Most active commenters
  • mikece(4)
  • iLoveOncall(3)

←back to thread

Stripe has decided to nuke my entire business

1624 points yaythefuture | 25 comments | 15 Sep 22 16:33 UTC | HN request time: 1.025s | source | bottom

Saw https://news.ycombinator.com/item?id=32261868 from a couple weeks ago and figured I'd share my own story.

3 weeks ago, I woke up to a pissed off customer telling me her payments were broken. My startup uses Stripe Connect to accept payments on behalf of our clients, and when I looked into it, I found that Stripe had decided to deactivate her account. Reason listed: 'Other'.

Great.

I contact Stripe via chat, and I learn nothing. Frontline support says "we'll look into it." Days go by, still nothing. Meanwhile, this customer is losing a massive amount of business and suffering.

After a few days, my team and I go at them from as many angles as possible. We're on the phone, we're on Twitter, we're reaching out to connections who work there / used to work there, and of course, we reach out to patio11. All of these support channels give us nothing except "we've got a team looking into it". But Stripe's frontline seems to be prohibited from offering any other info, I assume for liability reasons. "We wouldn't want to accidentally tell you the reason this happened, and have it be a bad one."

We ask: 1. Why was this account flagged? "I don't have that information" 2. What can we do to get this fixed? "I don't have access to that information. 3. Who does? "I don't have access to that information" 4. What can you do about this? "I've escalated your case. It's being reviewed."

I should mention at this point that I've been running this business since 2016, my customers have been more or less the same since then, and I've had (back when it was apparently possible) several phone conversations with Stripe staff about my business model. They know exactly who our customers are and what services we offer, and have approved it as such.

After a week of templated email responses and endless anxiety, we finally got an email from Stripe letting us know that they had reviewed the account and reactivated it. We never got a reason for why any of this had happened, despite asking for one multiple times. Oh well, still good news right? Except nope, this was only the beginning.

This morning I woke up to an email that about 35% of my client accounts had been deactivated and were "Under review", the kicker here being that one of those accounts is the same one they already reviewed last week! This is either the work of incompetent staff or (more likely) a bad algorithm. No reasonable human could make this mistake after last week's drama.

So currently, my product doesn't work for 35% of my customers. Cue torrent of pissed off customer emails.

And the best part is, this time I have an email from Stripe this time: Apparently these accounts are being flagged, despite the notes on our file, and despite the review completed literally last week, as not in compliance with Stripe's ToS. They suggest that if I believe this was done in error, I should reach out to customer support. Oh, you mean the same customer support that can't give me literally any information at all other than "We have a team looking into it"? The same customer support that won't give me any estimates as to how long it's going to take to put this fire out? The same customer support that literally looked into this a week ago and found no issues!?

I feel like I'm going crazy over here. These accounts have hundreds of thousands of dollars in them being held hostage by an utterly incompetent team / algorithm that seems to lack any and all empathy for the havoc they wreak on businesses when they pull the rug out from under them with no warning, nor for the impact they have on customers when they all of a sudden lose all ability to make money. And all that for an account that has been using Stripe for nearly 7 years without issue!

This goes so far beyond "customer support declining at scale." If lack of customer support means that critical integrations start to fail, that's not a customer support failure, that's a fundamental business failure.

Show context
droopyEyelids ◴[15 Sep 22 16:40 UTC] No.32854631[source]
It sucks this happened to you, but like with all the PayPal hate stories, I notice you're very careful not to describe what type of business you operate.
replies(7): >>32854678 #>>32854690 #>>32854761 #>>32854905 #>>32855298 #>>32856082 #>>32856905 #
mikece ◴[15 Sep 22 16:43 UTC] No.32854678[source]
Does it matter? PayPal and Stripe don't advertise that they will only do business with organizations with which they agree. To accept a business as a client for a mission critical service like payment processing and then summarily cancel or suspend service without notice should be able to be prosecuted the same as someone who vandalizes a physical storefront to the point they cannot open for business. This is non-trivial and PayPal and others are acting like rat bastards to accept a client, get them dependent, and then dump them without warning.
replies(6): >>32854721 #>>32854807 #>>32854844 #>>32855393 #>>32855539 #>>32860809 #
1. bagels ◴[15 Sep 22 16:45 UTC] No.32854721[source]
It does matter if it actually violates the TOS, or could be vaguely interpreted to do so I guess?
replies(4): >>32854757 #>>32854829 #>>32855966 #>>32856047 #
2. mikece ◴[15 Sep 22 16:47 UTC] No.32854757[source]
And how many times does a company claim you have violated TOS and then refuse to tell you how you violated the TOS? To act in this manner nullifies the TOS in my opinion.
replies(5): >>32854942 #>>32854984 #>>32854998 #>>32855018 #>>32855470 #
3. incone123 ◴[15 Sep 22 16:50 UTC] No.32854829[source]
They did say they had been running the business for several years and have prior discussions with Stripe about TOS on file.
replies(2): >>32854884 #>>32854966 #
4. snowwrestler ◴[15 Sep 22 16:53 UTC] No.32854884[source]
Ok but is that a green flag or a yellow flag?

How many companies using Stripe have had multiple conversations about the TOS? I would guess it’s a minority. Not a topic anyone is usually excited to talk about.

5. wpietri ◴[15 Sep 22 16:56 UTC] No.32854942[source]
It definitely sucks for the merchant companies ending up on the pointy end of the TOS. But you also need to consider the payment company side of things. They face a relentless tide of fraud and shady merchants. If they are too transparent about exactly how they detect a problem, that makes it much easier for the criminals, scam artists, and dodgy merchants to get around TOS enforcement.

The real culprits here are the people trying to violate the TOS, plus everybody's desire for cheap services and easy onboarding. The historical alternative was very expensive setup (e.g., spend a few years building a relationship with your local bank branch manager and establishing a financial track record). Making it easy to get started means that most problems will show up down the road, and the lower merchant costs means less money to pay for smart people to carefully untangle the truly dodgy from accounts that just look that way.

replies(1): >>32855596 #
6. scsh ◴[15 Sep 22 16:57 UTC] No.32854966[source]
The TOS can be updated/changed/clarified over time and they could end up falling outside of what they cover as a result. It's not great and sucks as a customer but it can happen.
7. iLoveOncall ◴[15 Sep 22 16:58 UTC] No.32854984[source]
Never. In 20+ years of using Internet I have never been banned unduly from any service.

I have seen way to many stories about people claiming to have been banned for no reasons from services (online video games are a popular one) before it is revealed the ban was 100% legitimate, to take any new story like this at face value.

replies(1): >>32855118 #
8. kube-system ◴[15 Sep 22 16:59 UTC] No.32854998[source]
Somewhere between occasionally and almost always, depending on the reason.

In most cases, you will not be given details if fraud is suspected. The reason being that companies don't want to tell fraudsters how they got caught.

9. irvingprime ◴[15 Sep 22 17:00 UTC] No.32855018[source]
Whether or not the TOS can be said to be legally nullified (not being a lawyer, I have no idea) canceling or suspending someone's account without telling them some kind of reason they can do something about is absolutely unethical.

It is also very common.

replies(1): >>32858262 #
10. mikece ◴[15 Sep 22 17:06 UTC] No.32855118{3}[source]
I was banned by PayPal once because I didn't sign up with an SSN or EIN and proceeded to make enough to trigger a review because they couldn't file a proper 1099-K on me. This was an oversight on my part and I offered to correct the situation by submitting any documentation they needed -- photo ID, SSN, prior year tax returns to PROVE that I was paying tax on the revenue coming from PayPal, the new LLC and EIN I had for that company's activity. They refused to update my account, told me to start over with a new account, and then similarly ban-hammered me again (probably because I started an account after getting banned even though it's what they told me to do!).

I made a mistake out of inexperience, was refused the chance to correct that mistake, and all of my PayPal accounts -- including my PERSONAL account that I had had for years -- were banned because they were started by a person (me) who had an account frozen or banned. Is that a legitimate enough story?

replies(2): >>32855189 #>>32855622 #
11. iLoveOncall ◴[15 Sep 22 17:10 UTC] No.32855189{4}[source]
No, not legitimate at all.

PayPal had banned me because I was under 18 when I opened my account, they then allowed me to open a new one (right after this one got suspended) and it has been working fine without any issue since then (10 years+).

Stop doing shady stuff.

replies(2): >>32855951 #>>32858544 #
12. adolph ◴[15 Sep 22 17:28 UTC] No.32855470[source]
Maybe there is a market for insurance to initiate a "Wrongful ToS Ban Lawsuit." I take no right/wrong position on the below gentleman but note that he did bring a lawsuit against Twitter for being banned and his account reinstatement coincides with a settlement of the suit. Right now the payment facilitators only have loss of an account in terms of incentive to reduce false positives in detecting fraud.

One year ago this month, Twitter permanently suspended a 340,000-follower account for “repeated violations of our COVID-19 misinformation rules.” The owner of that account, the former New York Times reporter and vaccine skeptic Alex Berenson, responded with a lawsuit demanding reinstatement. . . .

. . . Earlier this summer, Twitter put Berenson’s account back online, noting that “the parties have come to a mutually acceptable resolution.” Berenson wasted little time in calling out mainstream media for failing to cover the “pathbreaking settlement” that led to his return. . . .

https://www.theatlantic.com/technology/archive/2022/08/alex-...

13. JohnFen ◴[15 Sep 22 17:36 UTC] No.32855596{3}[source]
> If they are too transparent about exactly how they detect a problem, that makes it much easier for the criminals, scam artists, and dodgy merchants to get around TOS enforcement.

I get that, but I don't see how actually telling people what term of service was violated gives too much leverage to the bad guys.

replies(1): >>32856809 #
14. JohnFen ◴[15 Sep 22 17:37 UTC] No.32855622{4}[source]
But at least you knew why you got banned!
replies(1): >>32856231 #
15. ◴[15 Sep 22 17:58 UTC] No.32855951{5}[source]
16. toss1 ◴[15 Sep 22 18:00 UTC] No.32855966[source]
NO, it does not in this case

They can determine up front if it violates the TOS

They can notify the customer of the SPECIFIC violation IN DETAIL, and what can be done to cure it, and provide time to do so.

They can deny access to the transaction instead of nuking the entire business for some algorithmic flag.

The Stripes and PayPals of the world do NONE of this. Instead, they act like they accept almost all businesses, get them dependent on that piece of infrastructure, then willfully trash the business on a whim.

replies(1): >>32857118 #
17. Dylan16807 ◴[15 Sep 22 18:06 UTC] No.32856047[source]
The part where they said everything was fine and then re-locked so much a week later is completely unacceptable even if the business does violate the TOS.
18. mikece ◴[15 Sep 22 18:20 UTC] No.32856231{5}[source]
Only the first time. They never told me why my other accounts -- which were following all of the rules -- were frozen.
replies(1): >>32856952 #
19. wpietri ◴[15 Sep 22 18:54 UTC] No.32856809{4}[source]
Neither do I, but I wouldn't expect to see it without really understanding the bad actors and what they're up to. So this could be their best effort. Or it could be that they're just going with a blanket "say nothing" policy because it's too hard to create a more nuanced policy that the CSRs can apply consistently. Or it could just be laziness and a lack of customer focus. It's impossible to say from the outside.
20. mring33621 ◴[15 Sep 22 19:04 UTC] No.32856952{6}[source]
guilt by association
21. bagels ◴[15 Sep 22 19:14 UTC] No.32857118[source]
The type of business matters if we're trying to guess whether they violated the TOS or not.

I completely agree with you that how these companies handle these issues is completely wrong, if not fraudulent.

replies(1): >>32857934 #
22. toss1 ◴[15 Sep 22 20:19 UTC] No.32857934{3}[source]
I agree that in general, it matters.

However, by a long series of deliberate actions, Stripe has made it irrelevant to the fact that they are now deliberately, unilaterally, and with zero notice whatsoever shutting down that biz' critical infrastructure.

They could have, and should have as a part of KYC compliance, already figured out what type of business it is. If they failed at that, then fine, give them 60 days notice to find other infrastructure. Stripe is taking its OWN FAILURE to properly vet their customers according to their own standards and dumping the consequences onto the ex-customers. Sorry, but unless we're talking actual provable international criminal/autocratic money-laundering, that's just wrong.

23. nicce ◴[15 Sep 22 20:50 UTC] No.32858262{3}[source]
It is very common because it is not benefial for the company to clarify reasons. It includes many risks.

They can be proved to be incorrect, for exmpale if they refer into their own ToS, which is public information and binding. And then some legal expert says that this is not how it goes and it ends up into court, because customer sees risks being lower.

If they made a mistake or there was a software failure, it is bad PR.

If they ban someone for some specific reason but not someone else, there will be drama.

It is very beneficial to just say nothing.

24. wtetzner ◴[15 Sep 22 21:14 UTC] No.32858544{5}[source]
> Stop doing shady stuff.

If PayPal requires an SSN or EIN, why do they even allow you to create an account without one?

replies(1): >>32863051 #
25. iLoveOncall ◴[16 Sep 22 07:08 UTC] No.32863051{6}[source]
Because it doesn't require one. You can see the holes in OP's story. First he starts saying that he can give them an ID or his SSN and then all of a sudden it becomes a company account?

The guy can't keep his story straight for 3 lines on HackerNews, he is obviously doing stuff that he shouldn't and using his PayPal in a sketchy manner.