[smca]

(I work at Stripe) I've posted about this before but leaving here again for posterity.

Many complaints posted about Stripe on HN, Twitter, and Reddit are from fraudulent users looking to overturn decisions we've correctly made. They look to turn outrage into action in an attempt to defraud customers of money. We have to take action to protect Stripe, Stripe users, and Stripe users' customers. We don't and won’t comment on specific cases for privacy reasons.

It's important to know that almost every case posted here since summer has ended with confirmation that the activity was fraudulent.

We can make mistakes and those can be acutely painful to legitimate users. But those are few and far between.

[throwawaaarrgh]

Even if that were true, nobody's going to believe you if they keep hearing these stories, and the only response they hear from you is "liar liar pants on fire". Your brand will keep suffering the way PayPal's has. And maybe that doesn't affect your bottom line, but it does effect hiring and morale, and makes it that much easier to launch a scrappy competitor.

[22289d]

Thanks for that. As a new Stripe user I've been worried about this. Waking up one day to find my account locked and money frozen. Sounds like if I simply run a clean business, I don't have much to worry about. Logically that makes sense, it's in your interest for me to keep swiping cards.

Coinbase also has a lot of this type of stuff and I've long suspected the same. It's people doing shady stuff and trying anything they can think of to get their shady money, which Coinbase has frozen.

As for part of the OP's question: Stripe absolutely has one unique thing. Amazing developer infrastructure. And even a lot of stuff built on top of their infrastructure by others. For example: I'm using Laravel Cashier. It saves me so much time building and I can do all sorts of cool stuff with it. Setting up a merchant account with Chase or whatever, you're not going to get all of that.

[smca]

I'm glad to hear that (and that you're a new Stripe user!). If you do ever have an issue and you're not getting the support you need, you can reach me at my HN username @stripe.com.

[22289d]

Hopefully it's never needed but I appreciate that, saved it. Thanks!

[TheChaplain]

> We don't and won’t comment on specific cases for privacy reasons.

That there is your problem, you essentially say "they are wrong, but we won't tell you why so just trust us".

You need to be more transparent or accept the fact that your public image will continue to wither and lose people trust.

[rexreed]

Thanks for the response. I understand that fraud is a very real thing and that crooks will do anything to work the system, but the crooks have very little to lose and the merchants have so much to lose, and Stripe wields a lot of power in both instances, so the power imbalance is very real.

Imagine for example that your personal bank account was closed and the moneys held by the bank and you had no recourse other than emailing a general inbox or talking to customer support who can't do anything other than sympathize. Without that bank account you can lose your house, car, and assets. It's a very scary and very real thing. The bank can say that 99% of the time, the accounts are closed due to fraud, but you're that poor 1% (according to the bank) and therefore you're just a casualty of the process. There are harms from crooks and fraudsters, but there are harms to the individuals too.

The main issue is not that Stripe is working hard to protect itself and its customers, but the merchants feel very powerless in these situations. When it takes a massive effort to get attention, especially if you're small and powerless, you feel that you have no control, and that your issues (which might not be fraudulent) will go unanswered. What can the average, powerless merchant who doesn't have the weight of social media, HN, @dang, or others on their side do when their hard-earned money is being held, locked, or otherwise prevented, and when the cause is not fraudulent, or if the merchant is unaware of that activity? The problem is that accounts are just shut down, moneys are held, and there's no quick or clear communication, with customer support simply saying it's not in their control. It's this feeling of powerlessness that's the issue, regardless of whether or not Stripe is in its rights or doing what it feels is in its and its customers best interests.

What can you do to help empower the powerless merchants when their livelihoods are at stake? Can you provide some way to not instantly assume fraud or malicious intent on behalf of the merchant and provide some quick and direct way for the merchant to feel empowered?

If someone is ramping up a new business, say a subscription business that will go from $0 in January to over $1M in just a few months, that would easily trigger a fraud system, but it's not fraudulent, it's just a business that's seeing success. How can the merchant work with Stripe in advance to provide signals that there's something legit happening?

[smca]

The power imbalance is tricky, I agree. We have to safeguard good users and restrict bad actors, all at the same time.

To your specific point around not assuming malicious intent/empowering users to take action, we're revamping the ways that we ask users for more information about their businesses. And we’ve set a higher bar for the speed to resolve these issues. In the majority of cases, we want to allow users to continue operating during this time. In the specific example of a fast growing subscription business, they would continue to operate without issue, while providing documentation to Stripe to support their growth (if they had triggered any of our fraud detection systems).

In the last three months, we’ve also reduced the rate that users contact support with Risk-related questions by 45%. So, we're encouraged by our progress but there is still lots of work to do.

[thunky]

I can't find a charitable reading of your response that makes the core issue you're replying to any less of a concern:

The problem is that accounts are just shut down, moneys are held, and there's no quick or clear communication, with customer support simply saying it's not in their control

[easytiger]

> from fraudulent users looking to overturn decisions we've correctly made.

Can you give examples to support this bold assertion?

E.g. https://news.ycombinator.com/item?id=32854528

[TillE]

I'm sure there are occasional real mistakes, but people will absolutely lie about this kind of thing. That's nothing new.

[greenthrow]

> We don't and won’t comment on specific cases for privacy reasons.

Read the whole comment before responding, please.

[grumple]

Ah how convenient, that means they don't have to take accountability for the rest of their post being misinformation.

[throwmeup123]

He answered your question in the next two sentences.......

[throwaway2056]

https://news.ycombinator.com/item?id=34233011

> Overall this review process was pretty bad. Very little communication and nothing I could really do directly to move things along or get any real information. It took a random Stripe employee to get an email from @dang and post on HN in order to get this issue resolved. I’m lucky because I know about HN and know that Stripe employees frequent the site, but I don’t think HN wants to become the Stripe support forum.

It may be that the errors from Stripe side are low. But communication is very vital. It did take some luck to get this resolved.

[smca]

The random Stripe employee is me. John and I left comments with details on what we're doing to fix our failings in that particular case: https://news.ycombinator.com/item?id=34234079

[throwaway2056]

Thank you for the response and your efforts to make things better.

My only gripe is that a friend had a similar issue with Stripe and the replies usually were just copy and paste. Like that other poster, they asked him to upload every other document but the replies were uninformative. It was all 'copy paste' legalese and not conveying information. Eventually it did get resolved.

[taink]

Here's a direct link for convenience's sake: https://news.ycombinator.com/item?id=34234079

[easytiger]

> But those are few and far between.

Apparently not

[Anon4Now]

> almost every case

> We can make mistakes and those can be acutely painful to legitimate users.

Any lessons that can be learned and shared here? What things can legitimate users avoid doing, so they don't wind up as false positives for fraud?

[smca]

We're working on a post about some of the specific work we're doing here. We'll be sure to share it here when it's ready.

[psyfi]

> Any lessons that can be learned and shared here? Don't consider stripe reliable

[lloydatkinson]

Wow. This comment is tone deaf and a PR incident waiting to happen.

[rippercushions]

It is, however, reality. I used to work in escalations at $MEGACORP and the difference between the viral sob story posted on Twitter etc and the reality of what happened is often jarring. "Boohoo my account was locked for no reason whatsoever!" except, y'know, distributing graphic child abuse material (and I don't mean splashing around in a bathtub), mining Bitcoin with stolen credit cards, etc etc.

[rpadovani]

Hear, hear. Unfortunately, social outrage is a good way to have attention from big companies. So, of course, it has become a fraud in itself.

[jonahbenton]

I have been Stripe user/customer almost from the beginning- personally I believe the tone and content is exactly right. So much tricky fraud in the space on the user side and on the vendor side most of them- like Square and Paypal, not to mention plain old banks- struggle, and make incorrect decisions that take a long time to resolve. Stripe (in my network experience) has always been on top of all of that. The business strikes me as singularly well operated, in addition to be strategically visionary. Cheers.

[Archipelagia]

I am very grateful that the OP posted that "tone deaf comment".

I'd much rather live in a world where I can read blunt comments by developers, versus a watered-down statements written by PR firms to absolutely avoid rubbing anyone the wrong way.