[ElbertF]

This is off-topic but is anyone else dealing with an insurmountable number of charge-backs selling digital goods using Stripe? I'm using Radar, Sift Science, email verification, CAPTCHA, post code checks, country and domain restrictions, rate limiting and every other trick in the book and yet reportedly a third of my payments is fraudulent.

The way credit card payments work seems backwards and hopelessly broken. I reached out to Stripe several times but keep getting the same templated response. What gives?

[SyneRyder]

It sounds like you've already done this, but have you read about when Candy Japan was hit by massive fraud and how they solved it? (TLDR: don't let fraudsters know the card was declined, make it look valid)

https://www.candyjapan.com/behind-the-scenes/candy-japan-hit...

https://www.candyjapan.com/behind-the-scenes/how-i-got-credi...

I'm more amazed that Stripe hasn't reached out to you if you're getting 33% chargebacks. I thought the industry standard was that if your fraud rates are above 1% they'll flag your account, and above 2% you risk being permabanned by Visa/MC. (Perhaps that's outdated, I think I first heard that 10+ years ago.)

[ElbertF]

It's challenging to find a balance between security and not hindering legitimate customers. Telling them the order went through when they mistyped their card number isn't great. I don't expose the reason the payment was rejected however.

Stripe does warn me about the charge-backs.

[4thwaywastrel]

I ran a mobile payments app for years that buckled under the weight of machiavellian people constantly trying to find ways to cheat the system.

The problem isn't just the existence of scammers imho, the problem is that the two players with the most power to prevent fraud: The Bank, and The customers are incorrectly incentivised. The Bank doesn't care because it can foist responsibility onto the people moving the money from A to B (eg, Stripe, who then has to pass it onto the merchant) and the customer doesn't care because the bank uses its power to make sure the customer doesn't have to pay the consequences for being unsafe with their credit card information.

Until either the bank gets tougher on fraudulent activity (being more proactive about investigating accounts fraudulent payments went to, punishing customers for being loose with their credit cards, etc) or we can implement some kind of two-factor process inherent to the whole credit card system nothing will change.

[SandersAK]

We might be able to help at Chargehound. We're the only automated system that fights chargebacks for you. We're also the only one on Stripe's platform that's endorsed by them: https://stripe.com/works-with/chargehound

[ElbertF]

Thanks for the suggestion. I do this manually and never won a dispute. I suspect the fraud is being committed by a single person or group of people for the purpose of testing stolen credit cards. In some cases victims contact me after seeing my business name on their statement. I also report suspicious transactions myself.

[codazoda]

Can you verify, even after the purchase, and automatically refund them?

As an example, will the spammers click a validation link?

[ElbertF]

I send a verification link to new email addresses before accepting payments. They do click them.

[fencepost]

Do those verification clicks come from the same ip address as the initial order?

[ElbertF]

Good question, I don't know. I could fail the verification if it doesn't match.

[SandersAK]

Just a quick update to note that we are on the Stripe "Works With" page but that that isn't an official "endorsement" by Stripe in any way. That word was probably too strong. The rest of it is 100% true though.

[jdhendrickson]

How does Chargehound improve over just fighting it manually? Is it only automation the reply?

[SandersAK]

We're predominately helping merchants with 100+ cbs a month, so automation speeds things up. When you are processing as many cbs per month as us, you learn a lot about how to represent the dispute. We pass those learnings on to our customers.

[thesimon]

What about requiring 3D Secure? https://stripe.com/docs/sources/three-d-secure

>Payments that are successfully authenticated using 3D Secure are covered by a liability shift. Should a 3D Secure payment be disputed as fraudulent by the cardholder, the liability shifts from you to the card issuer.

>If the card or issuer isn’t enrolled in 3D Secure but the type of card could support 3D Secure (e.g., most Visa and Mastercard consumer cards), liability is still shifted to the card issuer.

[ElbertF]

I was looking at that. It's not available in my country but I requested an invite. Thanks!

[eeke]

Hm, I’m sorry to hear about this. I work on Stripe Radar and would love to take a closer look into these disputes to see how we can help. Could you email me at eeke@stripe.com?

[ElbertF]

Done!

[quanpod]

Hey ElbertF - I'm on the product team at Sift Science and definitely want to understand more (33% is incredibly high). I took a brief look at your integration, but should take the conversation to email - send me a note! quan at siftscience dot com.

[ElbertF]

Thanks! Will do.

[octalmage]

For me around 1 in 10 is fraudulent. I'm selling a project as pay what you want to pay, and the fraudulent charges are always much more than most people pay. I've lost a bunch of money this way.