselves but also refer other potential customers, and you probably have a lot more small customers who can make or break your reputation than large ones who don't really care about your reputation anyway.
Notwithstanding Stripe's SaaS-y "all pricing and deals are public" branding, they definitely have a BD team who can set you up with more direct contacts for certain types of questions, different rates than are publicly posted, and APIs that aren't public (to name a few things).
Surely you jest. There are hundreds of online MSPs out there. Braintree, Authorize.net, etc.
When you send an email to support@stripe.com (or any of the public email addresses they put on blog posts), it goes to Uservoice. Then it gets triaged, depending on the severity of the ticket, if it falls into account or developer related support it gets assigned into a queue (at times it gets put in the wrong queue and then has to get reassigned). But long story short there is a system.
Phone support is also being worked on were told.
That said I do love Stripe but I do agree that support needs to be fixed, though I may have a bias as I see a much higher percentage of upset users than most.
https://stripe.com/docs/api#disputes
See: https://stripe.com/help/disputes-overview
A ticketing system would give some organization to the chaos
Also, I'm not supporting it, not sure why you thought I was.
https://news.ycombinator.com/item?id=9619282
- Strongly regulated banks/strong consumer protection in financial services.
- Good merchant customer service.
- Cheap credit card processing.
Security and Convenience are a classic tradeoff. I suppose you could argue that a good implementation of either isn't cheap.
Can you tell us how long it has been since you sent the email?
There must be some level of fraud prevention in any financial platform. You didn't give many details as to the type of charges you made or evidence past "no one charged back" as to how you made them. This is a public platform and I understand less than full disclosure but your narrative that:
1. You signed up
2. You charged people legitimately
3. You were cut off without notice
4. No one responded to multiple attempts over more than 1 business day
5. You were forced to take this action
Seems unlikely to be the full and absolute time line of events.
If it is, ok, post to HN and troll them. If not, is this really the medium? Doesn't stripe get a say on which transactions will and won't process on their own network?
If your expectation is "everything charges all the time period" then use bitcoin. These are credit cards. There are rules. :-)
>Doesn't stripe get a some say on which transactions will and won't their own network?
Ironically, we've seen this before with the many complaints about PayPal.
While I'm open to the idea we're getting the full story here, I think your view may turn out to the right one.
Credit card processors do this all the time.
I will send you an email shortly.
Everyone here should know better than this. When I had a problem, I phoned up Stripe and sorted it in minutes. I didn't post on the internet when my business was suffering.
[1] https://support.stripe.com/questions/do-you-have-a-phone-num...
Last year I was testing Stripe integration. I tried using my own credit card with a fake name. Surprise, it went through. I emailed Stripe support. After half a dozen emails discussing CC authorization I learned that Stripe does not and can not validate Name & Address on credit card.
Stripe told me that Credit Card companies do not disclose this data to Payment Processors like Stripe. Thus, Stripe simply passes on the name & address to the CC API.
Interestingly enough, Name & Address are NOT validated by major credit card companies. You can use junk names on your name & billing address and that will NOT stop your credit card transaction from going through.
Try for yourself next time you order something online. Makes me wonder why they even collect the data in the first place...
This sounds like a great way to get your account shut down.
They provide test/mock APIs for a reason.
Creating a system that processes payments can be an involved process, requiring significant development effort, even when using API and libraries like Stripe provides. It seems like Stripe should only be shutting people down as a last resort, after repeated warnings with a clear way on how to fix the problem. This is also just good business practice. No one wants to be shut down without a good reason and without any recourses for appeal or reconciliation.
You're right, you don't need the billing address to process a payment, although it's not true to say it's not used at all. Sometimes card companies do validate it, it depends on the type of transaction and the fraud profile. Often it's fuzzily matched, so name may not matter.
But you can also use it for other things: for example, fraud detection. Say your billing address is in New York, but your shipping address is to some Eastern European country. That's a big flag for fraud. So merchants collect it because they want to avoid damage to their bottom line.
Stripe supports AVS the same as other processors. Whether you choose to reject cards that don't pass AVS is up to you: it's a setting. So is which of the codes you want to reject. That's the case at every payment processor I've used. Different businesses, collecting cards in different scenarios, are going to have different risk profiles and different needs. If you're running a store selling computers to strangers over the internet, you probably want full AVS in addition to other fraud checks. If you're taking an invoice payment from another business you've worked with for years, you might not want to bother collecting and verifying an address.
This isn't a Stripe-specific case. Moneris, a card processor in Canada, has a bunch of fields that a merchant can check on/off if they want them to validate the details during payment.
But you're right - if the validation isn't happening, why bother collecting the data? At the very least it might hurt conversion rates.
A merchant can play a balancing act between having limited validations but a higher processing success rate against the chance of a higher dispute rate.
It may be odd for a company of their size to skip validating name & address, but I don't think this is unusual. I've implemented several medium-to-large payment processing systems and the processors didn't care about name & address -- they just wanted the numbers on the card.
With that said, about 3 months ago I was having problems reloading my Starbucks card with my credit card. The charges would go through on my credit card, the balance wasn't updating on my Starbucks card, and Starbucks system got stuck in a loop somewhere and kept taking money out off my card until I called my bank to get them to stop approving the charges altogether. Long story short, I called Starbucks and after about an hour the poor girl on the phone told me they had implemented increased fraud protections that compared the name on your Starbucks card to the name on your credit card. Because my credit card used my full name and my Starbucks card didn't the balance wasn't getting transferred over and was getting stuck in a loop somewhere. Not sure how they were doing the name verification or if they were just doing a simple compare in house, but needless to say was a little frustrating.
You can get pretty far with with fuzzy matching or just a simple levenshtein distance between name on record and name sent with order.
1) They have AVS checks, which can check the street number and zip code. But its up to us to decide what to do with this information (e.g. void the transaction).
2) They do not check anything else (country, name, state, phone, email, etc).
3) Some cards will fail if you put in the wrong expiration date, some won't - I would guess this is up to the card being charged. I get no information back when its incorrect but they let the charge go through.
4) Some cards will fail if you put in the wrong cvv code. Some will succeed but will just let you know through another field that the cvv code doesn't match - its up to us to decide what to do (e.g. void the transaction).
After over a week of waiting for a reply (PayPal's initial responses are rarely helpful, but at least they tend to respond..), they told me I shouldn't use Stripe because I would almost undoubtably be considered high risk. Why not just say it isn't allowed?
>Video game or virtual world credits: Sale of in-game currency unless the merchant is the operator of the virtual world
I am.
>Virtual currency or stored value: Virtual currency that can be monetized, resold, or converted to physical or digital products and services or otherwise exit the virtual world (e.g., Bitcoin); sale of stored value or credits maintained, accepted and issued by anyone other than the seller
It can't and isn't.
Their TOS actually makes no mention of virtual currency whatsoever.
I've been doing this for four years and we've never had a single dispute, but that's really neither here nor there.
No warnings, no chance to appeal, no heads up and absolutly no possiblity to call them. Lost around half a million euros before we could get our customers exported to another payment processor. Thanks Stripe!
It's a great service when it works, not so great at customer service.
> We can terminate this agreement for any reason on two months’ notice and immediately in certain circumstances
Source: https://stripe.com/gb/terms
It concerns me, as this still gives them full power to terminate the agreement immediately anytime they want. They never define what "certain circumstances" are, rather, they just provide one example.
EDIT: I would just like to say that I was mistaken. See the reply to my comment. That said, the US terms differ in an important way.
- we determine in our sole discretion that you are ineligible for the Service because of the risk associated with your use of Stripe, including without limitation significant credit or fraud risk, or for any other reason;
- you do not comply with any of the provisions of this Agreement, or
- upon request of a Card Network or a card issuer.
On the US terms, I see the following sentence:
"We may terminate this Agreement and close your Stripe Account at any time for any reason effective upon providing you notice in accordance with Section A.15 above". It goes on to copy what the UK agreement had, but that one didn't include this sentence.
It's what "United Kingdom" in the page title means.
With paymill looking like a stripe clone, it may be a good solution to split the revenues stream.
If you really were getting 2% of your payments reversed despite a 100% refund guarantee, there's really something wrong with that business that needed fixing. Perhaps uninentional, but people were being misled in some way, or claiming that refund was too difficult, or contacting you and getting a prompt response too hard. I run several SaaS businesses, with $MM total revenue, and had 3 chargebacks total last year adding up to less than $500.
It seems like they hardly spend any time investigating chargebacks and most disputes seem to be won by the buyer by default unless they have a habit of filing chargebacks.
Visa/MC work with an ever-changing mix of tens of millions of merchants that they never have direct contact with. There's a long chain of banks, ISOs, MSPs and other resellers between the card networks and the businesses that accept cards, yet they still need to provide some kind of oversight to avoid working with businesses or business models that would damage the integrity and trustworthiness of their brand with consumers.
The only way they can do that is to have policies that create incentives for the behavior they want to promote, and that prevent the behavior they want to discourage. The mandate to have a reversal ratio under 1% is one of those policies. Because it's enforced at the top, it trickles down the pyramid to every single business accepting credit cards even though they never directly interact with Visa/MC. Anyone with any kind of business that leaves customers dissatisfied, whether it's due to fraud, abuse, incompetence or ignorance, will end up being excluded from the network until they can rectify their issues despite Visa/MC never knowing they existed.
I think everyone can agree that maybe with a 20% chargeback rate, there is something wrong with the business but 1-2% seems possible for a legitimate business.
As a credit card user, I don't think it is their job to dictate which businesses are worthy of operating or not.
As long as I get my money back when I do a chargeback, then they did their job.
Somehow, all the businesses that currently exist and accept credit cards are doing so without more than 1-2% chargeback rates. That's a pretty good indicator that this isn't a problematic level to set the bar at. It's really much higher than you seem to think. 1 in 50 people walking into a store shouldn't have some payment problem so serious they have to go to their bank instead of the store to resolve it. Neither should online sellers be generating chargebacks every single day; 50 sales a day is a very small business. If 2% were an acceptable level, Wal-Mart would be allowed to generate 300,000 chargebacks every day, millions per year. 300,000 people who have a problem with charges on their credit card per day at a single retailer would clearly not be good for Visa or MasterCard's brands.
> As a credit card user, I don't think it is their job to dictate which businesses are worthy of operating or not.
As a credit card user, don't you prefer that you don't have to call your bank and dispute a transaction on a regular basis? It's this bar that ensures bad actors aren't there to take your card in the first place, that the stores you shop at don't engage in shady practices resulting in charging you more than you expected to pay, that they have reasonable return/refund policies, and that they have good and prompt support so they can resolve issues with you directly without you going through a third-party mediator.
Ensuring low chareback rates ensures high customer satisfaction rates across millions of businesses. If a business wants to operate despite large numbers of dissatisfied customers, they're free to do so. They can take cash, or checks, or debit your bank account. They just won't be allowed to take Visa or MasterCard cards. That's not a right.
Citation needed.
https://www.quora.com/Online-Payment-Gateways-and-Processing...
"Amount over $2400-$2500 mark suddenly experiences a surge and it is almost 3.0% to 3.5%"
I have personally had times where my chargeback rate has been above 2%.
Being able to accept credit cards is more of a right rather than a privilege given how much of a monopoly they have and it is virtually impossible to accept payments online through any other means.
I take it you are in favor of credit card companies being able to block payments to arbitrary entities such as wikileaks?
Did you read the rest of that comment?
"I can cite figures for Remittance industry only."
From Wikipedia:
"A remittance is a transfer of money by a foreign worker to an individual in his or her home country."
https://en.wikipedia.org/wiki/Remittance
Frankly, I'm kinda surprised that they're able to operate in that industry with credit cards at all, given how attractive it'll be to credit card fraudsters.
Accounts with 1-2% chargeback rate are incredibly costly. Stripe is potentially having to pay 1-2% of that account's entire processing volume in losses.
Chargebacks don't magically get paid. Somebody is left holding the bill.
But adding a $25 "administrative fee" or a $10,000 fine seems like a frivolous act, given how little effort is spent investigating chargebacks.
We do ecom subscription and ours is 0.01% in comparison.
If you blame the customer, you should better qualify your customers. There are services that can tell you if the customer has committed friendly fraud(fraudulent chargebacks). Burden is on the merchant to prevent chargebacks.
Now, what did bother me enough to comment at all?: 1. We always send in detailed papperwork for each chargeback. Never heard back for any of these during our time as a customer. Not once! 2. We never got any indication that we were getting close to some limit resulting in being cut off, just the email saying byebye in 10days (or whatever it was, maybe 7?) just as everyone in the office went on a 4 day holiday (bad luck I guess). 10 days is not even close to enough to set up with a new processor for SaaS-products if you need an import of old customers and have any to speak of amount of charges going on. It triggers a lot of extra papper work. 3. Payment processors claim SaaS is high risk as there is no product for proof of delivery. Stripe has all our money for months and a full refund policy makes it low risk in my eyes. We pay extra for this hassle anyway. If they say it's a risk, ok, Stripe knows better I hope. We had very long going ID identification so fraud was never the issue, just people trying to get money back and ashamed of asking it from us directly. 4. Stripe dealing with 1mil+ euro yearly of our money and refusing to speak on the phone even regarding major issues. Emails with "tough" questions always disappeared into thin air. It feels weird to not being able to contact someone that have your balls this way.
PS: Our "high" 1-2% chargeback spiked sometimes as customers that had made 10+ transactions during a year could start a chargeback for all transactions. Never spiked above 2%. Also, the product attracted many lazy and not-so-tech-savy-people, very far from the typical tarsnap user (which I'm a long term user of). Not defending our chargeback-rate, just that we know why as we phone up each user after a chargeback to get an understanding.
Long comment, hopefully it clears out my thoughts for those interested.
It could help identify some hidden problem and as a bonus make them cancel that chargeback.
This is why people will eventually end up hating Stripe just as much as PayPal. There is a huge disconnect between consumer expectations and the realities that a 3rd-party aggregator like Stripe faces.
Do you sell cheap virtual goods? They're sometimes used to test stolen cards I heard.
http://www.rbcroyalbank.com/RBC:z7TrmawYUA4BRAAwmCMAAAD8/bus...
http://www.tdcanadatrust.com/products-services/small-busines...
http://www.scotiabank.com/ca/en/0,,557,00.html
https://www.bmoharris.com/us/small-business/services/merchan...
https://www.cibc.com/ca/small-business/merchant-services.htm...
Both of the above companies have nearly 100% automated responses. With Amazon, if you get your selling account put on hold for any reason (even if it's by mistake through their automated bots), you will not be able to talk to anyone on the phone or through email. Your account is also put on hold for 90 days and your money might get transferred back to you when they feel like it.
It happened to me a few years back. A customer was ordering merchandise, stealing it, and filing disputes with Amazon. I wasn't able to block the customer, because it's not possible with their current system. Support was unhelpful (automated copy/paste responses) and they pretty much sided with the customer every time and deemed my account a "threat". Before this, 100% feedback.
It's a good lesson to learn: Don't base your business on one companym because they might just pull it out from under you one day.
Stripe is a B2B business it's also a bit 'lower layer'. You would have to rely on them for your business quite heavily.
The same with Google. How many people use Adsense, Adwords, Analytics for their business? If you want any sort of tech business these days, it's hard to avoid.
I flagged this story, and hope other people will too.
I think that this type of post is fine for HN. It's a YCombinator backed company, with the founders and most of the team commonly browsing the site and people here are usually able to point you in the right direction.
That's understandable.. but this isn't a support forum, and people would stop visiting if it became one.
It's almost like you're arguing against accountability and transparency. Should posts about HN companies not show up on HN, and instead be written about on a different website? Maybe BusinessInsider or Bloomberg? It's true that many will upvote it merely because an HN company was mentioned, but like the other response says, there are many "me too"s in this thread.