As a rule of thumb, when you get a chargeback you need to completely ban the customer from your db.
This includes:
- card ban
- email address ban
- fingerprint their access and ban
This will save you a lot of hassle when they try to signup/buy your product again and cause you the same amount of grief.
Exploiters easily get around this. its a small group of people doing all of the abuse.
All 3 of those identifiers can be easily changed by advanced users. I'm curious what you mean by fingerprint their access. Is this like an on demand fingerprinting, I've only seen browser fingerprinting as a tracker for every user.
if i had a dollar for every time a developer “perfect is the enemy of good”’d me
Nice try, chargebacker! ;)
I try to pay with Monero, so I can't chargeback :)
You'd better be promptly responsive to legitimate customer support inquiries if you are going to have a policy like that
This comment struck a nerve with me and perhaps you didn't mean it in this way but:
Yes, many of us are incredibly responsive to customer support inquiries (I have a <1hr response time unless you send in a ticket when I'm sleeping) and it doesn't matter. Fraudsters gonna fraud. This isn't a case of "they asked for a refund, we refused, they issued a chargeback", it's a case of a scammer being a POS.
I've dealt with my fair share of chargebacks and in every case I've seen it's someone being a jerk and never a legit case.
The fact that Stripe won't help you, the banks don't care about all the evidence you have, and you end up out the money for the product _and_ you get hit with a chargeback fee on top of it is madness. I could literally have video of the person holding up their ID saying "I XXXXX agree to pay YYYY" and banks would still side with a the scummy scammers.
I have, quite literally, never had someone reach out via support and then file a chargeback later. They do it without reaching out, probably because they are a trash person and they have no interest in getting anything fixed and are just scammers.
Use DeviceCheck if iOS app too. Uber does this to ban across accounts
That's an interesting idea. The sad thing is, the money lost through chargebacks is minimal for me in the grand scheme of things but it makes me irate enough to potentially spend the development time (that will never have a positive ROI) on adding in something like this just to stick it to the scammers.
It is at least very simple to implement. It's a simple API. Useful capability for banning abusive users too if you have social elements or other abuse vectors besides payment.
Great, another thing to worry about when buying a used phone: Did any of the previous owners get banned by any of the apps I intend to use on it?
I imagine most fraudsters wouldn't be using iOS. I'm curious if the android app fingerprinting solutions go cross user profile.
As far as I know, DRM systems like Widewine have IDs that cross user profile lines.
> They told me they don’t use evidence of chargeback abuse from one merchant to create cross-merchant fraud signals, or to take action against the customer’s card, email, or other details for other merchants.
I'm surprised they were able to get Stripe to actually state all of this clearly. It's nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
No, vagueness gets me much more upset, but there's just nothing to write about in those cases.
Then it's probably worth being aware that you're an outlier, because companies sure aren't being vague for the hell of it.
>No, vagueness gets me much more upset, but there's just nothing to write about in those cases.
I think this hits on the spirit behind GP's point. Clarity, leading to an article like the one posted, gets more people upset. The equation (Upset/People x People) results in a larger number -- people, as a whole, are more upset.
>But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
If a company is vague, there's nothing to write about, one person (maybe) gets more upset than they would have facing clarity.
But if the company is clear, there is something to write about, and an article like the one posted makes people, overall, more upset.
I don't see many people upset at Stripe over this, I certainly am not.
No. This is what you’re saying because you want to plead your case to find out as much as you can. Saying less works. Everyone knows this, because it’s true. You just don’t like it.
No. I would have been far more upset about a vague response. I was still upset that they don't do anything about it.
(it took a bit of back-n-forth to get a clear answer, but I did get a clear one. Their support is still excellent from my experience and communicate well)
I dealt with millions of dollars in chargebacks with Stripe. We sold tickets, they're easy to re-sell and our customers were tourists visiting shows from all over the world.
Stripe Radar was not a good product. It would score large numbers of very suspect transactions at a risk level of 1 or 2 (out of 100). I don't have an ML background, but something about their methodology was just flawed. It behaved as if there was a wire loose in it. Unfortunately, I don't think they're very incentivized to care.
The customer screwed you over, and then their bank did too. Stripe didn't. I'm not sure why Stripe is getting blamed in the title and the article.
Yeah, maybe Stripe could do more without Radar, but I imagine it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint. Obviously a lot could go wrong with such an approach.
Yes. But Stripe didn't do anything to prevent the next merchant from falling into the same trap. They had all the evidence, and ignored it.
That was the point I tried to make with my blog post. And yes, if it was too easy for merchants to block consumers, that won't be fair either. But surely there's a middle ground here.
Stripe very explicitly told me that they don't do anything with such reports. It's simply ignored.
Stripe did the right thing here.
They cannot be arbitrators of every little edge cases that comes up. That's not their role.
Also I just wanna throw some praise at Stripe Support. They have an excellent team and go above and beyond to help.
Agree on Stripe support. They're excellent.
I don't think Stripe did the right thing here. They can do better to protect their own customers.
stripe serves both sides of the transactions they process, seller and buyer.
if buyers were to perceive stripe as being dificult, they might churn. i certainly do this on paypal pages.
> They cannot be arbitrators of every little edge cases
Is this an edge case? It looks like your standard chargeback fraud accompanied by a pile of evidence. What does a common case look like in contrast?
We should expect this to become even more rampant given the ease of clicking a chargeback button and the apparent lack of repercussions.
If not Stripe (in this case), then who's serving that role?
They (Stripe) don't have to be a arbitrator of every edge case, just use the information they have that merchants want to give them and surface a risk signal back to merchants, then it can be up to the merchant what level of risk they are happy with for each customer.
It doesn't seem like an unreasonable ask frankly.
No, Stripe did. It is a common misconception that chargebacks are decided by the customer's bank. Actually, there is a multiple cycle back-and-forth process after which they are finally decided by _the network_.
I have worked in card issuing for years and I have seen various submissions by merchants I know that use Stripe where I _know_ that they have an absolute winning case under the network rules that Stripe refuse to contest.
Stripe have decided that fighting most chargebacks is not worth the money, probably becasue they can just pass the costs onto the merchants and let them eat them and the merchants will not go elsewhere.
> it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint
“You probably don’t want a system where one annoyed merchant can get someone blocked across the whole Stripe payment system. But there’s a pretty big gap between “automatically block this person everywhere” and “thanks for the screenshots, please consider Radar”, and this is where it gets frustrating.”
There is no gap between those things. Any fraud signal at all either causes people to get blocked, then it's a cross-merchant block, or it doesn't cause people to get blocked, then it's useless.
One thing that is so painful with Stripe is the Disputes because no matter how much evidence I show, even emails with the user claiming they did it because of X, Y, Z. ToS not upheld, etc, the customer always wins.
For me, I do a cheap subscription (4$/mon, first month 2$) and one dispute costs me like 20-30$. So that one person wipes a ton of profit from me. I always try to refund them (but you can't refund a customer with a dispute in effect).
Stripe is great to get going, but has a lot of painful points.
Does Stripe have any published stats on the ratios? Did any merchant ever won such a Stripe dispute?
At this point I’m fairly convinced Stripe is Paypal 2.0, at least in spirit:
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
That’s just the nature of these industries.
1) Incumbent is slow, clunky, unpleasant to deal with due to years of accumulated constraints to deal with
2) Newcomer can differentiate themselves by being nimble and pleasant to work with, taking market share
3) Over time newcomer has to deal with increasing amount of scrutiny, fraud, overhead, CYA type practices, etc
4) Newcomer is now incumbent, goto 1)
Who do you recommend as an alternative?
Nowpayments is good for an easy crypto payment gateway.
No affiliation, I've just seen them used–it would be better if you self-hosted a BTCPay server.
I don’t have one at the moment, at least for my circles (artisans, craftspeople, adult creators in general). Much of it has fallen back on PayPal for folks without an LLC to hide behind, or Square if they’re incorporated as a business. The trick has been discretion and operating in a gray area: “novelty goods”, “graphic design work”, and “outerwear” as item descriptors or db entries, obscuring the actual content without actually lying or deceiving the payment processor.
Most paypros, most of the time, won’t look too hard unless there’s a problem or you’re tripping some internal security measure (like raking in a lot of cash in weird amounts). Of late they’ve been more intrusive due to some weird eTeen puritans, but that’s quieting down again as they remember they like making money, and throwing legal content off their platforms can very quickly cause an exodus of customers looking to avoid having their funds seized.
That's pretty clearly deceiving. Would expect to run into problems with that kind of approach regardless of the specific payment processor -- everyone has T&C that you must follow.
Problems occur either way due to a lack of regulations on these entities allowing them to dictate acceptable financial transactions regardless of actual legality. Consider the risk matrix:
* You sell legal goods or services and are entirely honest about them to the paypro; if the T&Cs change down the line, your honesty makes you a prime target for having your funds seized and ability to process transactions terminated first, posing an existential threat to your business with no reward for your honesty
* You sell legal goods and services, but don’t volunteer extraneous details about them since that’s not the business of a paypro. Should the T&Cs change, your obscurity buys you time to adapt or seek alternatives before inevitably being caught up in the paypro’s internal surveillance measures.
* You sell legal goods and services, but assume your paypro is hostile from the get go regardless of the T&Cs and hand over the minimal information necessary to process a transaction. You have maximum time to find alternatives should the T&Cs change, because your baseline operations make it that much harder to identify your transactions down the line.
Honesty is inevitably punished while obscurity is rewarded, at least for a time. It’s also worth pointing out the hypocrisy of needling paypro users to follow arbitrary and changing rules of the paypro but allowing said paypros to reject legal transactions for whatever reason they wish or selectively comply with laws because they’re “fintech” and not banks or payment card networks: why should users face more onerous restrictions than the paypro themselves?
Ultimately the solution is the same one we’ve been parroting for years ever since PayPal arbitrarily changed their T&Cs to try booting adult creators off its platform: government regulations barring these entities outright from refusing any legal transaction. It’s part of the playbook at this point for tech companies in light of its success: court adult content creators and communities to grow the platform, then shut them out once there’s money to be made.
I got hit with a fraudulent chargeback (claim was the purchase was unauthorized and the person showed up in person to a class) and it was doubly bad because they paid via Link which means that Stripe actively verified them via 2FA.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
Yeah, though this rule sounds a bit tricky. Like what if someone legitimately had their card abused.
The thing that gets me is that Stripe boasts about their machine learning radar rules etc etc, but somehow can't feed it actually valuable data.
Stripe support saw the emails from the customer boasting about defrauding me, they completely agreed that this is a clear case of friendly-fraud, but did nothing with this info.
Stripe can’t do anything per the way CCs work. Asking for that to change is a big ask. Asking my vendor to help me not do business with people who are likely to scam me is a smaller one.
100% agree. They cannot reverse the dispute. I already lost the money. I understand.
But Stripe is exactly in a position to at least use the evidence I provided (in this case, the evidence included the customer clearly admitting to friendly fraud), and feed it into their fraud-prevention system in some way. This way, lots of signals can help protect merchants from friendly fraudsters. So yes, I see it as a pretty small and legit ask from Stripe.
I don't know this is the reason, but if I were asked to build such a system, I'd be pretty worried that it constitutes a consumer report under the terms of the Fair Credit Reporting Act.
Certainly I wouldn't want the inevitable news drama about it. "I'm just a poor innocent grandma, I'm a trusting person when it comes to Facebook ads, and Stripe punished me for getting scammed by banning me from half the stores on the Internet!"
If your card is actually stolen then you should have the card number changed to prevent additional fraud and then the disputes would be against the old card number rather than the new one, right?
If your card is stolen you should, but not necessarily if you fall for a Facebook ad that ships you a pile of rocks or a paper photo of the product you thought you bought.
Isn't that exactly when you should have your card number changed? You gave your card info to a blatant fraudster. If they're willing to ship you a pile of rocks then there's a significant chance they're willing to use the card info you gave them to make fraudulent purchases.
claim was the purchase was unauthorized and the person showed up in person to a class
Certainly a person showed up in person to a class, but how do you know it was the person whose credit card was used?
It matched their LinkedIn photo.
[flagged]
While funny, I literally just used my LinkedIn picture in a legal case of mistaken identity on behalf of a US state.
Not kidding.
Do you imagine someone got a stolen credit card, made a linkedin with that name, used the card to attend a live class under the fake ID, or are you just doing the classic hacker news aaaaactually?
Comments like this have ruined this site. We all know that’s never happened once in history.
If you care about the quality of the site, consider the guidelines about not responding to a bad comment with a worse one and not griping about how HN has gotten terrible or turned into reddit or what there you. Downvote, flag, and move on to better discussion, and you'll spend a lot more time engaging and contributing to good discussions.
Contributing to good discussions is the highest leverage way to promote the quality of the site. Spending time in poor discussions is what makes it feel like HN has gone to crap.
Fair point. I think we’ve all tried that and it isn’t working, and pointing out to people they’re being annoying could help.
But probably won’t, so you’re probably right.
Their business model is to allow as many possible "valid" transactions, not to serve their "clients". They're a PSP...
This is just fraud.
"Friendly fraud" is accidental or with the correct intentions – such as the customer not recognising the charge and charging back.
Genuinely not recognizing a charge is not fraud, as that to me requires intent (or at least gross negligence, e.g., something like "I'll just dispute everything I don't remember, and not make a particularly good effort to remember anything at all").
"Just fraud" is already taken for "criminal c uses unwitting cardholder a's card at unwitting merchant b", so what's your objection against "fiendly fraud"?
This is the point. You could file criminal charges. You could win in civil court.
Yes, and Stripe could do much better to prevent it. And doesn't.
What would you like them to do?
Even in the post you're wishy washy about what you want. They offer a product that does enhanced fraud detection but you don't like that. You correctly call out that there's major risks with taking a merchant's report and using it to flag a user's future transactions.
There are similar offerings from other companies. I don't know if bundling this with payment processing is common.
They could, but this isn't discussed in the blog post. The post is about literal fraud, which has a very different recourse for the merchant.
Solid post. The key takeaway for me was Stripe admitting they won't use post-dispute evidence of friendly fraud to build cross-merchant signals in Radar. That, plus the customer literally bragging about it after winning the chargeback, shows how lopsided the system is against indie sellers. Thanks for sharing.
Stripe obviously records data around friendly fraud, (At minimum they implement Visa Compelling Evidence 3.0 https://support.stripe.com/questions/how-does-stripe-support... ) and since you did not include screenshots of the messages sent by Stripe support I suspect they were saying something carefully noncommittal and legally compliant to get you to go away, which then got spun into an outraged blog post.
Happy to share their responses verbatim. It was a rather long back-n-forth. Here's a snippet from the latest email, which I think makes it clear that they do not use the evidence I provided:
I can assure you that I will take note of your feedback and pass it to our team. Your point about post-transaction abuse detection is valid - while Stripe has robust network-level fraud detection, there does appear to be a gap in utilizing merchant-provided evidence of confirmed fraud to protect the broader merchant ecosystem. This type of feedback from merchants who have direct evidence is valuable for improving these systems.
Theres no gotchas in the quoted text, but curious if you got the impression from your emails that any of it was.. AI generated?
The camber, affirmation, word choice, triplet phrase... leaves me wondering. But without a smoking gun its hard to know if a model call was fired.
Yes most of the communication felt rather LLM assisted or generated. Though to be fair Stripe from my experience always had emphatic support and well written responses. In a way they probably set the gold standard that AI support now mimics.
> I suspect they were saying something carefully noncommittal and legally compliant to get you to go away
If their total dismissal of the problem is itself deception, that's not a particularly big improvement!
The problem is that, as patio11 once described in detail (https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...), there are genuine tradeoffs here that people get outraged by the mention of. How many legitimate sales should Stripe block in order to more effectively fight this kind of fraud? Merchants don't want to hear it, and consumers don't either. So financial companies invariably conclude that it's better to raise the question only in careful, indirect ways which could not be misinterpreted as a statement that fraud is good or OK or acceptable.
That's a reasonable argument for general money processing, but it's far weaker when you sell an anti-fraud product and try to get every transaction to give you a cut to use it.
And if they had even a little skin in the game they would care about such low-hanging fruit. You don't want a guy that's insulated from the consequences to be in charge of the [anti-]fraud dial.
That link says the customer's undisputed transactions 4 - 12 months ago with you may establish their disputed transaction was actually legitimate, but the article is about someone who only made disputed purchases within a week or two.
> Stripe obviously records data around friendly fraud
My only nit with Stipe is they don't allow me to delete card details for an ongoing subscription I don't plan to renew and already set it not to renew on the service billing page.
What's your point? Do you think it matters what stripe said? What is something that they could've said that wouldn't have justified the outraged blog post?
The author thinks it matters what Stripe said, since they chose to use it as the title for their blog post. To the extent that it was just meant to be a lament that it's hard to be a small online merchant in an era of strong consumer protections, sure, I sympathize. But they seem to think it's a problem with Stripe that could be fixed if Stripe behaved better.
Author here. What makes you think Stripe cannot do better here?
Stripe has a customer's bank saying "the customer says they didn't make this payment" and you saying "the customer told me they did make this purchase and got the item and they're making fun of me".
They have no way to know if your evidence is real, any more than the bank has a way to know if their customer's evidence is real. Either one (or both) of you could be full of shit.
In that world, what would you like Stripe to do better?
What do they feed into their Radar machine learning system? surely there are lots of signals to use here. I'm not saying take only my word and ban this customer forever.
But they have my record as a merchant (successful charges, chargebacks, disputes etc), they have the payer record as a consumer (payments, chargebacks etc), when a merchant submits a dispute, they provide evidence. I provided evidence from DHL that the product was delivered.
No single piece of data is enough on its own, but Stripe is in a perfect position to use all those pieces to be able to better detect fraud.
Yet they explicitly do not use this data at all.
Based on the quote you provided, the CSR was very specific that what they don't use is merchant-provided evidence. They didn't say they don't leverage information about chargebacks or other disputes.
and that’s my complaint on the blog post. They should use these data points too.
I assume that this is basically just not worth pursuing for small-scale orders (e.g. $15ish for Ciglue), but for larger ones what are the reasonable approaches for scenarios that don't involve stolen card fraud?
Notably disputing a credit card charge is completely independent of whether someone owes the debt, the credit card is simply a convenient way for that payment to be handled. What's the point where other collection methods make sense? As an example, if you're consulting for someone and they pay you $x,xxx via card then charge it back, at least in most of the US I believe it's legal for you to do your own collection efforts and contact them repeatedly (this changes if you sell the debt and it's a third party attempting collections).
Correct, the debt is still valid.
You can try to collect through persistence, or take them to court, get a judgment, and then a court ordered collection. It all depends on the value of your time.
I’ve heard rumors that some merchant agreements with processors may include arbitration clauses for recovering chargebacks, but I’ve never seen it personally.
There aren't any screenshots of conversations with Stripe support in the blog post, but I'm guessing one other reason is that support agents are incentivised to close tickets or end conversations as quickly as possible.
So I can crack open a Backwoods, stick my weed in there, and then glue back together with Ciglue? That's pretty cool.
Thank you. Haha, yes. My product is focused on cigar repair, but I know some weed smokers that use cigar glue (mine or other brands) for blunts.
i went the other way, and already repaired more than one dropped cig with a good sheet of pure cellulose wrapping paper. I cannot imagine someone buying a glue for that. but I'm not german.
It’s sold in 20+ countries around the world, not just Germany.
If you’re talking about premium cigars, using paper is possible but kinda ugly. The glue is similar to what rollers use when rolling cigars in the factory. It works well and fits well with the cigar smoking experience.
You don’t have to buy (my) glue. You can make your own and I even share recipes on the website. Ciglue however offers convenience with the dispenser and integrated brush and glue.
(wasn’t expecting to get into details about my product on HN but love how diverse the community is)
Stripe is a payment gateway, not an anti-fraud solution. I'd recommend using services such as wyllo or Signifyd for anti-fraud. They will pre-filter against network intelligence signals, and if they approve the transaction, will guarantee your funds, even if a chargeback is lost, and even if you lose.
All of these may result in you bringing in less $ overall, so it really depends on how much each fraud case costs you, but you could (off the top of my head):
- Enable always checking CVV
- Require 3DS
- Ban a card after N disputes
- Ban an email/other identifier after N disputes
- Ban certain payment methods, banks etc
- Add a visible or invisible captcha to fight automated abuse/card testing
I suspect Stripe walks a fine line where they want to help you prevent fraud, but they also want to avoid vendors complaining to them that their customers can’t pay.
Context: I worked on a payments team for a short while.
None of the technical measures you mentioned are relevant with “friendly fraud”. And that’s exactly the problem that Stripe doesn’t solve. And doesn’t want to help merchants fight against.
I help a lot of client with their ecommerce websites (mostly WooCommerce), attacks became so common recently, could be AI, but I found the best way to deal with this is to trace the patterns in access log and block the same patterns of checkout submission, this have worked really well for me. There are a lot of card testing attacks that Stripe doesn't care to handle as well as a lot of other fraud techniques, but there is always a pattern, especially automated ones. There is country, IP range, certain behavior (eg; no js, or direct api calls..etc). I really think it's easy to deal with this if you're willing to look deeper than a dashboard.
none of the technical measures you mentioned could work with “friendly fraud”. It was a real human with a real card with a real address with details all matching, then disputing a payment they themselves made for a product they received.
My suggestion is to just ban specific regions or countries and you can cut 80% of this fraud.
I'm not going to name those countries outright but you should never ever be launching globally until you have these safeguards in place.
Once you are known to be vulnerable to a certain scheme, it quickly becomes known in that region/country.
Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society.
I've got 13 chargebacks over the last 4 years for my biz. Out of these, 10 came from US based cards. The other 3 came from Australia(my country).
Be careful when taking verbatim advice from internet strangers.
I live in Kazakhstan (I assume that's one country nobody heard of and would disable in their dashboard) and my bank doesn't even have any UI for chargebacks, nor I ever heard about anyone doing chargebacks. They even explicitly warn me sometimes that I assume all responsibility for that payment. I guess I can go through some process, it's VISA after all, but it's definitely not something I can do easily.
Everyone’s heard of Kazakhstan, if not for the architecture, at least because of Borat.
you were thrown that way in Kazakhstan? :)
Yeah it's not a thing available to customers outside of western countries. Even in eastern europe countries a chargeback means making a lengthy complaint with the bank and if they decide to trust you then they make chargeback.
So nobody really knows about it.
When i started selling digital download content. Some people will buy, download and instantly charge back.
wait, people can just do that? How does that even work? Does Visa not supposedly protect both the seller and the buyer?
In Western Europe, a chargeback is not that unheard of, but it still requires you to make your case and follow a procedure and review. It's not that lengthy or difficult, but you cant just buy something online and then do a chargeback, unless you can clearly show that the download is not working and tried the helpdesk or you were mislead or something
It’s supposed to be the same in the US, but due to heavy automation on both sides, the “evidence” presented on either side is essentially pages of rasterized TIFF slop propping up a handful of bits of ground truth data.
I suspect most decisions are now made based on ambient factors such as “does this customer file above average chargebacks; if not, believe whatever they entered in our multiple choice questionnaire” or “if we have any undisputed payment on the same card by the same account, push back, otherwise eat the loss”. Part of this is even getting codified by newer network dispute evidence rules as well.
Since nobody ever seems to hold cardholders accountable for misrepresentation, and since it’s psychologically much easier to lie on a whimsical multiple choice form you fill on your bank app when bored on the bathroom than to sign a printed document containing a short summary of the legal consequences of willful deception, the situation is what it is.
Sometimes, whether a society is actually “high trust” depends on the transaction amount, and whether that amount warrants legal expenses on either side.
I have been using online payments for over 15 years now. Over these years I probably have had accounts with over 10 different banks. Not a single time have I seen any setting related to chargebacks. In fact, I learnt of these just a few years back and I had to google it what do these even mean. Im from India btw.
And let me tell you, nowhere in my circle that I know of have ever raised one single chargeback in these 15 years. Not one.
This seems more of a developed-countries thing to me.
The OP of the thread meant US, obviously.
+1 almost all from the US.
The strongest signal is whether they use an eBank/app that has a one-click button to report transactions as fraudulent. The Apple card(?) seems especially prevalent.
I had a friend with the apple card, and there were fraudulent charges on her card before she even used it.
I think that caused her to over-scrutinize things.
But (years) later I saw her using apple pay. She had charges she didn't recognize and would immediately flag them. Thing is, I couldn't help but think they might have been real charges with weirdly named companies on the transaction.
I feel like companies should do a better job of naming their payment entity something that a customer can know when they see it.
It’s 2026, why can’t credit card and merchant figure out a way to transmit order summary URL as part of credit card transactions so I don’t need to match up transactions by amount??
A similar thing as what you propose already exists in the Nordics. You pay with your card as normal, and the receipt gets logged automatically in the app.
Not universally supported unfortunately, but the major stores support it.
They absolutely can. They just don't bother.
[deleted]
It's not really helpful if I recognize the name when the gas station doesn't put the charges on my card until Friday when I bought stuff there on Tuesday. Then I'm just confused and have to analyze my whole purchase history.
In what backward place does this happen? It shows up the second I pay here (Australia)
it's common, they reserve an amount, and then update towards the final payment. These are not payments as such, and almost always take 48 hours to clear. Same at hotel rooms usually etc..
Many banks only show payments (so only after cleared) and not reserved funds. They will just show that you don't have the full credit available
The update with the final amount happens within minutes after you’re done pumping, not only at batch clearing time.
This was introduced to not unnecessarily block debit card funds for days but it works like that for credit cards as well now.
> She had charges she didn't recognize and would immediately flag them. Thing is, I couldn't help but think they might have been real charges with weirdly named companies on the transaction.
That's completely the companies fault. If you give a transaction a reference that the customer will not recognise, that's on you!
I don't think that argument would work in court.
U.S. chargeback rules are different. In other countries, you cannot repudiate credit card transactions that you authorized (and this applies to Mastercard/Visa, too). You need to do something else if you end up in a dispute with the merchant.
That’s completely false. Visa/Mastercard chargeback rules are fairly uniform globally, and disputes are possible in many (if not all) non-US countries as well.
Whether your bank knows how to use them well to represent your interests is a different matter. For example, I’ve seen banks decline chargebacks against bankrupt merchants in certain countries because they were poorly advised about the legal ramifications, and other banks in the same country win the exact same kind of dispute. Lacking sufficient reading comprehension to parse the dispute rules (it’s a long PDF!) also seems common.
You open a ticket where you describe what happened and attach everything you have. It happened to me twice over the years, both with Visa, and I had them both approved. I'm not sure that in the age of AI agents they would care anymore, but I can dream right.
Over here, it's common that consumers don't have a direct relationship with the card company. I'm not sure if they would even be able to identify me.
What do you mean by card company?
The cardholder’s contractual relationship is always with the card issuer, which is usually a bank or some other financial institution. This is no different in the US. If something on your bill seems off, you contact the one that issued it, i.e. your bank.
Hmm nevertheless my cases were handled by Viseca, not by my issuing bank. I don't know why, is it because of my bank, or my country, but yeah it seems to be different.
Banks can (and often do) outsource chargebacks to their processor or another third party, but never the card network (since that’ll be the entity ruling on the case in the very unlikely case it goes into arbitration).
Viseca seems like it might actually be an issuer directly (it’s also a common model that banks only act as program managers, delegating actual issuance to a different entity) but I’m not familiar with them.
not to mention, thats pretty bad advice for these chargeback frauds. not gonna deny some regions have higher risk of frauds, but these are mostly high-volume automated schemes.
in the case of these "friendly fraud" schemes, they are much more likely to come from more developed regions with strong consumer protection laws like the NA.
if anything in many of those "high risk" regions, chargeback are much less common because fewer consumer protection law e.g. banks would automatically reject chargebacks for transactions with 3DS OTP.
Yeah, they will likely be spoofing their location anyway with residential IPs to let their payments go through easier and maintain identity separation.
13 over 4 years is tiny sample compared to what I've seen on international scale.
Great advice which is why data is what I'm relying on vs anecdotes.
With all due respect, both of these stories seem just as anecdotal as the other.
Yeah, all my chargebacks are Americans. Realtors are the worst.
How big is your business and where does it sell?
One chargeback a quarter is a lot, depending.
Just because the card is US-based doesn't mean the user is.
If the cardholder is doing chargebacks on an US-based card, they cardholder is probably US-based.
Not very easy to do with prepaid cards AFAIU.
You're assuming prepaid, I'm just assuming the real card was skimmed during checkout at a gas station or swiped from a payment processor.
or American.
This case was Canada.
The US and I imagine Canada are known for the ease of chargebacks.
My experience in Europe is that it's a very tough process to even initiate (as a consumer)
My only experience as a European is that I called the support number on my card, they fixed the in 5 minutes, cancelled my card, sent me a new one and set me up with a temporary one.
if it was stolen then I guess it’s fairly standard. Disputing specific transactions is much harder though. They ask for evidence you contacted the seller etc and make the process difficult from my very limited experience on the “other end” of the transaction.
I'm no longer convinced those high trust societies will remain so. Every high trust society has been pushed to opened it's doors wide and the changes have been stark.
Accept crypto for those countries, it doesn't have chargebacks and helps those vulnerable to the financial system.
I went down a bit of a search looking for counter evidence that crypto is likely less available to them, and it turns out both perspectives are true depending on the scale you look at. At the micro-level, survey data from emerging markets[0] confirms that crypto offers immunity against institutional failure and inflationary currency.
But this QJE article[1] argues there's a ceiling to how far things scale. Concluding that the cost to keep a decentralized network secure scales with its total economic value. So while there is immediate value to it's user, it might not scale well, and can't replace a country's financial system anyway because securing it at a sovereign scale would just be more expensive.
I dont follow. If regular finance to a country is that much distanced from global financial oversight and treaties where crypto (with awful spreads) becomes the norm that doesnt necessarily mean they are victims of international financial order but that regular financially modeling simply cannot manage their unique risk characteristics
Damn, I made a great reply and it never sent–that sucks.
I was more nuanced and specific, but I don't want to do it all again.
1. The fees are not awful idk what you mean, I pay between 0.1% and 1% fees on Monero transactions.
2. If the modelling can't manage their risk characteristics, they are by definition a victim of the financial system. I was more talking about people who have been debanked, though.
I have a Russian friend who can't pay for things online in fiat because of sanctions and the risk to his life from being on the free internet. So, he uses Monero and Tor and takes his OPSEC seriously. He is a victim of trad-fi, and Monero allows him to take his freedom back.
This is actually one of the major reasons people should be very weary of accepting crypto, especially Monero. Instead of being able to basically outsource sanctions compliance to a bank, you take on the burden of trying to figure out if your customers are sanctioned yourself - with potentially dire consequences to your business if you get it wrong.
>risk to his life from being on the free internet
Idk where you are getting this, but "risk to his life from being on the free internet" is total BS.
It's happened in China:
>Gao Yu, a veteran independent journalist and dissident, has been harassed by police repeatedly for visiting and posting on Twitter.
This is not what you said and what I've commented on. Usage of VPN is not illegal in Russia at the moment and "risk to his life from being on the free internet" is indeed total bullshit. It is not "crazy" to say, just incorrect(false).
Have you ever actually used crypto to buy something? The transaction fees are exorbitant and prohibitive, and it's slow as balls.
Yes, all the time. I usually pay a 1 cent fee and the transaction goes through in seconds. Not sure what you're talking about.
I can send you some if you want to try it out, just drop an address(for a wallet I recommend cakewallet, but any popular open source wallet works).
I'm talking about Monero specifically, but your reply makes no sense because there are cryptos that have 0 transaction fee and instant confirmaiton. But they are less secure and private so I don't use them, I only use Monero.
Yeah, monero has low transaction fees. And is a pain in the ass to get, even more so in significant quantity or at a good exchange rate. You pay a significant premium for the privacy. So just different types of fees. Monero is also far from instant in my experience.
I too have plenty of purchasing experience with crypto and I wouldn’t advocate for it for any legal transaction.
> And is a pain in the ass to get, even more so in significant quantity or at a good exchange rate.
It's easy to get in the USA on Kraken from fiat for a very low fee or 0 with their pro plan.
> Monero is also far from instant in my experience.
It's up to the merchant to decide how many transactions before finishing their end of the deal. For small purchases it's low risk to do 0 confirmations and you can scale with price.
I've seen hundred dollar sales given out as soon as the transaction hits the mempool, before the first confirmation as well as 5 dollar sales that require waiting the whole 10 confirmations.
That depends on the currency you use. I've only ever used Monero and the transfer fees are fractions of a cent.
Man people are still using the "it's a currency" grift when discussing crypto, did the El Salvador failure really teach you nothing?
That's less because it was Bitcoin and more because the entire effort was a slapdash affair pushed by Bukele in an effort for him and his buddies to profit off the cryptocurrency boom rather than being an inherent knock on cryptocurrency itself.
Also of all the cryptocurrencies Bitcoin is a pretty poor choice since it could be pretty well argued that it has lost the original purpose and devolved into a raw "line go up" financial instrument.
[dead]
That's the whole thing with Monero. It's actually used as a currency, not as a get rich quick scam. I believe 99% of crypto is a scam, but Monero is a real improvement for payments. The Monero community actually wants it to be adopted to spend it, it's not a price go up community.
Buy food with Monero on an ebay type platform called xmrbazaar.
GrapheneOS says it's the only crypto that they regularly get recurring small donations in.
Crypto does have the distinct cash like advantage of not having chargebacks. I don’t know of any other digital payment system with that property.
[dead]
I was told by someone in the industry that New Zealand leads the pack for travelling outside NZ and coming home to refute charges.
That's very lazy and unfriendly against people who are not fraudsters.
> I'm not going to name those countries outright
Why?
I would assume it’s not that relevant to the advice. And people will always argue about the countries if you list them.
X isn’t bad. You should include Y. You only added/omitted Z because of $stereotype/$racistView/$otherAllegation.
Probably just not worth the hassle.
[flagged]
[flagged]
why is racism always the go to response for any suggestion that different countries have different valuesand that translates into observable and verifiable behavioral patterns that should be studied and recognized ?
how can it be that all countries and cultures are alike with no room for diversity in ethics and overton window ?
Why do you not want to name them?
It makes the conversation turn into an electromagnet for racists.
You can’t ignore the stereotypes, but you can let people figure it out themselves. You don’t have to say it when it’s already obvious.
Your comment is extra funny as OP mentioned the customer was Canadian. Have you considered trying to avoid stereotypes?
[dead]
>"Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society."
Outside of South Korea, from enormous help from Pax Americana, has it ever happened?
[flagged]
[flagged]
[dead]
[flagged]
[flagged]
I think you've done a good job of answering why.
Probably why it’s flagged.
I had a customer do something similar with a thousand-dollar product. They had signed for delivery and provided no evidence, but banks always side with the customer.
I thought that banks were less likely to side with the customer compared with credit cards.
Most credit cards are issued by banks.
[dead]
Have you considered filing a police report? I'm not sure if small claims would be an option if you are a commercial seller.
Anything that actually discourages that behavior directly is better than some slightly more negative reputation in an opaque fraud detection system.
[deleted]
You know enough about the buyer to sue them or report them to the FBI.
Suing someone in the Philippines probably won’t be worth the effort for an $18 product. And the FBI probably will not care much about a $18 international fraud.
Yeah. This case Canada. Not sure where to report but seems unlikely to do anything. Will happily report out of principle so any tips welcome.
You presumably have their shipping address, so you can look up their local police department and report it as general fraud. Eg. The Toronto police have an online reporting tool for fraud and scams: https://www.tps.ca/services/online-reporting/
If it happens to be a slow day, or the person is already on their shit list (eg. on probation) maybe something will come of it. Having the gloating emails definitely helps. Or maybe the report just goes into a file until this person does this for a more expensive item and then it gets pulled to prove a pattern of behavior.
A lawsuit will cost you at least thousands of dollars if you can even serve the person. The FBI doesn't care about even thousands of dollars of fraud; they are busy chasing million dollar crime rings. Try reporting to your local police and see what they say - they will advise you it is not even worth your time to write out a report because it won't be investigated. Heck, my mom was defrauded out of $10k by a persistent group of people running a fake crypto investing company, and when she reported to the government body specifically responsible for investigating those cases, the nice man said, "Thanks for letting us know." They don't have time to investigate and prosecute minor fraud.
Use EMV 3DS 2.x authentication with liability shift protection?
A friend of mine has a "1 dispute and your banned rule"... sounds like it could help in this situation. He'll catch wind of someone disputing they didn't receive a product he makes, despite his OCD with packaging, and gets a chargeback. He sits down each week with all the chargebacks he's gotten and bans them from future sales. It's not often but when he does, he complains about it when I see him.
I am pretty convinced that friendly fraud is about 90% of chargebacks. I have seen some genuine fraud, but dwarfed by friendly fraud over time across 3 companies.
I wonder how much revenue Stripe would loose if it cracked down on chargeback fraud and free trial abuse (cards defaulting) and similar? Even just a few percentage out of an annual revenue of $5.1 billion is substantial.
To be fair, from stripe's point of view, how would they know that you and the alleged customer are not in on it for some reason they don't know?
"Friendly fraud" is when the cardholder is in on it. They or an accomplice they've given access to their credit card go to a merchant, order and receive an expensive item with the card and then file a chargeback claiming they didn't make the purchase so they can keep both the item and the money.
What would be there to gain? The merchant loses money to the credit card processing fees, chargeback fees, and shipping cost along with the loss of the product, they gain nothing. Its a pretty expensive way to send a customer a free thing.
? in on what?
I lose disputes all the time, no matter the evidence. I'm not happy with Stripe. The only thing keeping me from looking at alternatives is the low volume of fraud committed against my SaaS.
Do better Stripe. Be better Stripe. Or eventually we will find someone better. Think. Don't enshittify. Your support has already become covered in it by doing the needful.
Isn't this a property (and longstanding value judgement) of the entire payment card ecosystem?
When a problem is industry-wide, people are naturally going to complain about the most prominent companies, but that's not necessarily even wrong. The most prominent companies are the ones in the strongest position to actually do something about it (e.g. develop better detection for friendly fraud or lobby for sensible regulatory changes), and have a stronger incentive to when they're the ones who keep getting blamed.
Nothing, it’s a 5% bobcat problem. The card processors can force the merchants to eat it and there’s nothing you can do save not accepting cards, which loses you the other 95% of the market.
Monero or honestly any crypto. There's no chargebacks and it can be more private.
That's fine for some things but my grandma is not going to buy from an online store that only takes crypto. Crypto as a payment option works well for computer-related merchants or for privacy-focused merchants. Like it wouldn't be uncommon to rent a VPS with crypto but it would be strange for an online candy store to accept it.
> That's fine for some things but my grandma is not going to buy from an online store that only takes crypto.
Of course not, unless it becomes mainstream, crypto usage will always be by early adopters and technologists. I don't care if you accept cards as well, I just want to be able to pay privately with Monero.
You're right that for chargebacks specifically the only way to eliminate them would be 100% crypto, not the option of card and crypto together, which is significantly more likely. But there are other benefits for customers(privacy), which is why I use it.
"No chargebacks" means you'll have a very hard time attracting new customers, though, as bootstrapping trust is much harder that way.
In fact it can be so private you'll never know who the merchant who didn't send you the product is.
Don't most crypto exchanges ban Monero?
Yes, unfortunately the banking system is hostile to privacy even though the vast majority of money laundering goes through fiat.
[deleted]
If they committed fraud and you have evidence of the criminal activity, and their address, you could file a police report or a small claims case to inconvenience them back. The only thing protecting the criminal is that you don't care to press the issue any more than Stripe does.
If they are using the same name, address. Why not just flag the "friendly fraud" before fulfilling it?
>And the bank, naturally, sided with them.
How is it natural if DHL had proof of delivery.
Yeah I didn’t really go into it, but I can imagine a bank prefers to take care of their own customer than about a small merchant. I’m definitely frustrated with the whole system. But I expected at least Stripe to try to protect its own customers (merchants).
They have a comprehensive customer ID system and let you adjust desired risk levels for various forms of fraud.
Epic username btw lol
I was so annoyed with their onboarding for new accts I moved to Square on every project. Love it! Never going back
[flagged]
tl;dr: stripe doesn't provide protection until you buy Radar (a separate product which should have been part of the stripe offering but uh...). So the incentive is to let stripe customers burn in charge backs so that they buy radar.
I run a saas and we get this every now and then.
As a rule of thumb, when you get a chargeback you need to completely ban the customer from your db. This includes:
- card ban - email address ban - fingerprint their access and ban
This will save you a lot of hassle when they try to signup/buy your product again and cause you the same amount of grief.
Exploiters easily get around this. its a small group of people doing all of the abuse.
All 3 of those identifiers can be easily changed by advanced users. I'm curious what you mean by fingerprint their access. Is this like an on demand fingerprinting, I've only seen browser fingerprinting as a tracker for every user.
if i had a dollar for every time a developer “perfect is the enemy of good”’d me
Nice try, chargebacker! ;)
I try to pay with Monero, so I can't chargeback :)
You'd better be promptly responsive to legitimate customer support inquiries if you are going to have a policy like that
This comment struck a nerve with me and perhaps you didn't mean it in this way but:
Yes, many of us are incredibly responsive to customer support inquiries (I have a <1hr response time unless you send in a ticket when I'm sleeping) and it doesn't matter. Fraudsters gonna fraud. This isn't a case of "they asked for a refund, we refused, they issued a chargeback", it's a case of a scammer being a POS.
I've dealt with my fair share of chargebacks and in every case I've seen it's someone being a jerk and never a legit case.
The fact that Stripe won't help you, the banks don't care about all the evidence you have, and you end up out the money for the product _and_ you get hit with a chargeback fee on top of it is madness. I could literally have video of the person holding up their ID saying "I XXXXX agree to pay YYYY" and banks would still side with a the scummy scammers.
I have, quite literally, never had someone reach out via support and then file a chargeback later. They do it without reaching out, probably because they are a trash person and they have no interest in getting anything fixed and are just scammers.
Use DeviceCheck if iOS app too. Uber does this to ban across accounts
That's an interesting idea. The sad thing is, the money lost through chargebacks is minimal for me in the grand scheme of things but it makes me irate enough to potentially spend the development time (that will never have a positive ROI) on adding in something like this just to stick it to the scammers.
It is at least very simple to implement. It's a simple API. Useful capability for banning abusive users too if you have social elements or other abuse vectors besides payment.
Great, another thing to worry about when buying a used phone: Did any of the previous owners get banned by any of the apps I intend to use on it?
I imagine most fraudsters wouldn't be using iOS. I'm curious if the android app fingerprinting solutions go cross user profile.
As far as I know, DRM systems like Widewine have IDs that cross user profile lines.
> They told me they don’t use evidence of chargeback abuse from one merchant to create cross-merchant fraud signals, or to take action against the customer’s card, email, or other details for other merchants.
I'm surprised they were able to get Stripe to actually state all of this clearly. It's nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
No, vagueness gets me much more upset, but there's just nothing to write about in those cases.
Then it's probably worth being aware that you're an outlier, because companies sure aren't being vague for the hell of it.
>No, vagueness gets me much more upset, but there's just nothing to write about in those cases.
I think this hits on the spirit behind GP's point. Clarity, leading to an article like the one posted, gets more people upset. The equation (Upset/People x People) results in a larger number -- people, as a whole, are more upset.
>But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
If a company is vague, there's nothing to write about, one person (maybe) gets more upset than they would have facing clarity.
But if the company is clear, there is something to write about, and an article like the one posted makes people, overall, more upset.
I don't see many people upset at Stripe over this, I certainly am not.
No. This is what you’re saying because you want to plead your case to find out as much as you can. Saying less works. Everyone knows this, because it’s true. You just don’t like it.
No. I would have been far more upset about a vague response. I was still upset that they don't do anything about it.
(it took a bit of back-n-forth to get a clear answer, but I did get a clear one. Their support is still excellent from my experience and communicate well)
I dealt with millions of dollars in chargebacks with Stripe. We sold tickets, they're easy to re-sell and our customers were tourists visiting shows from all over the world.
Stripe Radar was not a good product. It would score large numbers of very suspect transactions at a risk level of 1 or 2 (out of 100). I don't have an ML background, but something about their methodology was just flawed. It behaved as if there was a wire loose in it. Unfortunately, I don't think they're very incentivized to care.
The customer screwed you over, and then their bank did too. Stripe didn't. I'm not sure why Stripe is getting blamed in the title and the article.
Yeah, maybe Stripe could do more without Radar, but I imagine it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint. Obviously a lot could go wrong with such an approach.
Yes. But Stripe didn't do anything to prevent the next merchant from falling into the same trap. They had all the evidence, and ignored it.
That was the point I tried to make with my blog post. And yes, if it was too easy for merchants to block consumers, that won't be fair either. But surely there's a middle ground here.
Stripe very explicitly told me that they don't do anything with such reports. It's simply ignored.
Stripe did the right thing here. They cannot be arbitrators of every little edge cases that comes up. That's not their role.
Also I just wanna throw some praise at Stripe Support. They have an excellent team and go above and beyond to help.
Agree on Stripe support. They're excellent.
I don't think Stripe did the right thing here. They can do better to protect their own customers.
stripe serves both sides of the transactions they process, seller and buyer.
if buyers were to perceive stripe as being dificult, they might churn. i certainly do this on paypal pages.
> They cannot be arbitrators of every little edge cases
Is this an edge case? It looks like your standard chargeback fraud accompanied by a pile of evidence. What does a common case look like in contrast?
We should expect this to become even more rampant given the ease of clicking a chargeback button and the apparent lack of repercussions.
If not Stripe (in this case), then who's serving that role?
They (Stripe) don't have to be a arbitrator of every edge case, just use the information they have that merchants want to give them and surface a risk signal back to merchants, then it can be up to the merchant what level of risk they are happy with for each customer.
It doesn't seem like an unreasonable ask frankly.
No, Stripe did. It is a common misconception that chargebacks are decided by the customer's bank. Actually, there is a multiple cycle back-and-forth process after which they are finally decided by _the network_.
I have worked in card issuing for years and I have seen various submissions by merchants I know that use Stripe where I _know_ that they have an absolute winning case under the network rules that Stripe refuse to contest.
Stripe have decided that fighting most chargebacks is not worth the money, probably becasue they can just pass the costs onto the merchants and let them eat them and the merchants will not go elsewhere.
> it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint
“You probably don’t want a system where one annoyed merchant can get someone blocked across the whole Stripe payment system. But there’s a pretty big gap between “automatically block this person everywhere” and “thanks for the screenshots, please consider Radar”, and this is where it gets frustrating.”
There is no gap between those things. Any fraud signal at all either causes people to get blocked, then it's a cross-merchant block, or it doesn't cause people to get blocked, then it's useless.
One thing that is so painful with Stripe is the Disputes because no matter how much evidence I show, even emails with the user claiming they did it because of X, Y, Z. ToS not upheld, etc, the customer always wins.
For me, I do a cheap subscription (4$/mon, first month 2$) and one dispute costs me like 20-30$. So that one person wipes a ton of profit from me. I always try to refund them (but you can't refund a customer with a dispute in effect).
Stripe is great to get going, but has a lot of painful points.
Does Stripe have any published stats on the ratios? Did any merchant ever won such a Stripe dispute?
At this point I’m fairly convinced Stripe is Paypal 2.0, at least in spirit:
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
That’s just the nature of these industries.
1) Incumbent is slow, clunky, unpleasant to deal with due to years of accumulated constraints to deal with
2) Newcomer can differentiate themselves by being nimble and pleasant to work with, taking market share
3) Over time newcomer has to deal with increasing amount of scrutiny, fraud, overhead, CYA type practices, etc
4) Newcomer is now incumbent, goto 1)
Who do you recommend as an alternative?
Nowpayments is good for an easy crypto payment gateway.
No affiliation, I've just seen them used–it would be better if you self-hosted a BTCPay server.
I don’t have one at the moment, at least for my circles (artisans, craftspeople, adult creators in general). Much of it has fallen back on PayPal for folks without an LLC to hide behind, or Square if they’re incorporated as a business. The trick has been discretion and operating in a gray area: “novelty goods”, “graphic design work”, and “outerwear” as item descriptors or db entries, obscuring the actual content without actually lying or deceiving the payment processor.
Most paypros, most of the time, won’t look too hard unless there’s a problem or you’re tripping some internal security measure (like raking in a lot of cash in weird amounts). Of late they’ve been more intrusive due to some weird eTeen puritans, but that’s quieting down again as they remember they like making money, and throwing legal content off their platforms can very quickly cause an exodus of customers looking to avoid having their funds seized.
That's pretty clearly deceiving. Would expect to run into problems with that kind of approach regardless of the specific payment processor -- everyone has T&C that you must follow.
Problems occur either way due to a lack of regulations on these entities allowing them to dictate acceptable financial transactions regardless of actual legality. Consider the risk matrix:
* You sell legal goods or services and are entirely honest about them to the paypro; if the T&Cs change down the line, your honesty makes you a prime target for having your funds seized and ability to process transactions terminated first, posing an existential threat to your business with no reward for your honesty
* You sell legal goods and services, but don’t volunteer extraneous details about them since that’s not the business of a paypro. Should the T&Cs change, your obscurity buys you time to adapt or seek alternatives before inevitably being caught up in the paypro’s internal surveillance measures.
* You sell legal goods and services, but assume your paypro is hostile from the get go regardless of the T&Cs and hand over the minimal information necessary to process a transaction. You have maximum time to find alternatives should the T&Cs change, because your baseline operations make it that much harder to identify your transactions down the line.
Honesty is inevitably punished while obscurity is rewarded, at least for a time. It’s also worth pointing out the hypocrisy of needling paypro users to follow arbitrary and changing rules of the paypro but allowing said paypros to reject legal transactions for whatever reason they wish or selectively comply with laws because they’re “fintech” and not banks or payment card networks: why should users face more onerous restrictions than the paypro themselves?
Ultimately the solution is the same one we’ve been parroting for years ever since PayPal arbitrarily changed their T&Cs to try booting adult creators off its platform: government regulations barring these entities outright from refusing any legal transaction. It’s part of the playbook at this point for tech companies in light of its success: court adult content creators and communities to grow the platform, then shut them out once there’s money to be made.
I got hit with a fraudulent chargeback (claim was the purchase was unauthorized and the person showed up in person to a class) and it was doubly bad because they paid via Link which means that Stripe actively verified them via 2FA.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
Yeah, though this rule sounds a bit tricky. Like what if someone legitimately had their card abused.
The thing that gets me is that Stripe boasts about their machine learning radar rules etc etc, but somehow can't feed it actually valuable data.
Stripe support saw the emails from the customer boasting about defrauding me, they completely agreed that this is a clear case of friendly-fraud, but did nothing with this info.
Stripe can’t do anything per the way CCs work. Asking for that to change is a big ask. Asking my vendor to help me not do business with people who are likely to scam me is a smaller one.
100% agree. They cannot reverse the dispute. I already lost the money. I understand.
But Stripe is exactly in a position to at least use the evidence I provided (in this case, the evidence included the customer clearly admitting to friendly fraud), and feed it into their fraud-prevention system in some way. This way, lots of signals can help protect merchants from friendly fraudsters. So yes, I see it as a pretty small and legit ask from Stripe.
I don't know this is the reason, but if I were asked to build such a system, I'd be pretty worried that it constitutes a consumer report under the terms of the Fair Credit Reporting Act.
Certainly I wouldn't want the inevitable news drama about it. "I'm just a poor innocent grandma, I'm a trusting person when it comes to Facebook ads, and Stripe punished me for getting scammed by banning me from half the stores on the Internet!"
If your card is actually stolen then you should have the card number changed to prevent additional fraud and then the disputes would be against the old card number rather than the new one, right?
If your card is stolen you should, but not necessarily if you fall for a Facebook ad that ships you a pile of rocks or a paper photo of the product you thought you bought.
Isn't that exactly when you should have your card number changed? You gave your card info to a blatant fraudster. If they're willing to ship you a pile of rocks then there's a significant chance they're willing to use the card info you gave them to make fraudulent purchases.
claim was the purchase was unauthorized and the person showed up in person to a class
Certainly a person showed up in person to a class, but how do you know it was the person whose credit card was used?
It matched their LinkedIn photo.
[flagged]
While funny, I literally just used my LinkedIn picture in a legal case of mistaken identity on behalf of a US state.
Not kidding.
Do you imagine someone got a stolen credit card, made a linkedin with that name, used the card to attend a live class under the fake ID, or are you just doing the classic hacker news aaaaactually?
Comments like this have ruined this site. We all know that’s never happened once in history.
If you care about the quality of the site, consider the guidelines about not responding to a bad comment with a worse one and not griping about how HN has gotten terrible or turned into reddit or what there you. Downvote, flag, and move on to better discussion, and you'll spend a lot more time engaging and contributing to good discussions.
Contributing to good discussions is the highest leverage way to promote the quality of the site. Spending time in poor discussions is what makes it feel like HN has gone to crap.
Fair point. I think we’ve all tried that and it isn’t working, and pointing out to people they’re being annoying could help.
But probably won’t, so you’re probably right.
Their business model is to allow as many possible "valid" transactions, not to serve their "clients". They're a PSP...
This is just fraud.
"Friendly fraud" is accidental or with the correct intentions – such as the customer not recognising the charge and charging back.
Genuinely not recognizing a charge is not fraud, as that to me requires intent (or at least gross negligence, e.g., something like "I'll just dispute everything I don't remember, and not make a particularly good effort to remember anything at all").
"Just fraud" is already taken for "criminal c uses unwitting cardholder a's card at unwitting merchant b", so what's your objection against "fiendly fraud"?
This is the point. You could file criminal charges. You could win in civil court.
Yes, and Stripe could do much better to prevent it. And doesn't.
What would you like them to do?
Even in the post you're wishy washy about what you want. They offer a product that does enhanced fraud detection but you don't like that. You correctly call out that there's major risks with taking a merchant's report and using it to flag a user's future transactions.
The article mentions Stripe's product in this space: https://stripe.com/en-us/radar
There are similar offerings from other companies. I don't know if bundling this with payment processing is common.
They could, but this isn't discussed in the blog post. The post is about literal fraud, which has a very different recourse for the merchant.
Solid post. The key takeaway for me was Stripe admitting they won't use post-dispute evidence of friendly fraud to build cross-merchant signals in Radar. That, plus the customer literally bragging about it after winning the chargeback, shows how lopsided the system is against indie sellers. Thanks for sharing.
Stripe obviously records data around friendly fraud, (At minimum they implement Visa Compelling Evidence 3.0 https://support.stripe.com/questions/how-does-stripe-support... ) and since you did not include screenshots of the messages sent by Stripe support I suspect they were saying something carefully noncommittal and legally compliant to get you to go away, which then got spun into an outraged blog post.
Happy to share their responses verbatim. It was a rather long back-n-forth. Here's a snippet from the latest email, which I think makes it clear that they do not use the evidence I provided:
Theres no gotchas in the quoted text, but curious if you got the impression from your emails that any of it was.. AI generated?
The camber, affirmation, word choice, triplet phrase... leaves me wondering. But without a smoking gun its hard to know if a model call was fired.
Yes most of the communication felt rather LLM assisted or generated. Though to be fair Stripe from my experience always had emphatic support and well written responses. In a way they probably set the gold standard that AI support now mimics.
> I suspect they were saying something carefully noncommittal and legally compliant to get you to go away
If their total dismissal of the problem is itself deception, that's not a particularly big improvement!
The problem is that, as patio11 once described in detail (https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...), there are genuine tradeoffs here that people get outraged by the mention of. How many legitimate sales should Stripe block in order to more effectively fight this kind of fraud? Merchants don't want to hear it, and consumers don't either. So financial companies invariably conclude that it's better to raise the question only in careful, indirect ways which could not be misinterpreted as a statement that fraud is good or OK or acceptable.
That's a reasonable argument for general money processing, but it's far weaker when you sell an anti-fraud product and try to get every transaction to give you a cut to use it.
And if they had even a little skin in the game they would care about such low-hanging fruit. You don't want a guy that's insulated from the consequences to be in charge of the [anti-]fraud dial.
That link says the customer's undisputed transactions 4 - 12 months ago with you may establish their disputed transaction was actually legitimate, but the article is about someone who only made disputed purchases within a week or two.
> Stripe obviously records data around friendly fraud
My only nit with Stipe is they don't allow me to delete card details for an ongoing subscription I don't plan to renew and already set it not to renew on the service billing page.
What's your point? Do you think it matters what stripe said? What is something that they could've said that wouldn't have justified the outraged blog post?
The author thinks it matters what Stripe said, since they chose to use it as the title for their blog post. To the extent that it was just meant to be a lament that it's hard to be a small online merchant in an era of strong consumer protections, sure, I sympathize. But they seem to think it's a problem with Stripe that could be fixed if Stripe behaved better.
Author here. What makes you think Stripe cannot do better here?
Stripe has a customer's bank saying "the customer says they didn't make this payment" and you saying "the customer told me they did make this purchase and got the item and they're making fun of me".
They have no way to know if your evidence is real, any more than the bank has a way to know if their customer's evidence is real. Either one (or both) of you could be full of shit.
In that world, what would you like Stripe to do better?
What do they feed into their Radar machine learning system? surely there are lots of signals to use here. I'm not saying take only my word and ban this customer forever.
But they have my record as a merchant (successful charges, chargebacks, disputes etc), they have the payer record as a consumer (payments, chargebacks etc), when a merchant submits a dispute, they provide evidence. I provided evidence from DHL that the product was delivered.
No single piece of data is enough on its own, but Stripe is in a perfect position to use all those pieces to be able to better detect fraud.
Yet they explicitly do not use this data at all.
Based on the quote you provided, the CSR was very specific that what they don't use is merchant-provided evidence. They didn't say they don't leverage information about chargebacks or other disputes.
and that’s my complaint on the blog post. They should use these data points too.
I assume that this is basically just not worth pursuing for small-scale orders (e.g. $15ish for Ciglue), but for larger ones what are the reasonable approaches for scenarios that don't involve stolen card fraud?
Notably disputing a credit card charge is completely independent of whether someone owes the debt, the credit card is simply a convenient way for that payment to be handled. What's the point where other collection methods make sense? As an example, if you're consulting for someone and they pay you $x,xxx via card then charge it back, at least in most of the US I believe it's legal for you to do your own collection efforts and contact them repeatedly (this changes if you sell the debt and it's a third party attempting collections).
Correct, the debt is still valid.
You can try to collect through persistence, or take them to court, get a judgment, and then a court ordered collection. It all depends on the value of your time.
I’ve heard rumors that some merchant agreements with processors may include arbitration clauses for recovering chargebacks, but I’ve never seen it personally.
There aren't any screenshots of conversations with Stripe support in the blog post, but I'm guessing one other reason is that support agents are incentivised to close tickets or end conversations as quickly as possible.
So I can crack open a Backwoods, stick my weed in there, and then glue back together with Ciglue? That's pretty cool.
Thank you. Haha, yes. My product is focused on cigar repair, but I know some weed smokers that use cigar glue (mine or other brands) for blunts.
i went the other way, and already repaired more than one dropped cig with a good sheet of pure cellulose wrapping paper. I cannot imagine someone buying a glue for that. but I'm not german.
It’s sold in 20+ countries around the world, not just Germany.
If you’re talking about premium cigars, using paper is possible but kinda ugly. The glue is similar to what rollers use when rolling cigars in the factory. It works well and fits well with the cigar smoking experience.
You don’t have to buy (my) glue. You can make your own and I even share recipes on the website. Ciglue however offers convenience with the dispenser and integrated brush and glue.
(wasn’t expecting to get into details about my product on HN but love how diverse the community is)
Stripe is a payment gateway, not an anti-fraud solution. I'd recommend using services such as wyllo or Signifyd for anti-fraud. They will pre-filter against network intelligence signals, and if they approve the transaction, will guarantee your funds, even if a chargeback is lost, and even if you lose.
All of these may result in you bringing in less $ overall, so it really depends on how much each fraud case costs you, but you could (off the top of my head): - Enable always checking CVV - Require 3DS - Ban a card after N disputes - Ban an email/other identifier after N disputes - Ban certain payment methods, banks etc - Add a visible or invisible captcha to fight automated abuse/card testing
I suspect Stripe walks a fine line where they want to help you prevent fraud, but they also want to avoid vendors complaining to them that their customers can’t pay.
Context: I worked on a payments team for a short while.
None of the technical measures you mentioned are relevant with “friendly fraud”. And that’s exactly the problem that Stripe doesn’t solve. And doesn’t want to help merchants fight against.
I help a lot of client with their ecommerce websites (mostly WooCommerce), attacks became so common recently, could be AI, but I found the best way to deal with this is to trace the patterns in access log and block the same patterns of checkout submission, this have worked really well for me. There are a lot of card testing attacks that Stripe doesn't care to handle as well as a lot of other fraud techniques, but there is always a pattern, especially automated ones. There is country, IP range, certain behavior (eg; no js, or direct api calls..etc). I really think it's easy to deal with this if you're willing to look deeper than a dashboard.
none of the technical measures you mentioned could work with “friendly fraud”. It was a real human with a real card with a real address with details all matching, then disputing a payment they themselves made for a product they received.
My suggestion is to just ban specific regions or countries and you can cut 80% of this fraud.
I'm not going to name those countries outright but you should never ever be launching globally until you have these safeguards in place.
Once you are known to be vulnerable to a certain scheme, it quickly becomes known in that region/country.
Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society.
I've got 13 chargebacks over the last 4 years for my biz. Out of these, 10 came from US based cards. The other 3 came from Australia(my country).
Be careful when taking verbatim advice from internet strangers.
I live in Kazakhstan (I assume that's one country nobody heard of and would disable in their dashboard) and my bank doesn't even have any UI for chargebacks, nor I ever heard about anyone doing chargebacks. They even explicitly warn me sometimes that I assume all responsibility for that payment. I guess I can go through some process, it's VISA after all, but it's definitely not something I can do easily.
Everyone’s heard of Kazakhstan, if not for the architecture, at least because of Borat.
you were thrown that way in Kazakhstan? :)
Yeah it's not a thing available to customers outside of western countries. Even in eastern europe countries a chargeback means making a lengthy complaint with the bank and if they decide to trust you then they make chargeback.
So nobody really knows about it.
When i started selling digital download content. Some people will buy, download and instantly charge back.
wait, people can just do that? How does that even work? Does Visa not supposedly protect both the seller and the buyer?
In Western Europe, a chargeback is not that unheard of, but it still requires you to make your case and follow a procedure and review. It's not that lengthy or difficult, but you cant just buy something online and then do a chargeback, unless you can clearly show that the download is not working and tried the helpdesk or you were mislead or something
It’s supposed to be the same in the US, but due to heavy automation on both sides, the “evidence” presented on either side is essentially pages of rasterized TIFF slop propping up a handful of bits of ground truth data.
I suspect most decisions are now made based on ambient factors such as “does this customer file above average chargebacks; if not, believe whatever they entered in our multiple choice questionnaire” or “if we have any undisputed payment on the same card by the same account, push back, otherwise eat the loss”. Part of this is even getting codified by newer network dispute evidence rules as well.
Since nobody ever seems to hold cardholders accountable for misrepresentation, and since it’s psychologically much easier to lie on a whimsical multiple choice form you fill on your bank app when bored on the bathroom than to sign a printed document containing a short summary of the legal consequences of willful deception, the situation is what it is.
Sometimes, whether a society is actually “high trust” depends on the transaction amount, and whether that amount warrants legal expenses on either side.
I have been using online payments for over 15 years now. Over these years I probably have had accounts with over 10 different banks. Not a single time have I seen any setting related to chargebacks. In fact, I learnt of these just a few years back and I had to google it what do these even mean. Im from India btw.
And let me tell you, nowhere in my circle that I know of have ever raised one single chargeback in these 15 years. Not one.
This seems more of a developed-countries thing to me.
The OP of the thread meant US, obviously.
+1 almost all from the US.
The strongest signal is whether they use an eBank/app that has a one-click button to report transactions as fraudulent. The Apple card(?) seems especially prevalent.
I had a friend with the apple card, and there were fraudulent charges on her card before she even used it.
I think that caused her to over-scrutinize things.
But (years) later I saw her using apple pay. She had charges she didn't recognize and would immediately flag them. Thing is, I couldn't help but think they might have been real charges with weirdly named companies on the transaction.
I feel like companies should do a better job of naming their payment entity something that a customer can know when they see it.
It’s 2026, why can’t credit card and merchant figure out a way to transmit order summary URL as part of credit card transactions so I don’t need to match up transactions by amount??
A similar thing as what you propose already exists in the Nordics. You pay with your card as normal, and the receipt gets logged automatically in the app.
https://en.storebox.com/#/
Not universally supported unfortunately, but the major stores support it.
They absolutely can. They just don't bother.
It's not really helpful if I recognize the name when the gas station doesn't put the charges on my card until Friday when I bought stuff there on Tuesday. Then I'm just confused and have to analyze my whole purchase history.
In what backward place does this happen? It shows up the second I pay here (Australia)
it's common, they reserve an amount, and then update towards the final payment. These are not payments as such, and almost always take 48 hours to clear. Same at hotel rooms usually etc..
Many banks only show payments (so only after cleared) and not reserved funds. They will just show that you don't have the full credit available
The update with the final amount happens within minutes after you’re done pumping, not only at batch clearing time.
This was introduced to not unnecessarily block debit card funds for days but it works like that for credit cards as well now.
> She had charges she didn't recognize and would immediately flag them. Thing is, I couldn't help but think they might have been real charges with weirdly named companies on the transaction.
That's completely the companies fault. If you give a transaction a reference that the customer will not recognise, that's on you!
I don't think that argument would work in court.
U.S. chargeback rules are different. In other countries, you cannot repudiate credit card transactions that you authorized (and this applies to Mastercard/Visa, too). You need to do something else if you end up in a dispute with the merchant.
That’s completely false. Visa/Mastercard chargeback rules are fairly uniform globally, and disputes are possible in many (if not all) non-US countries as well.
Whether your bank knows how to use them well to represent your interests is a different matter. For example, I’ve seen banks decline chargebacks against bankrupt merchants in certain countries because they were poorly advised about the legal ramifications, and other banks in the same country win the exact same kind of dispute. Lacking sufficient reading comprehension to parse the dispute rules (it’s a long PDF!) also seems common.
You open a ticket where you describe what happened and attach everything you have. It happened to me twice over the years, both with Visa, and I had them both approved. I'm not sure that in the age of AI agents they would care anymore, but I can dream right.
Over here, it's common that consumers don't have a direct relationship with the card company. I'm not sure if they would even be able to identify me.
What do you mean by card company?
The cardholder’s contractual relationship is always with the card issuer, which is usually a bank or some other financial institution. This is no different in the US. If something on your bill seems off, you contact the one that issued it, i.e. your bank.
Hmm nevertheless my cases were handled by Viseca, not by my issuing bank. I don't know why, is it because of my bank, or my country, but yeah it seems to be different.
Banks can (and often do) outsource chargebacks to their processor or another third party, but never the card network (since that’ll be the entity ruling on the case in the very unlikely case it goes into arbitration).
Viseca seems like it might actually be an issuer directly (it’s also a common model that banks only act as program managers, delegating actual issuance to a different entity) but I’m not familiar with them.
not to mention, thats pretty bad advice for these chargeback frauds. not gonna deny some regions have higher risk of frauds, but these are mostly high-volume automated schemes.
in the case of these "friendly fraud" schemes, they are much more likely to come from more developed regions with strong consumer protection laws like the NA.
if anything in many of those "high risk" regions, chargeback are much less common because fewer consumer protection law e.g. banks would automatically reject chargebacks for transactions with 3DS OTP.
Yeah, they will likely be spoofing their location anyway with residential IPs to let their payments go through easier and maintain identity separation.
13 over 4 years is tiny sample compared to what I've seen on international scale.
Great advice which is why data is what I'm relying on vs anecdotes.
With all due respect, both of these stories seem just as anecdotal as the other.
Yeah, all my chargebacks are Americans. Realtors are the worst.
How big is your business and where does it sell?
One chargeback a quarter is a lot, depending.
Just because the card is US-based doesn't mean the user is.
If the cardholder is doing chargebacks on an US-based card, they cardholder is probably US-based.
Not very easy to do with prepaid cards AFAIU.
You're assuming prepaid, I'm just assuming the real card was skimmed during checkout at a gas station or swiped from a payment processor.
or American.
This case was Canada.
The US and I imagine Canada are known for the ease of chargebacks.
My experience in Europe is that it's a very tough process to even initiate (as a consumer)
My only experience as a European is that I called the support number on my card, they fixed the in 5 minutes, cancelled my card, sent me a new one and set me up with a temporary one.
if it was stolen then I guess it’s fairly standard. Disputing specific transactions is much harder though. They ask for evidence you contacted the seller etc and make the process difficult from my very limited experience on the “other end” of the transaction.
I'm no longer convinced those high trust societies will remain so. Every high trust society has been pushed to opened it's doors wide and the changes have been stark.
Accept crypto for those countries, it doesn't have chargebacks and helps those vulnerable to the financial system.
I went down a bit of a search looking for counter evidence that crypto is likely less available to them, and it turns out both perspectives are true depending on the scale you look at. At the micro-level, survey data from emerging markets[0] confirms that crypto offers immunity against institutional failure and inflationary currency.
But this QJE article[1] argues there's a ceiling to how far things scale. Concluding that the cost to keep a decentralized network secure scales with its total economic value. So while there is immediate value to it's user, it might not scale well, and can't replace a country's financial system anyway because securing it at a sovereign scale would just be more expensive.
[0]: https://www.mdpi.com/1911-8074/17/10/467 [1]: https://academic.oup.com/qje/article/140/1/1/7824430
I dont follow. If regular finance to a country is that much distanced from global financial oversight and treaties where crypto (with awful spreads) becomes the norm that doesnt necessarily mean they are victims of international financial order but that regular financially modeling simply cannot manage their unique risk characteristics
Damn, I made a great reply and it never sent–that sucks.
I was more nuanced and specific, but I don't want to do it all again.
1. The fees are not awful idk what you mean, I pay between 0.1% and 1% fees on Monero transactions.
2. If the modelling can't manage their risk characteristics, they are by definition a victim of the financial system. I was more talking about people who have been debanked, though.
I have a Russian friend who can't pay for things online in fiat because of sanctions and the risk to his life from being on the free internet. So, he uses Monero and Tor and takes his OPSEC seriously. He is a victim of trad-fi, and Monero allows him to take his freedom back.
This is actually one of the major reasons people should be very weary of accepting crypto, especially Monero. Instead of being able to basically outsource sanctions compliance to a bank, you take on the burden of trying to figure out if your customers are sanctioned yourself - with potentially dire consequences to your business if you get it wrong.
>risk to his life from being on the free internet
Idk where you are getting this, but "risk to his life from being on the free internet" is total BS.
It's happened in China:
>Gao Yu, a veteran independent journalist and dissident, has been harassed by police repeatedly for visiting and posting on Twitter.
https://www.voanews.com/a/east-asia-pacific_voa-news-china_c...
It's already banned in Russia, it's not crazy to say that you could get in trouble.
Recently they have been cracking down even more. (https://www.bbc.com/news/articles/cr510de17jlo)
This is not what you said and what I've commented on. Usage of VPN is not illegal in Russia at the moment and "risk to his life from being on the free internet" is indeed total bullshit. It is not "crazy" to say, just incorrect(false).
Have you ever actually used crypto to buy something? The transaction fees are exorbitant and prohibitive, and it's slow as balls.
Yes, all the time. I usually pay a 1 cent fee and the transaction goes through in seconds. Not sure what you're talking about.
I can send you some if you want to try it out, just drop an address(for a wallet I recommend cakewallet, but any popular open source wallet works).
I'm talking about Monero specifically, but your reply makes no sense because there are cryptos that have 0 transaction fee and instant confirmaiton. But they are less secure and private so I don't use them, I only use Monero.
Yeah, monero has low transaction fees. And is a pain in the ass to get, even more so in significant quantity or at a good exchange rate. You pay a significant premium for the privacy. So just different types of fees. Monero is also far from instant in my experience.
I too have plenty of purchasing experience with crypto and I wouldn’t advocate for it for any legal transaction.
> And is a pain in the ass to get, even more so in significant quantity or at a good exchange rate.
It's easy to get in the USA on Kraken from fiat for a very low fee or 0 with their pro plan.
> Monero is also far from instant in my experience.
It's up to the merchant to decide how many transactions before finishing their end of the deal. For small purchases it's low risk to do 0 confirmations and you can scale with price.
I've seen hundred dollar sales given out as soon as the transaction hits the mempool, before the first confirmation as well as 5 dollar sales that require waiting the whole 10 confirmations.
That depends on the currency you use. I've only ever used Monero and the transfer fees are fractions of a cent.
Man people are still using the "it's a currency" grift when discussing crypto, did the El Salvador failure really teach you nothing?
https://en.wikipedia.org/wiki/Bitcoin_in_El_Salvador
That's less because it was Bitcoin and more because the entire effort was a slapdash affair pushed by Bukele in an effort for him and his buddies to profit off the cryptocurrency boom rather than being an inherent knock on cryptocurrency itself.
Also of all the cryptocurrencies Bitcoin is a pretty poor choice since it could be pretty well argued that it has lost the original purpose and devolved into a raw "line go up" financial instrument.
[dead]
That's the whole thing with Monero. It's actually used as a currency, not as a get rich quick scam. I believe 99% of crypto is a scam, but Monero is a real improvement for payments. The Monero community actually wants it to be adopted to spend it, it's not a price go up community.
Buy food with Monero on an ebay type platform called xmrbazaar.
(https://xmrbazaar.com/search-category/food/)
Donate to non-profits in Monero
(https://donatemonero.org)
GrapheneOS says it's the only crypto that they regularly get recurring small donations in.
Crypto does have the distinct cash like advantage of not having chargebacks. I don’t know of any other digital payment system with that property.
[dead]
I was told by someone in the industry that New Zealand leads the pack for travelling outside NZ and coming home to refute charges.
That's very lazy and unfriendly against people who are not fraudsters.
> I'm not going to name those countries outright
Why?
I would assume it’s not that relevant to the advice. And people will always argue about the countries if you list them.
X isn’t bad. You should include Y. You only added/omitted Z because of $stereotype/$racistView/$otherAllegation.
Probably just not worth the hassle.
[flagged]
[flagged]
why is racism always the go to response for any suggestion that different countries have different valuesand that translates into observable and verifiable behavioral patterns that should be studied and recognized ?
how can it be that all countries and cultures are alike with no room for diversity in ethics and overton window ?
Why do you not want to name them?
It makes the conversation turn into an electromagnet for racists.
You can’t ignore the stereotypes, but you can let people figure it out themselves. You don’t have to say it when it’s already obvious.
Your comment is extra funny as OP mentioned the customer was Canadian. Have you considered trying to avoid stereotypes?
[dead]
>"Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society."
Outside of South Korea, from enormous help from Pax Americana, has it ever happened?
[flagged]
[flagged]
[dead]
[flagged]
[flagged]
I think you've done a good job of answering why.
Probably why it’s flagged.
I had a customer do something similar with a thousand-dollar product. They had signed for delivery and provided no evidence, but banks always side with the customer.
I thought that banks were less likely to side with the customer compared with credit cards.
Most credit cards are issued by banks.
[dead]
Have you considered filing a police report? I'm not sure if small claims would be an option if you are a commercial seller.
Anything that actually discourages that behavior directly is better than some slightly more negative reputation in an opaque fraud detection system.
You know enough about the buyer to sue them or report them to the FBI.
Suing someone in the Philippines probably won’t be worth the effort for an $18 product. And the FBI probably will not care much about a $18 international fraud.
Yeah. This case Canada. Not sure where to report but seems unlikely to do anything. Will happily report out of principle so any tips welcome.
You presumably have their shipping address, so you can look up their local police department and report it as general fraud. Eg. The Toronto police have an online reporting tool for fraud and scams: https://www.tps.ca/services/online-reporting/
If it happens to be a slow day, or the person is already on their shit list (eg. on probation) maybe something will come of it. Having the gloating emails definitely helps. Or maybe the report just goes into a file until this person does this for a more expensive item and then it gets pulled to prove a pattern of behavior.
A lawsuit will cost you at least thousands of dollars if you can even serve the person. The FBI doesn't care about even thousands of dollars of fraud; they are busy chasing million dollar crime rings. Try reporting to your local police and see what they say - they will advise you it is not even worth your time to write out a report because it won't be investigated. Heck, my mom was defrauded out of $10k by a persistent group of people running a fake crypto investing company, and when she reported to the government body specifically responsible for investigating those cases, the nice man said, "Thanks for letting us know." They don't have time to investigate and prosecute minor fraud.
Use EMV 3DS 2.x authentication with liability shift protection?
A friend of mine has a "1 dispute and your banned rule"... sounds like it could help in this situation. He'll catch wind of someone disputing they didn't receive a product he makes, despite his OCD with packaging, and gets a chargeback. He sits down each week with all the chargebacks he's gotten and bans them from future sales. It's not often but when he does, he complains about it when I see him.
I am pretty convinced that friendly fraud is about 90% of chargebacks. I have seen some genuine fraud, but dwarfed by friendly fraud over time across 3 companies.
I wonder how much revenue Stripe would loose if it cracked down on chargeback fraud and free trial abuse (cards defaulting) and similar? Even just a few percentage out of an annual revenue of $5.1 billion is substantial.
To be fair, from stripe's point of view, how would they know that you and the alleged customer are not in on it for some reason they don't know?
"Friendly fraud" is when the cardholder is in on it. They or an accomplice they've given access to their credit card go to a merchant, order and receive an expensive item with the card and then file a chargeback claiming they didn't make the purchase so they can keep both the item and the money.
What would be there to gain? The merchant loses money to the credit card processing fees, chargeback fees, and shipping cost along with the loss of the product, they gain nothing. Its a pretty expensive way to send a customer a free thing.
? in on what?
I lose disputes all the time, no matter the evidence. I'm not happy with Stripe. The only thing keeping me from looking at alternatives is the low volume of fraud committed against my SaaS.
Do better Stripe. Be better Stripe. Or eventually we will find someone better. Think. Don't enshittify. Your support has already become covered in it by doing the needful.
Isn't this a property (and longstanding value judgement) of the entire payment card ecosystem?
When a problem is industry-wide, people are naturally going to complain about the most prominent companies, but that's not necessarily even wrong. The most prominent companies are the ones in the strongest position to actually do something about it (e.g. develop better detection for friendly fraud or lobby for sensible regulatory changes), and have a stronger incentive to when they're the ones who keep getting blamed.
https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra... Classic patio11 article.
Then what are the better alternatives?
Nothing, it’s a 5% bobcat problem. The card processors can force the merchants to eat it and there’s nothing you can do save not accepting cards, which loses you the other 95% of the market.
https://xkcd.com/325/
Monero or honestly any crypto. There's no chargebacks and it can be more private.
That's fine for some things but my grandma is not going to buy from an online store that only takes crypto. Crypto as a payment option works well for computer-related merchants or for privacy-focused merchants. Like it wouldn't be uncommon to rent a VPS with crypto but it would be strange for an online candy store to accept it.
> That's fine for some things but my grandma is not going to buy from an online store that only takes crypto.
Of course not, unless it becomes mainstream, crypto usage will always be by early adopters and technologists. I don't care if you accept cards as well, I just want to be able to pay privately with Monero.
You're right that for chargebacks specifically the only way to eliminate them would be 100% crypto, not the option of card and crypto together, which is significantly more likely. But there are other benefits for customers(privacy), which is why I use it.
"No chargebacks" means you'll have a very hard time attracting new customers, though, as bootstrapping trust is much harder that way.
In fact it can be so private you'll never know who the merchant who didn't send you the product is.
Don't most crypto exchanges ban Monero?
Yes, unfortunately the banking system is hostile to privacy even though the vast majority of money laundering goes through fiat.
If they committed fraud and you have evidence of the criminal activity, and their address, you could file a police report or a small claims case to inconvenience them back. The only thing protecting the criminal is that you don't care to press the issue any more than Stripe does.
If they are using the same name, address. Why not just flag the "friendly fraud" before fulfilling it?
>And the bank, naturally, sided with them.
How is it natural if DHL had proof of delivery.
Yeah I didn’t really go into it, but I can imagine a bank prefers to take care of their own customer than about a small merchant. I’m definitely frustrated with the whole system. But I expected at least Stripe to try to protect its own customers (merchants).
I guess DHL had proof of delivery of a box.
Signifyd (company) solves this issue.
how so?
https://www.signifyd.com/fearless-conversions/
They have a comprehensive customer ID system and let you adjust desired risk levels for various forms of fraud.
Epic username btw lol
I was so annoyed with their onboarding for new accts I moved to Square on every project. Love it! Never going back
[flagged]
tl;dr: stripe doesn't provide protection until you buy Radar (a separate product which should have been part of the stripe offering but uh...). So the incentive is to let stripe customers burn in charge backs so that they buy radar.