All 3 of those identifiers can be easily changed by advanced users. I'm curious what you mean by fingerprint their access. Is this like an on demand fingerprinting, I've only seen browser fingerprinting as a tracker for every user.
At this point I’m fairly convinced Stripe is Paypal 2.0, at least in spirit:
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
> They told me they don’t use evidence of chargeback abuse from one merchant to create cross-merchant fraud signals, or to take action against the customer’s card, email, or other details for other merchants.
I'm quite surprised they were able to get Stripe to actually state all of this clearly. Its nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
Stripe obviously records data around friendly fraud, (At minimum they implement Visa Compelling Evidence 3.0 https://support.stripe.com/questions/how-does-stripe-support... ) and since you did not include screenshots of the messages sent by Stripe support I suspect they were saying something carefully noncommittal and legally compliant to get you to go away, which then got spun into an outraged blog post.
> Stripe obviously records data around friendly fraud
My only nit with Stipe is they don't allow me to delete card details for an ongoing subscription I don't plan to renew and already set it not to renew on the service billing page.
That link says the customer's undisputed transactions 4 - 12 months ago with you may establish their disputed transaction was actually legitimate, but the article is about someone who only made disputed purchases within a week or two.
What's your point? Do you think it matters what stripe said? What is something that they could've said that wouldn't have justified the outraged blog post?
The author thinks it matters what Stripe said, since they chose to use it as the title for their blog post. To the extent that it was just meant to be a lament that it's hard to be a small online merchant in an era of strong consumer protections, sure, I sympathize. But they seem to think it's a problem with Stripe that could be fixed if Stripe behaved better.
I got hit with a fraudulent chargeback (claim was the purchase was unauthorized and the person showed up in person to a class) and it was doubly bad because they paid via Link which means that Stripe actively verified them via 2FA.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
Do you imagine someone got a stolen credit card, made a linkedin with that name, used the card to attend a live class under the fake ID, or are you just doing the classic hacker news aaaaactually?
Comments like this have ruined this site. We all know that’s never happened once in history.
I don't know this is the reason, but if I were asked to build such a system, I'd be pretty worried that it constitutes a consumer report under the terms of the Fair Credit Reporting Act.
Certainly I wouldn't want the inevitable news drama about it. "I'm just a poor innocent grandma, I'm a trusting person when it comes to Facebook ads, and Stripe punished me for getting scammed by banning me from half the stores on the Internet!"
There aren't any screenshots of conversations with Stripe support in the blog post, but I'm guessing one other reason is that support agents are incentivised to close tickets or end conversations as quickly as possible.
I had a customer do something similar with a thousand-dollar product. They had signed for delivery and provided no evidence, but banks always side with the customer.
Nothing, it’s a 5% bobcat problem. The card processors can force the merchants to eat it and there’s nothing you can do save not accepting cards, which loses you the other 95% of the market.
I'm not going to name those countries outright but you should never ever be launching globally until you have these safeguards in place.
Once you are known to be vulnerable to a certain scheme, it quickly becomes known in that region/country.
Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society.
As a rule of thumb, when you get a chargeback you need to completely ban the customer from your db. This includes:
- card ban - email address ban - fingerprint their access and ban
This will save you a lot of hassle when they try to signup/buy your product again and cause you the same amount of grief.
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
I'm quite surprised they were able to get Stripe to actually state all of this clearly. Its nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
If their total dismissal of the problem is itself deception, that's not a particularly big improvement!
My only nit with Stipe is they don't allow me to delete card details for an ongoing subscription I don't plan to renew and already set it not to renew on the service billing page.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
Certainly a person showed up in person to a class, but how do you know it was the person whose credit card was used?
Comments like this have ruined this site. We all know that’s never happened once in history.
Certainly I wouldn't want the inevitable news drama about it. "I'm just a poor innocent grandma, I'm a trusting person when it comes to Facebook ads, and Stripe punished me for getting scammed by banning me from half the stores on the Internet!"
https://xkcd.com/325/