Hacker News new | ask | show | jobs
by bberenberg 21 days ago
I got hit with a fraudulent chargeback (claim was the purchase was unauthorized and the person showed up in person to a class) and it was doubly bad because they paid via Link which means that Stripe actively verified them via 2FA.

Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
4 comments
SpicyLemonZest 21 days ago
I don't know this is the reason, but if I were asked to build such a system, I'd be pretty worried that it constitutes a consumer report under the terms of the Fair Credit Reporting Act.

Certainly I wouldn't want the inevitable news drama about it. "I'm just a poor innocent grandma, I'm a trusting person when it comes to Facebook ads, and Stripe punished me for getting scammed by banning me from half the stores on the Internet!"

link
AnthonyMouse 21 days ago
If your card is actually stolen then you should have the card number changed to prevent additional fraud and then the disputes would be against the old card number rather than the new one, right?
link
SpicyLemonZest 21 days ago
If your card is stolen you should, but not necessarily if you fall for a Facebook ad that ships you a pile of rocks or a paper photo of the product you thought you bought.
link
AnthonyMouse 21 days ago
Isn't that exactly when you should have your card number changed? You gave your card info to a blatant fraudster. If they're willing to ship you a pile of rocks then there's a significant chance they're willing to use the card info you gave them to make fraudulent purchases.
link
gingerlime 21 days ago
Yeah, though this rule sounds a bit tricky. Like what if someone legitimately had their card abused.

The thing that gets me is that Stripe boasts about their machine learning radar rules etc etc, but somehow can't feed it actually valuable data.

Stripe support saw the emails from the customer boasting about defrauding me, they completely agreed that this is a clear case of friendly-fraud, but did nothing with this info.

link
bberenberg 21 days ago
Stripe can’t do anything per the way CCs work. Asking for that to change is a big ask. Asking my vendor to help me not do business with people who are likely to scam me is a smaller one.
link
gingerlime 21 days ago
100% agree. They cannot reverse the dispute. I already lost the money. I understand.

But Stripe is exactly in a position to at least use the evidence I provided (in this case, the evidence included the customer clearly admitting to friendly fraud), and feed it into their fraud-prevention system in some way. This way, lots of signals can help protect merchants from friendly fraudsters. So yes, I see it as a pretty small and legit ask from Stripe.

link
cperciva 21 days ago
claim was the purchase was unauthorized and the person showed up in person to a class

Certainly a person showed up in person to a class, but how do you know it was the person whose credit card was used?

link
bberenberg 21 days ago
It matched their LinkedIn photo.
link
mriet 21 days ago
Their business model is to allow as many possible "valid" transactions, not to serve their "clients". They're a PSP...
link