[ecommercematt]

How do you handle situations in which you can't tell if someone is legitimately undergoing hyper-growth or committing fraud? In a prior startup, I had my funds held indefinitely by PayPal and 3 separate merchant banks because our rapid growth made them suspect us of fraud or perhaps that our business was just too risky because our numbers were changing so rapidly. Our ultimate solution was to engage a merchant bank that specialized in sight-unseen, no swipe/no sig transactions that we could meet with face-to-face.

[boucher]

There's no simple thing I can say here. There are situations where withholding funds might be required, but they should be exceedingly rare. In other words, we're hoping to eliminate false positives.

In general, we're a tech company and we're looking for technical solutions to problems. We're also just culturally familiar with startups that explode in popularity, so we aren't worried about that kind of behavior.

[bprater]

You may want to seriously consider working on fleshing out this plan now. Paypal supposedly has thousands of people working in fraud control.

When word gets out that Stripe makes it "dead simple" to process credit cards without a merchant account, the vampires will come out to play. And I'm truly excited for a service like yours. We need this. But be prepared.

[jtheory]

PayPal isn't just a payments processor, so they have many more fraud scenarios to worry about than Stripe.

You can't use Stripe unless you have a bank account set up to receive funds, and you can't use Stripe to pay for things -- i.e., you can't launder fraudulent money by buying a ton of stuff online and having it shipped to an abandoned house.

In Stripe there's a very simple money trail, plus there's a week's delay before your charges are transferred into your account... which makes it tricky if you're hoping to run up lots of fraudulent charges then disappear with the cash before anyone notices. With PayPal the money trail could be very complicated indeed.

[sukuriant]

I became concerned with reading this statement. We need a lawyer to understand liability for laundering with regard to systems like Stripe

[jtheory]

If you're laundering money, you might want to consider in-house legal expertise, as well as in-house payments processing expertise.

If you're not laundering money, then (all other things being the same), you should prefer Stripe over PayPal, since it would be quite hard for someone to use Stripe for this purpose, hence they will have fewer money-launderers to deal with, hence you have less risk that you'll set off some obscure alarm and they'll lock up your account for months.

In any case, if you sell anything (online or off) you may want to learn a bit about the various risks and liabilities. Fraud does happen, and some businesses are at far higher risk.

I'm not sure the average lawyer will help much, though. They can tell you "yup, if someone buys a diamond from you with a stolen credit card and you ship it, you will not get to keep that money even if the diamond isn't recovered" (but don't you know that already?).

The more important advice is technical, and it's about all of the things you can do to reduce the risk of that ever happening to you.

[afaulkner]

If you are looking for a technical solution you might want to check out..ahem... my company ThreatMetrix.

As ex paypal Im guessing you have invested a lot in risk management, ML and automation etc as its really technically difficult to make such a broken process like online payments this simple so you may have it all covered.

What we can bring to the table is a (300ms) https name value pair API that delivers aggregated intelligence in real-time based on transactions, identities, devices and behavior across 6000 sites that represent over 1MM individual CNP txns on a daily basis (only 1/5 of Paypals txns but hey we are a startup!) which you can ingest into your rules engine or risk models during, before or after the payments authorization/capture.

We dont just provide a score which can be impossible to integrate with other ML engines we also provide customizable (by you) reason codes/triggers that can be used to characterize behavior e.g. customer's computer associated with 3 difference identities and 4 different proxy ip addresses across global network in last hour....Data Geeks geek out on it as we also provide full attribute data back in the API response so provides a good way to do feature extractions for SVMs etc. We have been proven to reduce FP and increase TP.

We currently process peak 700 tps with about 20% degradation in performance at load. We suck at batch processing cause its just not our thing. I head up products and one of the founders so not selling just helping as I think you have a solid offering that should do very well.

Paypal bought Fraud Sciences for 170M but you can rent ThreatMetrix ;-)

[djcapelis]

Also selling! Don't be ashamed of it. If you have a good product, sell it!

(I have no idea whether you have a good product, but I'm hoping you do, because the problem you're trying to solve is an annoying one.)