RU version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
67% Positive
Analyzed from 5986 words in the discussion.
Trending Topics
#stripe#fraud#don#card#chargebacks#more#customer#chargeback#merchant#product
Discussion (225 Comments)Read Original on HackerNews
As a rule of thumb, when you get a chargeback you need to completely ban the customer from your db. This includes:
- card ban - email address ban - fingerprint their access and ban
This will save you a lot of hassle when they try to signup/buy your product again and cause you the same amount of grief.
Yes, many of us are incredibly responsive to customer support inquiries (I have a <1hr response time unless you send in a ticket when I'm sleeping) and it doesn't matter. Fraudsters gonna fraud. This isn't a case of "they asked for a refund, we refused, they issued a chargeback", it's a case of a scammer being a POS.
I've dealt with my fair share of chargebacks and in every case I've seen it's someone being a jerk and never a legit case.
The fact that Stripe won't help you, the banks don't care about all the evidence you have, and you end up out the money for the product _and_ you get hit with a chargeback fee on top of it is madness. I could literally have video of the person holding up their ID saying "I XXXXX agree to pay YYYY" and banks would still side with a the scummy scammers.
I have, quite literally, never had someone reach out via support and then file a chargeback later. They do it without reaching out, probably because they are a trash person and they have no interest in getting anything fixed and are just scammers.
Given that you are responsive to inquiries, it makes sense that you'd rarely if ever have a legitimate chargeback -- because there's no reason for a customer to resort to chargebacks if the vendor is willing to work with them to resolve legitimate issues.
But I know of many examples of people needing to resort to chargebacks due to ineffectual customer support, and then having their accounts banned and being cut off from other unrelated services from the same vendor as a result. I don't think that's an appropriate response and vendors should be careful not to let that happen if they instate such a policy.
I'm surprised they were able to get Stripe to actually state all of this clearly. It's nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
(it took a bit of back-n-forth to get a clear answer, but I did get a clear one. Their support is still excellent from my experience and communicate well)
I think this hits on the spirit behind GP's point. Clarity, leading to an article like the one posted, gets more people upset. The equation (Upset/People x People) results in a larger number -- people, as a whole, are more upset.
>But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
If a company is vague, there's nothing to write about, one person (maybe) gets more upset than they would have facing clarity.
But if the company is clear, there is something to write about, and an article like the one posted makes people, overall, more upset.
Yeah, maybe Stripe could do more without Radar, but I imagine it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint. Obviously a lot could go wrong with such an approach.
That was the point I tried to make with my blog post. And yes, if it was too easy for merchants to block consumers, that won't be fair either. But surely there's a middle ground here.
Stripe very explicitly told me that they don't do anything with such reports. It's simply ignored.
Also I just wanna throw some praise at Stripe Support. They have an excellent team and go above and beyond to help.
I don't think Stripe did the right thing here. They can do better to protect their own customers.
Is this an edge case? It looks like your standard chargeback fraud accompanied by a pile of evidence. What does a common case look like in contrast?
We should expect this to become even more rampant given the ease of clicking a chargeback button and the apparent lack of repercussions.
It doesn't seem like an unreasonable ask frankly.
I have worked in card issuing for years and I have seen various submissions by merchants I know that use Stripe where I _know_ that they have an absolute winning case under the network rules that Stripe refuse to contest.
Stripe have decided that fighting most chargebacks is not worth the money, probably becasue they can just pass the costs onto the merchants and let them eat them and the merchants will not go elsewhere.
“You probably don’t want a system where one annoyed merchant can get someone blocked across the whole Stripe payment system. But there’s a pretty big gap between “automatically block this person everywhere” and “thanks for the screenshots, please consider Radar”, and this is where it gets frustrating.”
Stripe Radar was not a good product. It would score large numbers of very suspect transactions at a risk level of 1 or 2 (out of 100). I don't have an ML background, but something about their methodology was just flawed. It behaved as if there was a wire loose in it. Unfortunately, I don't think they're very incentivized to care.
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
1) Incumbent is slow, clunky, unpleasant to deal with due to years of accumulated constraints to deal with
2) Newcomer can differentiate themselves by being nimble and pleasant to work with, taking market share
3) Over time newcomer has to deal with increasing amount of scrutiny, fraud, overhead, CYA type practices, etc
4) Newcomer is now incumbent, goto 1)
No affiliation, I've just seen them used–it would be better if you self-hosted a BTCPay server.
Most paypros, most of the time, won’t look too hard unless there’s a problem or you’re tripping some internal security measure (like raking in a lot of cash in weird amounts). Of late they’ve been more intrusive due to some weird eTeen puritans, but that’s quieting down again as they remember they like making money, and throwing legal content off their platforms can very quickly cause an exodus of customers looking to avoid having their funds seized.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
The thing that gets me is that Stripe boasts about their machine learning radar rules etc etc, but somehow can't feed it actually valuable data.
Stripe support saw the emails from the customer boasting about defrauding me, they completely agreed that this is a clear case of friendly-fraud, but did nothing with this info.
But Stripe is exactly in a position to at least use the evidence I provided (in this case, the evidence included the customer clearly admitting to friendly fraud), and feed it into their fraud-prevention system in some way. This way, lots of signals can help protect merchants from friendly fraudsters. So yes, I see it as a pretty small and legit ask from Stripe.
Certainly I wouldn't want the inevitable news drama about it. "I'm just a poor innocent grandma, I'm a trusting person when it comes to Facebook ads, and Stripe punished me for getting scammed by banning me from half the stores on the Internet!"
Certainly a person showed up in person to a class, but how do you know it was the person whose credit card was used?
"Friendly fraud" is accidental or with the correct intentions – such as the customer not recognising the charge and charging back.
"Just fraud" is already taken for "criminal c uses unwitting cardholder a's card at unwitting merchant b", so what's your objection against "fiendly fraud"?
Even in the post you're wishy washy about what you want. They offer a product that does enhanced fraud detection but you don't like that. You correctly call out that there's major risks with taking a merchant's report and using it to flag a user's future transactions.
There are similar offerings from other companies. I don't know if bundling this with payment processing is common.
For me, I do a cheap subscription (4$/mon, first month 2$) and one dispute costs me like 20-30$. So that one person wipes a ton of profit from me. I always try to refund them (but you can't refund a customer with a dispute in effect).
Stripe is great to get going, but has a lot of painful points.
I always thought things are easier with a physical product where you have a 3rd party like DHL that proves delivery was made. But at least in my tiny sample space, that’s not enough to win the dispute.
The camber, affirmation, word choice, triplet phrase... leaves me wondering. But without a smoking gun its hard to know if a model call was fired.
If their total dismissal of the problem is itself deception, that's not a particularly big improvement!
And if they had even a little skin in the game they would care about such low-hanging fruit. You don't want a guy that's insulated from the consequences to be in charge of the [anti-]fraud dial.
My only nit with Stipe is they don't allow me to delete card details for an ongoing subscription I don't plan to renew and already set it not to renew on the service billing page.
Notably disputing a credit card charge is completely independent of whether someone owes the debt, the credit card is simply a convenient way for that payment to be handled. What's the point where other collection methods make sense? As an example, if you're consulting for someone and they pay you $x,xxx via card then charge it back, at least in most of the US I believe it's legal for you to do your own collection efforts and contact them repeatedly (this changes if you sell the debt and it's a third party attempting collections).
You can try to collect through persistence, or take them to court, get a judgment, and then a court ordered collection. It all depends on the value of your time.
I’ve heard rumors that some merchant agreements with processors may include arbitration clauses for recovering chargebacks, but I’ve never seen it personally.
If you’re talking about premium cigars, using paper is possible but kinda ugly. The glue is similar to what rollers use when rolling cigars in the factory. It works well and fits well with the cigar smoking experience.
You don’t have to buy (my) glue. You can make your own and I even share recipes on the website. Ciglue however offers convenience with the dispenser and integrated brush and glue.
(wasn’t expecting to get into details about my product on HN but love how diverse the community is)
I suspect Stripe walks a fine line where they want to help you prevent fraud, but they also want to avoid vendors complaining to them that their customers can’t pay.
Context: I worked on a payments team for a short while.
I'm not going to name those countries outright but you should never ever be launching globally until you have these safeguards in place.
Once you are known to be vulnerable to a certain scheme, it quickly becomes known in that region/country.
Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society.
Be careful when taking verbatim advice from internet strangers.
So nobody really knows about it.
When i started selling digital download content. Some people will buy, download and instantly charge back.
The strongest signal is whether they use an eBank/app that has a one-click button to report transactions as fraudulent. The Apple card(?) seems especially prevalent.
I think that caused her to over-scrutinize things.
But (years) later I saw her using apple pay. She had charges she didn't recognize and would immediately flag them. Thing is, I couldn't help but think they might have been real charges with weirdly named companies on the transaction.
in the case of these "friendly fraud" schemes, they are much more likely to come from more developed regions with strong consumer protection laws like the NA.
if anything in many of those "high risk" regions, chargeback are much less common because fewer consumer protection law e.g. banks would automatically reject chargebacks for transactions with 3DS OTP.
Great advice which is why data is what I'm relying on vs anecdotes.
One chargeback a quarter is a lot, depending.
Not very easy to do with prepaid cards AFAIU.
The US and I imagine Canada are known for the ease of chargebacks.
My experience in Europe is that it's a very tough process to even initiate (as a consumer)
But this QJE article[1] argues there's a ceiling to how far things scale. Concluding that the cost to keep a decentralized network secure scales with its total economic value. So while there is immediate value to it's user, it might not scale well, and can't replace a country's financial system anyway because securing it at a sovereign scale would just be more expensive.
[0]: https://www.mdpi.com/1911-8074/17/10/467 [1]: https://academic.oup.com/qje/article/140/1/1/7824430
I was more nuanced and specific, but I don't want to do it all again.
1. The fees are not awful idk what you mean, I pay between 0.1% and 1% fees on Monero transactions.
2. If the modelling can't manage their risk characteristics, they are by definition a victim of the financial system. I was more talking about people who have been debanked, though.
I have a Russian friend who can't pay for things online in fiat because of sanctions and the risk to his life from being on the free internet. So, he uses Monero and Tor and takes his OPSEC seriously. He is a victim of trad-fi, and Monero allows him to take his freedom back.
I can send you some if you want to try it out, just drop an address(for a wallet I recommend cakewallet, but any popular open source wallet works).
I'm talking about Monero specifically, but your reply makes no sense because there are cryptos that have 0 transaction fee and instant confirmaiton. But they are less secure and private so I don't use them, I only use Monero.
https://en.wikipedia.org/wiki/Bitcoin_in_El_Salvador
Also of all the cryptocurrencies Bitcoin is a pretty poor choice since it could be pretty well argued that it has lost the original purpose and devolved into a raw "line go up" financial instrument.
Buy food with Monero on an ebay type platform called xmrbazaar.
(https://xmrbazaar.com/search-category/food/)
Donate to non-profits in Monero
(https://donatemonero.org)
GrapheneOS says it's the only crypto that they regularly get recurring small donations in.
Why?
X isn’t bad. You should include Y. You only added/omitted Z because of $stereotype/$racistView/$otherAllegation.
Probably just not worth the hassle.
You can’t ignore the stereotypes, but you can let people figure it out themselves. You don’t have to say it when it’s already obvious.
Outside of South Korea, from enormous help from Pax Americana, has it ever happened?
If it happens to be a slow day, or the person is already on their shit list (eg. on probation) maybe something will come of it. Having the gloating emails definitely helps. Or maybe the report just goes into a file until this person does this for a more expensive item and then it gets pulled to prove a pattern of behavior.
Anything that actually discourages that behavior directly is better than some slightly more negative reputation in an opaque fraud detection system.
https://xkcd.com/325/
Of course not, unless it becomes mainstream, crypto usage will always be by early adopters and technologists. I don't care if you accept cards as well, I just want to be able to pay privately with Monero.
You're right that for chargebacks specifically the only way to eliminate them would be 100% crypto, not the option of card and crypto together, which is significantly more likely. But there are other benefits for customers(privacy), which is why I use it.
Do better Stripe. Be better Stripe. Or eventually we will find someone better. Think. Don't enshittify. Your support has already become covered in it by doing the needful.
How is it natural if DHL had proof of delivery.
They have a comprehensive customer ID system and let you adjust desired risk levels for various forms of fraud.
Epic username btw lol