Most active commenters
  • ceejayoz(6)
  • wpietri(5)
  • mikece(4)
  • iLoveOncall(3)
  • encryptluks2(3)

←back to thread

Stripe has decided to nuke my entire business

1624 points yaythefuture | 52 comments | 15 Sep 22 16:33 UTC | HN request time: 2.048s | source | bottom

Saw https://news.ycombinator.com/item?id=32261868 from a couple weeks ago and figured I'd share my own story.

3 weeks ago, I woke up to a pissed off customer telling me her payments were broken. My startup uses Stripe Connect to accept payments on behalf of our clients, and when I looked into it, I found that Stripe had decided to deactivate her account. Reason listed: 'Other'.

Great.

I contact Stripe via chat, and I learn nothing. Frontline support says "we'll look into it." Days go by, still nothing. Meanwhile, this customer is losing a massive amount of business and suffering.

After a few days, my team and I go at them from as many angles as possible. We're on the phone, we're on Twitter, we're reaching out to connections who work there / used to work there, and of course, we reach out to patio11. All of these support channels give us nothing except "we've got a team looking into it". But Stripe's frontline seems to be prohibited from offering any other info, I assume for liability reasons. "We wouldn't want to accidentally tell you the reason this happened, and have it be a bad one."

We ask: 1. Why was this account flagged? "I don't have that information" 2. What can we do to get this fixed? "I don't have access to that information. 3. Who does? "I don't have access to that information" 4. What can you do about this? "I've escalated your case. It's being reviewed."

I should mention at this point that I've been running this business since 2016, my customers have been more or less the same since then, and I've had (back when it was apparently possible) several phone conversations with Stripe staff about my business model. They know exactly who our customers are and what services we offer, and have approved it as such.

After a week of templated email responses and endless anxiety, we finally got an email from Stripe letting us know that they had reviewed the account and reactivated it. We never got a reason for why any of this had happened, despite asking for one multiple times. Oh well, still good news right? Except nope, this was only the beginning.

This morning I woke up to an email that about 35% of my client accounts had been deactivated and were "Under review", the kicker here being that one of those accounts is the same one they already reviewed last week! This is either the work of incompetent staff or (more likely) a bad algorithm. No reasonable human could make this mistake after last week's drama.

So currently, my product doesn't work for 35% of my customers. Cue torrent of pissed off customer emails.

And the best part is, this time I have an email from Stripe this time: Apparently these accounts are being flagged, despite the notes on our file, and despite the review completed literally last week, as not in compliance with Stripe's ToS. They suggest that if I believe this was done in error, I should reach out to customer support. Oh, you mean the same customer support that can't give me literally any information at all other than "We have a team looking into it"? The same customer support that won't give me any estimates as to how long it's going to take to put this fire out? The same customer support that literally looked into this a week ago and found no issues!?

I feel like I'm going crazy over here. These accounts have hundreds of thousands of dollars in them being held hostage by an utterly incompetent team / algorithm that seems to lack any and all empathy for the havoc they wreak on businesses when they pull the rug out from under them with no warning, nor for the impact they have on customers when they all of a sudden lose all ability to make money. And all that for an account that has been using Stripe for nearly 7 years without issue!

This goes so far beyond "customer support declining at scale." If lack of customer support means that critical integrations start to fail, that's not a customer support failure, that's a fundamental business failure.

Show context
droopyEyelids ◴[15 Sep 22 16:40 UTC] No.32854631[source]
It sucks this happened to you, but like with all the PayPal hate stories, I notice you're very careful not to describe what type of business you operate.
replies(7): >>32854678 #>>32854690 #>>32854761 #>>32854905 #>>32855298 #>>32856082 #>>32856905 #
1. mikece ◴[15 Sep 22 16:43 UTC] No.32854678[source]
Does it matter? PayPal and Stripe don't advertise that they will only do business with organizations with which they agree. To accept a business as a client for a mission critical service like payment processing and then summarily cancel or suspend service without notice should be able to be prosecuted the same as someone who vandalizes a physical storefront to the point they cannot open for business. This is non-trivial and PayPal and others are acting like rat bastards to accept a client, get them dependent, and then dump them without warning.
replies(6): >>32854721 #>>32854807 #>>32854844 #>>32855393 #>>32855539 #>>32860809 #
2. bagels ◴[15 Sep 22 16:45 UTC] No.32854721[source]
It does matter if it actually violates the TOS, or could be vaguely interpreted to do so I guess?
replies(4): >>32854757 #>>32854829 #>>32855966 #>>32856047 #
3. mikece ◴[15 Sep 22 16:47 UTC] No.32854757[source]
And how many times does a company claim you have violated TOS and then refuse to tell you how you violated the TOS? To act in this manner nullifies the TOS in my opinion.
replies(5): >>32854942 #>>32854984 #>>32854998 #>>32855018 #>>32855470 #
4. wpietri ◴[15 Sep 22 16:49 UTC] No.32854807[source]
Is it all companies that can no longer decide who they do business with in accordance with the terms of the contracts in place?
5. incone123 ◴[15 Sep 22 16:50 UTC] No.32854829[source]
They did say they had been running the business for several years and have prior discussions with Stripe about TOS on file.
replies(2): >>32854884 #>>32854966 #
6. jabroni_salad ◴[15 Sep 22 16:51 UTC] No.32854844[source]
https://www.paypal.com/us/legalhub/acceptableuse-full

always read the fine print

7. snowwrestler ◴[15 Sep 22 16:53 UTC] No.32854884{3}[source]
Ok but is that a green flag or a yellow flag?

How many companies using Stripe have had multiple conversations about the TOS? I would guess it’s a minority. Not a topic anyone is usually excited to talk about.

8. wpietri ◴[15 Sep 22 16:56 UTC] No.32854942{3}[source]
It definitely sucks for the merchant companies ending up on the pointy end of the TOS. But you also need to consider the payment company side of things. They face a relentless tide of fraud and shady merchants. If they are too transparent about exactly how they detect a problem, that makes it much easier for the criminals, scam artists, and dodgy merchants to get around TOS enforcement.

The real culprits here are the people trying to violate the TOS, plus everybody's desire for cheap services and easy onboarding. The historical alternative was very expensive setup (e.g., spend a few years building a relationship with your local bank branch manager and establishing a financial track record). Making it easy to get started means that most problems will show up down the road, and the lower merchant costs means less money to pay for smart people to carefully untangle the truly dodgy from accounts that just look that way.

replies(1): >>32855596 #
9. scsh ◴[15 Sep 22 16:57 UTC] No.32854966{3}[source]
The TOS can be updated/changed/clarified over time and they could end up falling outside of what they cover as a result. It's not great and sucks as a customer but it can happen.
10. iLoveOncall ◴[15 Sep 22 16:58 UTC] No.32854984{3}[source]
Never. In 20+ years of using Internet I have never been banned unduly from any service.

I have seen way to many stories about people claiming to have been banned for no reasons from services (online video games are a popular one) before it is revealed the ban was 100% legitimate, to take any new story like this at face value.

replies(1): >>32855118 #
11. kube-system ◴[15 Sep 22 16:59 UTC] No.32854998{3}[source]
Somewhere between occasionally and almost always, depending on the reason.

In most cases, you will not be given details if fraud is suspected. The reason being that companies don't want to tell fraudsters how they got caught.

12. irvingprime ◴[15 Sep 22 17:00 UTC] No.32855018{3}[source]
Whether or not the TOS can be said to be legally nullified (not being a lawyer, I have no idea) canceling or suspending someone's account without telling them some kind of reason they can do something about is absolutely unethical.

It is also very common.

replies(1): >>32858262 #
13. mikece ◴[15 Sep 22 17:06 UTC] No.32855118{4}[source]
I was banned by PayPal once because I didn't sign up with an SSN or EIN and proceeded to make enough to trigger a review because they couldn't file a proper 1099-K on me. This was an oversight on my part and I offered to correct the situation by submitting any documentation they needed -- photo ID, SSN, prior year tax returns to PROVE that I was paying tax on the revenue coming from PayPal, the new LLC and EIN I had for that company's activity. They refused to update my account, told me to start over with a new account, and then similarly ban-hammered me again (probably because I started an account after getting banned even though it's what they told me to do!).

I made a mistake out of inexperience, was refused the chance to correct that mistake, and all of my PayPal accounts -- including my PERSONAL account that I had had for years -- were banned because they were started by a person (me) who had an account frozen or banned. Is that a legitimate enough story?

replies(2): >>32855189 #>>32855622 #
14. iLoveOncall ◴[15 Sep 22 17:10 UTC] No.32855189{5}[source]
No, not legitimate at all.

PayPal had banned me because I was under 18 when I opened my account, they then allowed me to open a new one (right after this one got suspended) and it has been working fine without any issue since then (10 years+).

Stop doing shady stuff.

replies(2): >>32855951 #>>32858544 #
15. deng ◴[15 Sep 22 17:23 UTC] No.32855393[source]
> PayPal and Stripe don't advertise that they will only do business with organizations with which they agree.

Huh? Of course they do. Just one example:

https://www.paypal.com/us/smarthelp/article/what-is-paypal%E...

16. adolph ◴[15 Sep 22 17:28 UTC] No.32855470{3}[source]
Maybe there is a market for insurance to initiate a "Wrongful ToS Ban Lawsuit." I take no right/wrong position on the below gentleman but note that he did bring a lawsuit against Twitter for being banned and his account reinstatement coincides with a settlement of the suit. Right now the payment facilitators only have loss of an account in terms of incentive to reduce false positives in detecting fraud.

One year ago this month, Twitter permanently suspended a 340,000-follower account for “repeated violations of our COVID-19 misinformation rules.” The owner of that account, the former New York Times reporter and vaccine skeptic Alex Berenson, responded with a lawsuit demanding reinstatement. . . .

. . . Earlier this summer, Twitter put Berenson’s account back online, noting that “the parties have come to a mutually acceptable resolution.” Berenson wasted little time in calling out mainstream media for failing to cover the “pathbreaking settlement” that led to his return. . . .

https://www.theatlantic.com/technology/archive/2022/08/alex-...

17. ceejayoz ◴[15 Sep 22 17:32 UTC] No.32855539[source]
> PayPal and Stripe don't advertise that they will only do business with organizations with which they agree.

https://stripe.com/legal/restricted-businesses

replies(2): >>32856834 #>>32856926 #
18. JohnFen ◴[15 Sep 22 17:36 UTC] No.32855596{4}[source]
> If they are too transparent about exactly how they detect a problem, that makes it much easier for the criminals, scam artists, and dodgy merchants to get around TOS enforcement.

I get that, but I don't see how actually telling people what term of service was violated gives too much leverage to the bad guys.

replies(1): >>32856809 #
19. JohnFen ◴[15 Sep 22 17:37 UTC] No.32855622{5}[source]
But at least you knew why you got banned!
replies(1): >>32856231 #
20. ◴[15 Sep 22 17:58 UTC] No.32855951{6}[source]
21. toss1 ◴[15 Sep 22 18:00 UTC] No.32855966[source]
NO, it does not in this case

They can determine up front if it violates the TOS

They can notify the customer of the SPECIFIC violation IN DETAIL, and what can be done to cure it, and provide time to do so.

They can deny access to the transaction instead of nuking the entire business for some algorithmic flag.

The Stripes and PayPals of the world do NONE of this. Instead, they act like they accept almost all businesses, get them dependent on that piece of infrastructure, then willfully trash the business on a whim.

replies(1): >>32857118 #
22. Dylan16807 ◴[15 Sep 22 18:06 UTC] No.32856047[source]
The part where they said everything was fine and then re-locked so much a week later is completely unacceptable even if the business does violate the TOS.
23. mikece ◴[15 Sep 22 18:20 UTC] No.32856231{6}[source]
Only the first time. They never told me why my other accounts -- which were following all of the rules -- were frozen.
replies(1): >>32856952 #
24. wpietri ◴[15 Sep 22 18:54 UTC] No.32856809{5}[source]
Neither do I, but I wouldn't expect to see it without really understanding the bad actors and what they're up to. So this could be their best effort. Or it could be that they're just going with a blanket "say nothing" policy because it's too hard to create a more nuanced policy that the CSRs can apply consistently. Or it could just be laziness and a lack of customer focus. It's impossible to say from the outside.
25. systemvoltage ◴[15 Sep 22 18:55 UTC] No.32856834[source]
> Firearms, explosives and dangerous materials

> Guns, gunpowders, ammunitions, weapons, fireworks and other explosives. Peptides, research chemicals, and other toxic, flammable and radioactive materials

Why does the payment processor get to dictate whether I can run a defense ordnance company or run a scientific chemical supplies store?

Some of this stuff needs to be challenged in the court or regulated so that payment processor has no say whatsoever in whatever their belief system says about legitimacy of a business.

replies(4): >>32856924 #>>32856960 #>>32856970 #>>32856998 #
26. ceejayoz ◴[15 Sep 22 19:01 UTC] No.32856924{3}[source]
> Why does the fucking payment processor get to dictate whether I can run a defense ordnance company or run a scientific chemical supplies store?

Because they have the legal right to do so? They could ban companies run by redheads, if they like. As long as they're not discriminating based on very specific sets of criteria established by law, they get to choose who they do business with.

The government requiring private citizenry to associate with everyone who wishes to associate with them seems like a very dark path to go down.

replies(3): >>32857367 #>>32860937 #>>32861287 #
27. abigail95 ◴[15 Sep 22 19:01 UTC] No.32856926[source]
Stripe has an internal list of "instant ban, no questions allowed" activities/triggers.

Think about how they can accept 100+ currencies without a relationship with some dodgy central banks in developing countries.

There are absolutely items on that list for political reasons.

28. mring33621 ◴[15 Sep 22 19:04 UTC] No.32856952{7}[source]
guilt by association
29. wpietri ◴[15 Sep 22 19:04 UTC] No.32856960{3}[source]
Why do you believe that private companies shouldn't have freedom of association? Or put differently, why should the government be able to force Stripe to do business with people who Stripe thinks would not be good for their business?
replies(1): >>32867269 #
30. marcinzm ◴[15 Sep 22 19:05 UTC] No.32856970{3}[source]
You mean the belief system of wanting to not get sued by someone who get's hurt or killed?
replies(1): >>32857011 #
31. makoz ◴[15 Sep 22 19:06 UTC] No.32856998{3}[source]
On the off chance there are more regulatory requirements to accept this sort of business and they don't want to build out the support necessary to do so? Maybe there's different risk profiles that they're not willing to accept
32. systemvoltage ◴[15 Sep 22 19:07 UTC] No.32857011{4}[source]
I was considering starting a weapons ordnance company, getting federal ATF license and bid on a contract to USG and NATO forces. I guess Stripe billing isn't going to be our choice of service. Stripe has really good invoice/PO processing APIs.
33. bagels ◴[15 Sep 22 19:14 UTC] No.32857118{3}[source]
The type of business matters if we're trying to guess whether they violated the TOS or not.

I completely agree with you that how these companies handle these issues is completely wrong, if not fraudulent.

replies(1): >>32857934 #
34. mminer237 ◴[15 Sep 22 19:33 UTC] No.32857367{4}[source]
While I agree with your point, I think banning redheads would violate Title II of the Civil Rights Act of 1964.
replies(1): >>32857442 #
35. ceejayoz ◴[15 Sep 22 19:39 UTC] No.32857442{5}[source]
No; hair color is not what that legislation covers.

It is entirely legal in the United States to discriminate against redheads, or people whose names start with B, or Hacker News users, or people who enjoy skiing.

replies(3): >>32857473 #>>32857670 #>>32858941 #
36. JPL7 ◴[15 Sep 22 19:40 UTC] No.32857473{6}[source]
https://www.fwlaw.com/insights/is-hair-a-protected-class#:~:....
replies(1): >>32857571 #
37. ceejayoz ◴[15 Sep 22 19:48 UTC] No.32857571{7}[source]
If you read that closely, it doesn't apply in the slightest to the example.
38. encryptluks2 ◴[15 Sep 22 19:57 UTC] No.32857670{6}[source]
I do believe that there could be an argument that discrimination on hair color could fall under national origin or color:

Under 29 CFR § 1606.1, national origin is defined as but not limited to: An individual's, or his or her ancestor's, place of origin; or because an individual has the physical, cultural or linguistic characteristics of a national origin group.

replies(1): >>32857860 #
39. ceejayoz ◴[15 Sep 22 20:13 UTC] No.32857860{7}[source]
With the current court, almost certainly not; they're not inclined to expand the definition of "disparate impact" like that.

If a future Court ever decides hair color denotes national origin, fall back to a different example of your choosing; people with tattoos, Mac users, viola players.

replies(1): >>32858651 #
40. toss1 ◴[15 Sep 22 20:19 UTC] No.32857934{4}[source]
I agree that in general, it matters.

However, by a long series of deliberate actions, Stripe has made it irrelevant to the fact that they are now deliberately, unilaterally, and with zero notice whatsoever shutting down that biz' critical infrastructure.

They could have, and should have as a part of KYC compliance, already figured out what type of business it is. If they failed at that, then fine, give them 60 days notice to find other infrastructure. Stripe is taking its OWN FAILURE to properly vet their customers according to their own standards and dumping the consequences onto the ex-customers. Sorry, but unless we're talking actual provable international criminal/autocratic money-laundering, that's just wrong.

41. nicce ◴[15 Sep 22 20:50 UTC] No.32858262{4}[source]
It is very common because it is not benefial for the company to clarify reasons. It includes many risks.

They can be proved to be incorrect, for exmpale if they refer into their own ToS, which is public information and binding. And then some legal expert says that this is not how it goes and it ends up into court, because customer sees risks being lower.

If they made a mistake or there was a software failure, it is bad PR.

If they ban someone for some specific reason but not someone else, there will be drama.

It is very beneficial to just say nothing.

42. wtetzner ◴[15 Sep 22 21:14 UTC] No.32858544{6}[source]
> Stop doing shady stuff.

If PayPal requires an SSN or EIN, why do they even allow you to create an account without one?

replies(1): >>32863051 #
43. encryptluks2 ◴[15 Sep 22 21:25 UTC] No.32858651{8}[source]
Hair color is something you're born with and is a genetic mutation based off lineage and other factors. I don't think they directly corelate and it wouldn't necessarily even make it to the Supreme Court. Most businesses aren't going to appeal to say that they can discriminate based on hair color nor willingly admit to doing so, nor would they ever likely make the argument that they did it and that it is okay.
replies(1): >>32860155 #
44. mminer237 ◴[15 Sep 22 21:52 UTC] No.32858941{6}[source]
You could discriminate against people with dyed hair colors, but I find it hard to believe that any court would say that a person's natural hair is not a physical characteristic of a national origin group.
45. ceejayoz ◴[16 Sep 22 00:00 UTC] No.32860155{9}[source]
The law doesn’t say “things you are born with”, though. That’s a common theme with the specific categories it does name, but only those specific categories are protected.
replies(1): >>32862090 #
46. braingenious ◴[16 Sep 22 01:20 UTC] No.32860809[source]
>Does it matter?

That is indeed the question. There is no way of knowing if the nature of the business is a factor unless you know that nature of the business.

47. cvalka ◴[16 Sep 22 01:35 UTC] No.32860937{4}[source]
They are common carriers. The elephant in the room is the Visa/Mastercard duopoly.
48. tobinfekkes ◴[16 Sep 22 02:18 UTC] No.32861287{4}[source]
As a red head, this made me chuckle. Thank you.
49. encryptluks2 ◴[16 Sep 22 04:30 UTC] No.32862090{10}[source]
It isn't specifically limited to those specific narrow words by the most limited means you're thinking. I'm sure they could make that argument, but only a fool would risk a discrimination lawsuit based on hair color. Even if that is the specific reason a person would have to be either a fool or want to try to challenge the law, and there is no guarantee after losing that the Supreme Court would even take the case. I don't think the Supreme Court would even want to touch such a case nor that it would be ruled on in the manner you're thinking.
50. iLoveOncall ◴[16 Sep 22 07:08 UTC] No.32863051{7}[source]
Because it doesn't require one. You can see the holes in OP's story. First he starts saying that he can give them an ID or his SSN and then all of a sudden it becomes a company account?

The guy can't keep his story straight for 3 lines on HackerNews, he is obviously doing stuff that he shouldn't and using his PayPal in a sketchy manner.

51. from ◴[16 Sep 22 15:19 UTC] No.32867269{4}[source]
In a world of free association Stripe would probably be more willing to do business with "high risk" companies because they could charge them substantially higher fees. The government directly and indirectly tries to discourage business with these kinds of companies which is why companies like porn websites, fireworks wholesalers and check cashers have a hard time getting bank accounts these days.
replies(1): >>32878450 #
52. wpietri ◴[17 Sep 22 15:48 UTC] No.32878450{5}[source]
Sorry, who do you believe is preventing Stripe from charging higher fees to riskier accounts? Please be specific.

Also, what's your evidence that some payment processors don't handle porn because of government pressure, rather than just natural market forces? I had a friend who did tech for a porn company, and from what he says, even a well-run porn company has much higher rates of chargebacks (e.g., next-day regrets and "no honey I don't know what that charge is") and fraud (stolen cards, fraudulent affiliate program participants).