Hacker Neue

Preferences
johnhaddock parent
I’m the person leading the project to make sure that people have fewer bad experiences with Stripe. I’m not sure what is driving the uptick in posts on the subject to HN in particular (obviously we pay attention to broader online discussion in addition to monitoring our support systems, though we know it creates an incentive for people to publicize their situation).

On the topic of Stripe and these kinds of incidents more broadly, there’s a lot to say, but here are a few pieces of context that are probably relevant:

- We are a giant distributed bounty system for people to find interesting and scalable ways to defraud us.

- We’ve seen significant upticks in certain kinds of fraud over the past couple of months. When businesses default, Stripe takes on the loss. It’s worth noting that certain kinds of fraud, like card testing, can also have significant collateral costs for legitimate Stripe businesses, and our systems and processes are not only to protect Stripe itself.

- We are far from oblivious to the harm that mistakes in our systems can cause. (I interact with a lot of these cases personally.) One of my highest priorities is creating better appeals flows for when we’re wrong.

- We’ve shipped 7 substantial improvements just in the last 10 days that should meaningfully reduce the occurrence of false positives.

- Publicly-described facts of specific cases don’t always match the actual facts. Stripe is sometimes just wrong. (We made some mistakes that I feel bad about in one recent case and we ended up bringing the company’s founders to an all hands last week to make sure we learned as much as possible.) But users do also sometimes publicly misrepresent what’s going on. We’re also restricted by privacy rules to not share specifics in those cases.

- Stripe works with millions of businesses and we see all kinds of “rare” failure modes fairly frequently. (Disputes between staff at a business, business impersonation, businesses that start legitimate and go bad, and so on.)

- I’m working on a post to share some of our broader philosophy + policy changes that I hope to publish before the end of this year. In that, I’m also hoping we can share some relevant metrics. If HNers have any suggestions for things that might be useful to see covered (though obviously certain things can’t be publicly disclosed), feel free to suggest them.

Ultimately, we work hard to be worthy of the trust of businesses across the internet, and my personal mandate (supported by many others, from our cofounders down) is to find effective new ways of making mistakes less likely. “Uniformly good support at scale, in a highly adversarial environment, with very financially-motivated actors” is not easy, but I’m pretty confident that we can make a lot of progress.

It goes without saying we're working on a review of OP situation. I’m happy to take general questions as well. You can also always reach me directly at jhaddock@stripe.com.

thewebcount
To maybe add some constructive criticism to this thread, you say that you want to make sure that people have fewer bad experiences with Stripe. There is a common thread to each of these posts which neither you nor any of the other Stripe employees who post here ever seem to address. Namely, that it’s impossible to reach a human being who a) listens to what the actual problem is and b) can actually take any meaningful action to fix it. Several people have mentioned emailing your support and getting nonsensical replies back that have nothing to do with the question they asked or incident they referred to. Perhaps you have something broken in your support ticket routing and don’t realize it? Or perhaps your support people are not incentivized to do a reasonably good job? Or maybe you are relying too heavily or in the wrong places on automation? You can say that “uniformly good support at scale in a highly adversarial environment with very financially-motivated actors is not easy,” but that is what you signed up for when you decided to process payments. You’re basically stating that “the hard job we agreed to do is hard.” It’s unhelpful. You say you’re “pretty confident that we can make a lot of progress,” but if that were true, how did you get to where you are? What you’ve tried appears not to be working very well for a fair number of people, so maybe you should be less confident.
johnhaddock OP
Agree - there's multiple problems to solve (a) make incorrect actions exceedingly rare (b) correct them quickly (c) give people who reach out about them substantive help. Have major initiatives underway to improve on all 3. We're furthest along on (a), more to share soon. Interaction of (b)(c) is particularly complex, as we find the right way to make high-stakes decisions while being responsive to people asking for help (especially as we do the work to differentiate good and bad actors).
thot_experiment
I'm not sure what the disconnect here is, I'm pretty sure the answer is uncomplicated. You hire support people and train and pay them well. I get that this isn't some sort of sexy tech solution but like, that's what we want as customers. I don't really care about any of this crap, nobody cares. We want two things from you, we want to charge people's credit cards, and if something goes wrong we want to be able to TALK TO SOMEONE to get it sorted.

This is not hard. The thing we want is the confidence that if something goes wrong we'll be able to talk to someone who can help sort it out.

The uncertainty is the problem. You are not doing a good job of making me feel like you understand that.

draebek
How much more are you willing to pay for being able to reach a human? I don't know what Stripe's fees structure is typically, maybe put it in terms of a percentage on transactions? An additional 1% on transactions?
splonk
> Publicly-described facts of specific cases don’t always match the actual facts...users do also sometimes publicly misrepresent what’s going on. We’re also restricted by privacy rules to not share specifics in those cases.

Not affiliated with Stripe in any way, but I used to work on payment fraud detection on a comparable scale. I'd say this describes ~90% of the cases that I saw that got traction on social media with a good sob story. Many of them were egregiously misrepresented to the point where it was obvious that they were trying to run a scam and use public pressure to get some result that they clearly didn't deserve. It's quite frustrating in those cases where your model says they're 99% fraud, your domain experts who actually investigated the issue say it's 100% fraud, and your privacy/legal/strategy policy prevents you from just responding with "this is BS and here's why".

ZephyrBlu
I can only imagine how frustrating that is.

In this case with the person from Stripe responding that the situation isn’t straightforward and the OP sharing minimal details and not making any follow up comments I’d be inclined to side with Stripe here.

helaoban
Is hiring support staff so expensive that it threatens your business model? Not having access to a human being is an unacceptable business risk for many. I have been suffering a six-month integration / certification process with Chase's byzantine Merchant Services API. It's a parody how awful it is, I mean shockingly, amusingly bad, but I have access to bankers directly when something goes wrong, and so I will suffer it.

Can't you just offer paid, guaranteed support? People will gladly pay for it.

thot_experiment
What if, get this, instead of all this vague shit about doing better you just had a support team you could talk to without blowing up on twitter/hn?

If I wanted to charge people on the internet right now I would go with Authorize, even though I've used Stripe in the past and had good experiences. Now my understanding is that I pay for the convenience of the better API etc. with the inconvenience of being unable to talk to a human that can make decisions if something goes wrong, unless I get sufficient upvotes/retweets.

enraged_camel
My understanding is that in most cases of fraud, what customers are looking for (clear explanations for why the account was suspended, funds are being held, etc.) will simply not be possible, either due to legality, or that the company will intentionally withhold information so that the fraudsters won't figure out how to work around the protections. Obviously this hurts legitimate customers who get tripped up by the system, but at Stripe's scale that's probably the "price of doing business" as the saying goes.
johnhaddock OP
It's true that we can't be more specific about users in HN posts. But we do hear the legitimate feedback about getting more specific/helpful in sharing status with users where we've asked for more info from them (or when they are asking for more info/help from us). I don't think we've found the right balance in either case yet -- working on it.
benjaminwootton
This is all I want from any service that I buy from. Good, responsive support without scripted responses and black hole email addresses.

Surely that is even more important with a business critical payment provider?

I’ll forgive a lot if that is in place.

gruez
> This is all I want from any service that I buy from. Good, responsive support without scripted responses and black hole email addresses.

Many commenters in this thread are saying OP's account was frozen because of suspected fraud/money laundering. If that's true, what would "responsive support without scripted responses and black hole email addresses" entail?

slotrans
Telling the OP that this is the case. Offering them the opportunity to supply evidence to the contrary.

The standard line in cases like this (whether it's a frozen payments account, a rejected app, or a suspended social media account) is that you can't tell someone what rule they broke, because this gives too much informative feedback to actual malicious actors about how they got caught. I call bullshit. Until someone can demonstrate that this is an actual problem, I will believe it to be a fake problem, purely an excuse used by giant companies to justify their systematically hostile (and cheap) approach to customer service.

timmaxw
> Until someone can demonstrate that this is an actual problem, I will believe it to be a fake problem

If a payment processor suspects money laundering, it's illegal for them to tell the business that. Under anti-money-laundering legislation, this is considered a crime called "tipping off": https://onlinelibrary.wiley.com/doi/10.1002/9780470685280.ch...

(Disclaimer: Used to work at Stripe, but not on this particular area. Not an expert on either the law or Stripe's policies.)

tpxl
It is illegal to do so, but is it an actual problem?

This point is always repeated, and never proven.

unethical_ban
I don't have a dog in this fight, but FYI (and it's been said before and may be said again) that there are LEGAL requirements by the US federal government for banks to NOT tell customers the status/reason for frozen assets if they have been flagged for potential money laundering. That may be the case here, it may not, and I don't know if Stripe is regulated like that or not.
solardev
Yuck. This is the worst sort of corporate damage control speak I've ever seen on here. I was dubious about your company before, but after your post, I don't think I'll ever use you as a payment processor.

Cut the crap, please. Have the CEO step in and stop your broken automated flags. Put real humans in the appeals process and give them meaningful powers. Stop giving people the run around, and stop posting meaningless fluff.

WheatMillington
>I’m the person leading the effort to make sure that people have fewer bad experiences with Stripe.

No offence, but you're doing a bad job.

dang
Please don't cross into personal attack, regardless of how strongly you feel.

It's not in the community interest to drive away people who are posting about their work. For most of us, our work is what we know the most about—so that would be a strict loss of interesting discussion.

https://news.ycombinator.com/newsguidelines.html

JshWright
I took the GP comment to mean that Stripe recognizes they are doing a bad job hear and this individual is leading a (recent) initiative focused on addressing that.
unethical_ban
The person posts an essay on their perspective and that’s what you have to say?
tannedNerd
He’s not wrong. The length of the reply doesn’t make it good or worthy when most of it is wishy washy we’ll do better in the future we promise without any concrete steps to make that happen or metrics to prove so. In fact I would say he’s doing a bad job by the amount of stripe fucked me posts here recently.
luckylion
You don't hear about the positive outcomes of support cases, but you'll hear a lot about those that don't work out the way they're supposed to, and you'll also hear a lot about those where someone feels wronged even though they've misbehaved.

The complainer can also misrepresent the case, while Stripe cannot disclose how they see it. Making any assumptions about service quality on that base is not wise.

ZephyrBlu
You’re asking for a specific, concrete solution to an unsolved problem.

If it was just about executing I’m sure they would have done that by now.

What you call “wishy washy” is what I read as him laying out the problems on a high level.

unethical_ban
Yes, he was, and he was rightfully flagged and deleted for it. Do you expect a banking/legal/money laundering case to be aired out on HN? Come on.
zomglings (dead)

This item has no comments currently.