Most active commenters
  • johnhaddock(4)
  • unethical_ban(4)
  • (3)

←back to thread

Ask HN: Stripe holding funds for 120 days for no reason

158 points interesting_att | 34 comments | 22 Oct 22 15:43 UTC | HN request time: 1.455s | source | bottom

Hi Guys--

I started a Stripe account (even incorporated through them) for a basic graphic design and web design service business.

I process a few charges and even though I didn't get a single chargeback or dispute, Stripe decided to deactivate my account and said they would refund all the charges that were processed.

Which would have been fine with me. They said they would refund on Oct 17, but that date came and past. So I kept emailing.

Now they're saying they're holding all the funds for 120 days because of "elevated risk".

Which is insane because they have already withdrawn all the funds, meaning their risk would be zero if they refunded everyone.

I am beyond hurt and confused as I did need this money for my daughter. These decisions have real impacts on real families.

What do you do in this scenario? I have tried contacting support at Stripe but seems to be of no help.

1. johnhaddock ◴[22 Oct 22 18:52 UTC] No.33301001[source]
I’m the person leading the project to make sure that people have fewer bad experiences with Stripe. I’m not sure what is driving the uptick in posts on the subject to HN in particular (obviously we pay attention to broader online discussion in addition to monitoring our support systems, though we know it creates an incentive for people to publicize their situation).

On the topic of Stripe and these kinds of incidents more broadly, there’s a lot to say, but here are a few pieces of context that are probably relevant:

- We are a giant distributed bounty system for people to find interesting and scalable ways to defraud us.

- We’ve seen significant upticks in certain kinds of fraud over the past couple of months. When businesses default, Stripe takes on the loss. It’s worth noting that certain kinds of fraud, like card testing, can also have significant collateral costs for legitimate Stripe businesses, and our systems and processes are not only to protect Stripe itself.

- We are far from oblivious to the harm that mistakes in our systems can cause. (I interact with a lot of these cases personally.) One of my highest priorities is creating better appeals flows for when we’re wrong.

- We’ve shipped 7 substantial improvements just in the last 10 days that should meaningfully reduce the occurrence of false positives.

- Publicly-described facts of specific cases don’t always match the actual facts. Stripe is sometimes just wrong. (We made some mistakes that I feel bad about in one recent case and we ended up bringing the company’s founders to an all hands last week to make sure we learned as much as possible.) But users do also sometimes publicly misrepresent what’s going on. We’re also restricted by privacy rules to not share specifics in those cases.

- Stripe works with millions of businesses and we see all kinds of “rare” failure modes fairly frequently. (Disputes between staff at a business, business impersonation, businesses that start legitimate and go bad, and so on.)

- I’m working on a post to share some of our broader philosophy + policy changes that I hope to publish before the end of this year. In that, I’m also hoping we can share some relevant metrics. If HNers have any suggestions for things that might be useful to see covered (though obviously certain things can’t be publicly disclosed), feel free to suggest them.

Ultimately, we work hard to be worthy of the trust of businesses across the internet, and my personal mandate (supported by many others, from our cofounders down) is to find effective new ways of making mistakes less likely. “Uniformly good support at scale, in a highly adversarial environment, with very financially-motivated actors” is not easy, but I’m pretty confident that we can make a lot of progress.

It goes without saying we're working on a review of OP situation. I’m happy to take general questions as well. You can also always reach me directly at jhaddock@stripe.com.

replies(7): >>33301036 #>>33301240 #>>33301249 #>>33301348 #>>33301998 #>>33302054 #>>33314426 #
2. WheatMillington ◴[22 Oct 22 18:55 UTC] No.33301036[source]
>I’m the person leading the effort to make sure that people have fewer bad experiences with Stripe.

No offence, but you're doing a bad job.

replies(3): >>33301153 #>>33301393 #>>33304415 #
3. unethical_ban ◴[22 Oct 22 19:06 UTC] No.33301153[source]
The person posts an essay on their perspective and that’s what you have to say?
replies(2): >>33301200 #>>33301335 #
4. ◴[22 Oct 22 19:11 UTC] No.33301200{3}[source]
5. thot_experiment ◴[22 Oct 22 19:16 UTC] No.33301240[source]
What if, get this, instead of all this vague shit about doing better you just had a support team you could talk to without blowing up on twitter/hn?

If I wanted to charge people on the internet right now I would go with Authorize, even though I've used Stripe in the past and had good experiences. Now my understanding is that I pay for the convenience of the better API etc. with the inconvenience of being unable to talk to a human that can make decisions if something goes wrong, unless I get sufficient upvotes/retweets.

replies(3): >>33301333 #>>33301411 #>>33302047 #
6. johnhaddock ◴[22 Oct 22 19:25 UTC] No.33301313[source]
We’ve been investigating this case for the past 24 hours, and it's not straightforward. I can’t share more publicly here, but we’re in touch directly with OP.
replies(1): >>33301560 #
7. benjaminwootton ◴[22 Oct 22 19:27 UTC] No.33301333[source]
This is all I want from any service that I buy from. Good, responsive support without scripted responses and black hole email addresses.

Surely that is even more important with a business critical payment provider?

I’ll forgive a lot if that is in place.

replies(1): >>33301504 #
8. tannedNerd ◴[22 Oct 22 19:27 UTC] No.33301335{3}[source]
He’s not wrong. The length of the reply doesn’t make it good or worthy when most of it is wishy washy we’ll do better in the future we promise without any concrete steps to make that happen or metrics to prove so. In fact I would say he’s doing a bad job by the amount of stripe fucked me posts here recently.
replies(3): >>33301650 #>>33302073 #>>33311382 #
9. thewebcount ◴[22 Oct 22 19:29 UTC] No.33301348[source]
To maybe add some constructive criticism to this thread, you say that you want to make sure that people have fewer bad experiences with Stripe. There is a common thread to each of these posts which neither you nor any of the other Stripe employees who post here ever seem to address. Namely, that it’s impossible to reach a human being who a) listens to what the actual problem is and b) can actually take any meaningful action to fix it. Several people have mentioned emailing your support and getting nonsensical replies back that have nothing to do with the question they asked or incident they referred to. Perhaps you have something broken in your support ticket routing and don’t realize it? Or perhaps your support people are not incentivized to do a reasonably good job? Or maybe you are relying too heavily or in the wrong places on automation? You can say that “uniformly good support at scale in a highly adversarial environment with very financially-motivated actors is not easy,” but that is what you signed up for when you decided to process payments. You’re basically stating that “the hard job we agreed to do is hard.” It’s unhelpful. You say you’re “pretty confident that we can make a lot of progress,” but if that were true, how did you get to where you are? What you’ve tried appears not to be working very well for a fair number of people, so maybe you should be less confident.
replies(1): >>33301417 #
10. JshWright ◴[22 Oct 22 19:36 UTC] No.33301393[source]
I took the GP comment to mean that Stripe recognizes they are doing a bad job hear and this individual is leading a (recent) initiative focused on addressing that.
11. enraged_camel ◴[22 Oct 22 19:38 UTC] No.33301411[source]
My understanding is that in most cases of fraud, what customers are looking for (clear explanations for why the account was suspended, funds are being held, etc.) will simply not be possible, either due to legality, or that the company will intentionally withhold information so that the fraudsters won't figure out how to work around the protections. Obviously this hurts legitimate customers who get tripped up by the system, but at Stripe's scale that's probably the "price of doing business" as the saying goes.
replies(1): >>33301480 #
12. johnhaddock ◴[22 Oct 22 19:39 UTC] No.33301417[source]
Agree - there's multiple problems to solve (a) make incorrect actions exceedingly rare (b) correct them quickly (c) give people who reach out about them substantive help. Have major initiatives underway to improve on all 3. We're furthest along on (a), more to share soon. Interaction of (b)(c) is particularly complex, as we find the right way to make high-stakes decisions while being responsive to people asking for help (especially as we do the work to differentiate good and bad actors).
replies(2): >>33301535 #>>33301656 #
13. johnhaddock ◴[22 Oct 22 19:46 UTC] No.33301480{3}[source]
It's true that we can't be more specific about users in HN posts. But we do hear the legitimate feedback about getting more specific/helpful in sharing status with users where we've asked for more info from them (or when they are asking for more info/help from us). I don't think we've found the right balance in either case yet -- working on it.
14. gruez ◴[22 Oct 22 19:48 UTC] No.33301504{3}[source]
> This is all I want from any service that I buy from. Good, responsive support without scripted responses and black hole email addresses.

Many commenters in this thread are saying OP's account was frozen because of suspected fraud/money laundering. If that's true, what would "responsive support without scripted responses and black hole email addresses" entail?

replies(1): >>33301775 #
15. ◴[22 Oct 22 19:51 UTC] No.33301535{3}[source]
16. throwawayacc2 ◴[22 Oct 22 19:54 UTC] No.33301560{3}[source]
OP can you lay out your version of the events please? And also give written permission to the Stripe guy to lay out his version? I want to see how the two compare. Feel like watching some drama this evening.
replies(1): >>33301626 #
17. dymk ◴[22 Oct 22 20:01 UTC] No.33301626{4}[source]
OP giving written permission to Stripe is going to result in exactly nothing detailed being posted here by Stripe.
18. luckylion ◴[22 Oct 22 20:02 UTC] No.33301650{4}[source]
You don't hear about the positive outcomes of support cases, but you'll hear a lot about those that don't work out the way they're supposed to, and you'll also hear a lot about those where someone feels wronged even though they've misbehaved.

The complainer can also misrepresent the case, while Stripe cannot disclose how they see it. Making any assumptions about service quality on that base is not wise.

replies(1): >>33304102 #
19. thot_experiment ◴[22 Oct 22 20:03 UTC] No.33301656{3}[source]
I'm not sure what the disconnect here is, I'm pretty sure the answer is uncomplicated. You hire support people and train and pay them well. I get that this isn't some sort of sexy tech solution but like, that's what we want as customers. I don't really care about any of this crap, nobody cares. We want two things from you, we want to charge people's credit cards, and if something goes wrong we want to be able to TALK TO SOMEONE to get it sorted.

This is not hard. The thing we want is the confidence that if something goes wrong we'll be able to talk to someone who can help sort it out.

The uncertainty is the problem. You are not doing a good job of making me feel like you understand that.

replies(1): >>33305063 #
20. slotrans ◴[22 Oct 22 20:14 UTC] No.33301775{4}[source]
Telling the OP that this is the case. Offering them the opportunity to supply evidence to the contrary.

The standard line in cases like this (whether it's a frozen payments account, a rejected app, or a suspended social media account) is that you can't tell someone what rule they broke, because this gives too much informative feedback to actual malicious actors about how they got caught. I call bullshit. Until someone can demonstrate that this is an actual problem, I will believe it to be a fake problem, purely an excuse used by giant companies to justify their systematically hostile (and cheap) approach to customer service.

replies(1): >>33301977 #
21. timmaxw ◴[22 Oct 22 20:35 UTC] No.33301977{5}[source]
> Until someone can demonstrate that this is an actual problem, I will believe it to be a fake problem

If a payment processor suspects money laundering, it's illegal for them to tell the business that. Under anti-money-laundering legislation, this is considered a crime called "tipping off": https://onlinelibrary.wiley.com/doi/10.1002/9780470685280.ch...

(Disclaimer: Used to work at Stripe, but not on this particular area. Not an expert on either the law or Stripe's policies.)

replies(1): >>33302007 #
22. helaoban ◴[22 Oct 22 20:38 UTC] No.33301998[source]
Is hiring support staff so expensive that it threatens your business model? Not having access to a human being is an unacceptable business risk for many. I have been suffering a six-month integration / certification process with Chase's byzantine Merchant Services API. It's a parody how awful it is, I mean shockingly, amusingly bad, but I have access to bankers directly when something goes wrong, and so I will suffer it.

Can't you just offer paid, guaranteed support? People will gladly pay for it.

23. tpxl ◴[22 Oct 22 20:38 UTC] No.33302007{6}[source]
It is illegal to do so, but is it an actual problem?

This point is always repeated, and never proven.

24. unethical_ban ◴[22 Oct 22 20:42 UTC] No.33302047[source]
I don't have a dog in this fight, but FYI (and it's been said before and may be said again) that there are LEGAL requirements by the US federal government for banks to NOT tell customers the status/reason for frozen assets if they have been flagged for potential money laundering. That may be the case here, it may not, and I don't know if Stripe is regulated like that or not.
25. splonk ◴[22 Oct 22 20:43 UTC] No.33302054[source]
> Publicly-described facts of specific cases don’t always match the actual facts...users do also sometimes publicly misrepresent what’s going on. We’re also restricted by privacy rules to not share specifics in those cases.

Not affiliated with Stripe in any way, but I used to work on payment fraud detection on a comparable scale. I'd say this describes ~90% of the cases that I saw that got traction on social media with a good sob story. Many of them were egregiously misrepresented to the point where it was obvious that they were trying to run a scam and use public pressure to get some result that they clearly didn't deserve. It's quite frustrating in those cases where your model says they're 99% fraud, your domain experts who actually investigated the issue say it's 100% fraud, and your privacy/legal/strategy policy prevents you from just responding with "this is BS and here's why".

replies(1): >>33302159 #
26. ZephyrBlu ◴[22 Oct 22 20:46 UTC] No.33302073{4}[source]
You’re asking for a specific, concrete solution to an unsolved problem.

If it was just about executing I’m sure they would have done that by now.

What you call “wishy washy” is what I read as him laying out the problems on a high level.

27. unethical_ban ◴[22 Oct 22 20:47 UTC] No.33302080[source]
It is mind-bogglingly hilarious how many people in this thread think banks do this stuff for fun, or are even legally allowed to talk about a case. The fact that Stripe people are even in this thread, frankly, is huge.

Just because the person you're talking to is a representative of a scolded vendor does not give you the right to be a jackass.

28. drivebycomment ◴[22 Oct 22 20:52 UTC] No.33302130[source]
> What are you doing to solve OPs problem?

That assumes the OP's problem deserves to be solved. We have no way of knowing that unfortunately, as there's non trivial chance OP did something not quite kosher knowingly or unknowingly.

29. ZephyrBlu ◴[22 Oct 22 20:55 UTC] No.33302159[source]
I can only imagine how frustrating that is.

In this case with the person from Stripe responding that the situation isn’t straightforward and the OP sharing minimal details and not making any follow up comments I’d be inclined to side with Stripe here.

30. ◴[23 Oct 22 02:42 UTC] No.33304102{5}[source]
31. dang ◴[23 Oct 22 03:47 UTC] No.33304415[source]
Please don't cross into personal attack, regardless of how strongly you feel.

It's not in the community interest to drive away people who are posting about their work. For most of us, our work is what we know the most about—so that would be a strict loss of interesting discussion.

https://news.ycombinator.com/newsguidelines.html

32. draebek ◴[23 Oct 22 06:44 UTC] No.33305063{4}[source]
How much more are you willing to pay for being able to reach a human? I don't know what Stripe's fees structure is typically, maybe put it in terms of a percentage on transactions? An additional 1% on transactions?
33. unethical_ban ◴[23 Oct 22 23:40 UTC] No.33311382{4}[source]
Yes, he was, and he was rightfully flagged and deleted for it. Do you expect a banking/legal/money laundering case to be aired out on HN? Come on.
34. solardev ◴[24 Oct 22 09:16 UTC] No.33314426[source]
Yuck. This is the worst sort of corporate damage control speak I've ever seen on here. I was dubious about your company before, but after your post, I don't think I'll ever use you as a payment processor.

Cut the crap, please. Have the CEO step in and stop your broken automated flags. Put real humans in the appeals process and give them meaningful powers. Stop giving people the run around, and stop posting meaningless fluff.