←back to thread

Stripe banned us for payment disputes but we never had a single dispute

(justuseapp.com)
693 points hienyimba | 7 comments | 14 Sep 21 10:51 UTC | HN request time: 1.072s | source | bottom
Show context
edwinwee ◴[14 Sep 21 12:26 UTC] No.28523676[source]
Edwin from Stripe here. (OP, I've just sent you an email and we can talk more over there—I'm terribly sorry for the trouble.) I can't get into too many specifics about an individual business publicly, but unauthorized charges have high potential to be disputed in the near future—and while Stripe itself doesn't have a dispute threshold, the card networks require businesses to keep disputes low.

Although that email in the post was admittedly a template, a human did review the transaction activity and actively sent the email. We're digging more into exactly what happened here to prevent the confusion from happening again. Over the past few weeks, we've been overhauling how we work with businesses in situations like these and are rolling out some meaningful improvements soon.

replies(5): >>28523708 #>>28523811 #>>28523985 #>>28528152 #>>28528827 #
ddtaylor ◴[14 Sep 21 12:29 UTC] No.28523708[source]
So, if I want to disrupt a competitor all I have to do is hire a bunch of darknet identify thieves and you'll shut down their merchant account?
replies(4): >>28523802 #>>28523989 #>>28527061 #>>28527154 #
1. gilrain ◴[14 Sep 21 12:37 UTC] No.28523802[source]
Yes, if you’re willing to break the law and risk the consequences, you can get up to all sorts of stuff. Same as anything?

Like, “So, if I want to disrupt a competitor, all I have to do is hire thugs to smash all their stuff?”

Yeah, that’d do it. Good luck.

replies(3): >>28523918 #>>28523936 #>>28524053 #
2. qaq ◴[14 Sep 21 12:47 UTC] No.28523918[source]
Risk is relative thing the activity has to cross threshold for the appropriate gov entity to investigate and since they are swamped that threshold keeps going up.
3. MichaelApproved ◴[14 Sep 21 12:48 UTC] No.28523936[source]
I think the point is that this attack vector can be pretty anonymous and absolutely deadly to the target company.

This attack is also not protected by insurance, like someone setting fire to your office would be.

It’s fair to explore just how vulnerable a company can be to this type of attack from a malicious competitor.

replies(1): >>28525929 #
4. ViViDboarder ◴[14 Sep 21 12:59 UTC] No.28524053[source]
You’d need to come close to 1% in total charges. That’s roughly what Visa and MasterCard set as limits. This would work with anyone who accepts credit cards, not just Stripe customers.
replies(1): >>28524499 #
5. ddtaylor ◴[14 Sep 21 13:31 UTC] No.28524499[source]
Assuming their a competitor 1% seems like a small tax to pay to gain the entire market share.
replies(1): >>28525312 #
6. notahacker ◴[14 Sep 21 14:25 UTC] No.28525312{3}[source]
You probably don't gain the entire market share even if the attack succeeds in leaving them permanently without a payment gateway, except in situations where the answer to "who is attacking us?" is fairly obvious...
7. BoorishBears ◴[14 Sep 21 15:03 UTC] No.28525929[source]
It's a weak point.

You can also pull API keys from most apps and get them banned from advertising networks.

You can hire people to review bomb.

Hire people to make fake news about a competitor go viral.

Someone willing to do illegal things can always hire other people to do illegal things for them "anonymously"