John here from Stripe (I lead our Risk product area). As OP noted, we try to spot unexpected spikes in processing volume, which are often associated with risky activity. In this case, that was in error — we were too fast to act and (much) too slow to unwind. In particular, we erred in not taking congruent action across OP’s related accounts. We’re working on a fix for this. I’m following up with OP to make sure we fully digest this one, so that it doesn’t happen again.
Since I came onboard in Sept, the team has made a lot of progress (e.g., mistaken actions like this one are down by 75%), but we have a lot more planned to further improve. We’re always on the look out for additional examples of mistaken action - please email me at jhaddock@stripe.com so I can take a look.
In a former business I had several 'customer advocates' who were tasked with representing customers to internal teams. Difficult/complex/delayed issues could be escalated to the advocates by customer support.
I view customer support as a marketing opportunity via goodwill and word of mouth.
Accounting for customer support as a debit against the marketing budget is an incentive to prevent incidents.
In another comment I asked the OP if it could have helped if they were able to notify ahead of time of expected spikes in turnover (due to marketing initiatives, etc.) that could be factored into the risk management equation.
Stripe knows this, when they were smaller the founder used to reply to threads like this or patio11 who they hired (but he just wrote that he is no longer there!).
Makes me wonder what's going on in there post-layoff, the business model is sound and they are market leader. No pressure too IPO quickly in the down market
I’m the person leading the project to make sure that people have fewer bad experiences with Stripe. I’m not sure what is driving the uptick in posts on the subject to HN in particular (obviously we pay attention to broader online discussion in addition to monitoring our support systems, though we know it creates an incentive for people to publicize their situation).
On the topic of Stripe and these kinds of incidents more broadly, there’s a lot to say, but here are a few pieces of context that are probably relevant:
- We are a giant distributed bounty system for people to find interesting and scalable ways to defraud us.
- We’ve seen significant upticks in certain kinds of fraud over the past couple of months. When businesses default, Stripe takes on the loss. It’s worth noting that certain kinds of fraud, like card testing, can also have significant collateral costs for legitimate Stripe businesses, and our systems and processes are not only to protect Stripe itself.
- We are far from oblivious to the harm that mistakes in our systems can cause. (I interact with a lot of these cases personally.) One of my highest priorities is creating better appeals flows for when we’re wrong.
- We’ve shipped 7 substantial improvements just in the last 10 days that should meaningfully reduce the occurrence of false positives.
- Publicly-described facts of specific cases don’t always match the actual facts. Stripe is sometimes just wrong. (We made some mistakes that I feel bad about in one recent case and we ended up bringing the company’s founders to an all hands last week to make sure we learned as much as possible.) But users do also sometimes publicly misrepresent what’s going on. We’re also restricted by privacy rules to not share specifics in those cases.
- Stripe works with millions of businesses and we see all kinds of “rare” failure modes fairly frequently. (Disputes between staff at a business, business impersonation, businesses that start legitimate and go bad, and so on.)
- I’m working on a post to share some of our broader philosophy + policy changes that I hope to publish before the end of this year. In that, I’m also hoping we can share some relevant metrics. If HNers have any suggestions for things that might be useful to see covered (though obviously certain things can’t be publicly disclosed), feel free to suggest them.
Ultimately, we work hard to be worthy of the trust of businesses across the internet, and my personal mandate (supported by many others, from our cofounders down) is to find effective new ways of making mistakes less likely. “Uniformly good support at scale, in a highly adversarial environment, with very financially-motivated actors” is not easy, but I’m pretty confident that we can make a lot of progress.
It goes without saying we're working on a review of OP situation. I’m happy to take general questions as well. You can also always reach me directly at jhaddock@stripe.com.
To maybe add some constructive criticism to this thread, you say that you want to make sure that people have fewer bad experiences with Stripe. There is a common thread to each of these posts which neither you nor any of the other Stripe employees who post here ever seem to address. Namely, that it’s impossible to reach a human being who a) listens to what the actual problem is and b) can actually take any meaningful action to fix it. Several people have mentioned emailing your support and getting nonsensical replies back that have nothing to do with the question they asked or incident they referred to. Perhaps you have something broken in your support ticket routing and don’t realize it? Or perhaps your support people are not incentivized to do a reasonably good job? Or maybe you are relying too heavily or in the wrong places on automation? You can say that “uniformly good support at scale in a highly adversarial environment with very financially-motivated actors is not easy,” but that is what you signed up for when you decided to process payments. You’re basically stating that “the hard job we agreed to do is hard.” It’s unhelpful. You say you’re “pretty confident that we can make a lot of progress,” but if that were true, how did you get to where you are? What you’ve tried appears not to be working very well for a fair number of people, so maybe you should be less confident.
Agree - there's multiple problems to solve (a) make incorrect actions exceedingly rare (b) correct them quickly (c) give people who reach out about them substantive help. Have major initiatives underway to improve on all 3. We're furthest along on (a), more to share soon. Interaction of (b)(c) is particularly complex, as we find the right way to make high-stakes decisions while being responsive to people asking for help (especially as we do the work to differentiate good and bad actors).
I'm not sure what the disconnect here is, I'm pretty sure the answer is uncomplicated. You hire support people and train and pay them well. I get that this isn't some sort of sexy tech solution but like, that's what we want as customers. I don't really care about any of this crap, nobody cares. We want two things from you, we want to charge people's credit cards, and if something goes wrong we want to be able to TALK TO SOMEONE to get it sorted.
This is not hard. The thing we want is the confidence that if something goes wrong we'll be able to talk to someone who can help sort it out.
The uncertainty is the problem. You are not doing a good job of making me feel like you understand that.
How much more are you willing to pay for being able to reach a human? I don't know what Stripe's fees structure is typically, maybe put it in terms of a percentage on transactions? An additional 1% on transactions?
> Publicly-described facts of specific cases don’t always match the actual facts...users do also sometimes publicly misrepresent what’s going on. We’re also restricted by privacy rules to not share specifics in those cases.
Not affiliated with Stripe in any way, but I used to work on payment fraud detection on a comparable scale. I'd say this describes ~90% of the cases that I saw that got traction on social media with a good sob story. Many of them were egregiously misrepresented to the point where it was obvious that they were trying to run a scam and use public pressure to get some result that they clearly didn't deserve. It's quite frustrating in those cases where your model says they're 99% fraud, your domain experts who actually investigated the issue say it's 100% fraud, and your privacy/legal/strategy policy prevents you from just responding with "this is BS and here's why".
In this case with the person from Stripe responding that the situation isn’t straightforward and the OP sharing minimal details and not making any follow up comments I’d be inclined to side with Stripe here.
Is hiring support staff so expensive that it threatens your business model? Not having access to a human being is an unacceptable business risk for many. I have been suffering a six-month integration / certification process with Chase's byzantine Merchant Services API. It's a parody how awful it is, I mean shockingly, amusingly bad, but I have access to bankers directly when something goes wrong, and so I will suffer it.
Can't you just offer paid, guaranteed support? People will gladly pay for it.
What if, get this, instead of all this vague shit about doing better you just had a support team you could talk to without blowing up on twitter/hn?
If I wanted to charge people on the internet right now I would go with Authorize, even though I've used Stripe in the past and had good experiences. Now my understanding is that I pay for the convenience of the better API etc. with the inconvenience of being unable to talk to a human that can make decisions if something goes wrong, unless I get sufficient upvotes/retweets.
My understanding is that in most cases of fraud, what customers are looking for (clear explanations for why the account was suspended, funds are being held, etc.) will simply not be possible, either due to legality, or that the company will intentionally withhold information so that the fraudsters won't figure out how to work around the protections. Obviously this hurts legitimate customers who get tripped up by the system, but at Stripe's scale that's probably the "price of doing business" as the saying goes.
It's true that we can't be more specific about users in HN posts. But we do hear the legitimate feedback about getting more specific/helpful in sharing status with users where we've asked for more info from them (or when they are asking for more info/help from us). I don't think we've found the right balance in either case yet -- working on it.
> This is all I want from any service that I buy from. Good, responsive support without scripted responses and black hole email addresses.
Many commenters in this thread are saying OP's account was frozen because of suspected fraud/money laundering. If that's true, what would "responsive support without scripted responses and black hole email addresses" entail?
Telling the OP that this is the case. Offering them the opportunity to supply evidence to the contrary.
The standard line in cases like this (whether it's a frozen payments account, a rejected app, or a suspended social media account) is that you can't tell someone what rule they broke, because this gives too much informative feedback to actual malicious actors about how they got caught. I call bullshit. Until someone can demonstrate that this is an actual problem, I will believe it to be a fake problem, purely an excuse used by giant companies to justify their systematically hostile (and cheap) approach to customer service.
> Until someone can demonstrate that this is an actual problem, I will believe it to be a fake problem
If a payment processor suspects money laundering, it's illegal for them to tell the business that. Under anti-money-laundering legislation, this is considered a crime called "tipping off": https://onlinelibrary.wiley.com/doi/10.1002/9780470685280.ch...
(Disclaimer: Used to work at Stripe, but not on this particular area. Not an expert on either the law or Stripe's policies.)
I don't have a dog in this fight, but FYI (and it's been said before and may be said again) that there are LEGAL requirements by the US federal government for banks to NOT tell customers the status/reason for frozen assets if they have been flagged for potential money laundering. That may be the case here, it may not, and I don't know if Stripe is regulated like that or not.
Yuck. This is the worst sort of corporate damage control speak I've ever seen on here. I was dubious about your company before, but after your post, I don't think I'll ever use you as a payment processor.
Cut the crap, please. Have the CEO step in and stop your broken automated flags. Put real humans in the appeals process and give them meaningful powers. Stop giving people the run around, and stop posting meaningless fluff.
Please don't cross into personal attack, regardless of how strongly you feel.
It's not in the community interest to drive away people who are posting about their work. For most of us, our work is what we know the most about—so that would be a strict loss of interesting discussion.
I took the GP comment to mean that Stripe recognizes they are doing a bad job hear and this individual is leading a (recent) initiative focused on addressing that.
He’s not wrong. The length of the reply doesn’t make it good or worthy when most of it is wishy washy we’ll do better in the future we promise without any concrete steps to make that happen or metrics to prove so. In fact I would say he’s doing a bad job by the amount of stripe fucked me posts here recently.
You don't hear about the positive outcomes of support cases, but you'll hear a lot about those that don't work out the way they're supposed to, and you'll also hear a lot about those where someone feels wronged even though they've misbehaved.
The complainer can also misrepresent the case, while Stripe cannot disclose how they see it. Making any assumptions about service quality on that base is not wise.
We’ve been investigating this case for the past 24 hours, and it's not straightforward. I can’t share more publicly here, but we’re in touch directly with OP.
OP can you lay out your version of the events please? And also give written permission to the Stripe guy to lay out his version? I want to see how the two compare. Feel like watching some drama this evening.
That assumes the OP's problem deserves to be solved. We have no way of knowing that unfortunately, as there's non trivial chance OP did something not quite kosher knowingly or unknowingly.
It is mind-bogglingly hilarious how many people in this thread think banks do this stuff for fun, or are even legally allowed to talk about a case. The fact that Stripe people are even in this thread, frankly, is huge.
Just because the person you're talking to is a representative of a scolded vendor does not give you the right to be a jackass.
Since I came onboard in Sept, the team has made a lot of progress (e.g., mistaken actions like this one are down by 75%), but we have a lot more planned to further improve. We’re always on the look out for additional examples of mistaken action - please email me at jhaddock@stripe.com so I can take a look.