Stripe banned us for payment disputes but we never had a single dispute

(justuseapp.com)

693 points hienyimba | 2 comments | 14 Sep 21 10:51 UTC | HN request time: 0.402s | source

Show context

pc ◴[14 Sep 21 12:37 UTC] No.28523805[source]▶

(Stripe cofounder.)

Ugh, apologies. Something very clearly went wrong here and we’re already investigating.

Zooming out, a few broader comments:

* Unlike most services, Stripe can easily lose very large amounts of money on individual accounts, and thousands of people try to do so every day. We are de facto running a big bug bounty/incentive program for evading our fraudulent user detection systems.

* Errors like these happen, which we hate, and we take every single false rejection that we discover seriously, knowing that there’s another founder at the other end of the line. We try to make it easy to get in touch with the humans at Stripe, me included, to maximize the number that we discover and the speed with which we get to remedy them.

* When these mistaken rejections happen, it’s usually because the business (inadvertently) clusters strongly with behavior that fraudulent users tend to engage in. Seeking to cloak spending and using virtual cards to mask activity is a common fraudulent pattern. Of course, there are very legitimate reasons to want to do this too (as this case demonstrates).

* We actually have an ongoing project to reduce the occurrence of these mistaken rejections by 90% by the end of this year. I think we’ll succeed at it. (They’re already down 50% since earlier this year.)

replies(25): >>28524033 #>>28524044 #>>28524048 #>>28524050 #>>28524154 #>>28524171 #>>28524182 #>>28524398 #>>28524413 #>>28524431 #>>28524441 #>>28524749 #>>28525580 #>>28525617 #>>28525758 #>>28526933 #>>28527035 #>>28527043 #>>28527233 #>>28527269 #>>28527682 #>>28528656 #>>28529788 #>>28530370 #>>28537774 #

invalidusernam3 ◴[14 Sep 21 13:24 UTC] No.28524413[source]▶

>>28523805 #

> We actually have an ongoing project to reduce the occurrence of these mistaken rejections by 90% by the end of this year. I think we’ll succeed at it. (They’re already down 50% since earlier this year.)

More important than that is provide a way for people to get this revolved without having to make the front page of HN.

replies(4): >>28525098 #>>28525360 #>>28526460 #>>28529252 #

oconnor663 ◴[14 Sep 21 14:11 UTC] No.28525098[source]▶

>>28524413 #

One particularly frustrating aspect of fraud prevention is that fraudsters are better than the rest of us at getting human support staff to do what they want. They have way more practice, and they learn techniques that work from other fraudsters.

replies(3): >>28525318 #>>28526792 #>>28529447 #

dwild ◴[14 Sep 21 19:07 UTC] No.28529447[source]▶

>>28525098 #

> One particularly frustrating aspect of fraud prevention is that fraudsters are better than the rest of us at getting human support staff to do what they want. They have way more practice, and they learn techniques that work from other fraudsters.

Then put a flag on that account. Repetitive issues will make it clear what's happening.

Fraudster also doesn't have the same needs as most customers, they don't need to keep the same account... at best the same account will barely give them more credibility, but that would no longer be true if a flag has been raised previously.

There's plenty of ways to verify identities, use that when a flag has been raised previously. Again, something that sure a fraudster can do but lower odds than an actual customers.

replies(1): >>28533021 #

1. morei ◴[14 Sep 21 23:36 UTC] No.28533021[source]▶

>>28529447 #

It's never that simple. You're implicitly assuming that a fraudster wants the account long term, which is rarely true.

And identity is a VERY complex area, and nothing like as simple as "plenty of ways to verify identities". Particularly noting that fraud is often carried out by leveraging many partial opportunities: I use the (false/stolen) identity from over there to carry out of the fraud over here.

replies(1): >>28554648 #

2. dwild ◴[16 Sep 21 17:35 UTC] No.28554648[source]▶

>>28533021 (TP) #

> You're implicitly assuming that a fraudster wants the account long term, which is rarely true.

Wait what?

Here my comment:

> Fraudster also doesn't have the same needs as most customers, they don't need to keep the same account...

How does I assume fraudster wants the account? I'm arguing the reverse, that they don't want it, thus give more credibility over anyone doing effort to get his account back. I don't understands that part, feel free to clarify it.

> And identity is a VERY complex area, and nothing like as simple as "plenty of ways to verify identities".

I was arguing that opening up customer service for theses instances won't be a huge risk if you keep a flag on the account as they fraudster don't need the account long term (as you seems to agree).

Doing others verification is to reduce that risk further, risk that I already consider minimal. No one said that it would be 100% effective, nothing is perfect, sure some will be able to bypass, but as I said, they don't need to.

> Particularly noting that fraud is often carried out by leveraging many partial opportunities: I use the (false/stolen) identity from over there to carry out of the fraud over here.

Yup, thus why getting more proof of the user identity will allow to confirm he is actually who he is claiming to be. Here in Canada we can do that at Canada Post office. It's not something Stripe ask for, thus if someone with a flagged account ask to get it back, doing a local verification will most probably be harder for him.

↑