Stripe is extremely bad at fraud. I have a company that continues to charge my credit card monthly, their website and email do not work anymore. I continue to charge back them every single month, and Stripe continues to charge my card. This has been going on for about 7 months now. If I ask them to help, they tell me to contact AMEX, I contact AMEX they tell me to contact Stripe.
The website doesn't work, the email doesn't work, I charge it back every single month, yet Stripe doesn't care one bit.
Attempting to contact Stripe results in emails asking if I need help resetting my password (yes I legit sent an email asking for them to investigate the "company" and they sent back a reply with details on how to reset my password), to telling me to contact my credit card provider.
Honestly both companies are giant bags of turds, if you can you should look elsewhere, you can save money on almost every fee, there are alternatives to every single product they provide, and pretty much all of the alternatives are varying degrees of better or cheaper.
I have a perspective from the other end of this, as a seller. Been using Stripe for 5 years selling digital content with a low, $5 average bill. A year ago the site was likely noticed by hackers who started punching in dozens of stolen credit cards. I kept refunding manually at first, but then I had activated Stripe Radar. It made absolutely zero difference out of the box. "-Is it a 100th charge coming from the same IP in Ukraine with a Canadian VISA? No problem, charge approved, here's your success webhook.". "-Same fake TLD for the email address, for a customer number 2235? Nothing suspicious here, charge approved.".
What helped fight this was to create a rule in Radar to reject all cards without 3D Secure capability, but it had cut off a sizable chunk of legit revenue.
This is the big problem with Stripe's positioning in the payments food chain ladder.
Block every single fraudulent or suspicious transaction, and you're leaving obscene amounts of money on the table.
The amount of credit card fraud that goes unclaimed or is eaten by liability shift is huge, so if Stripe makes a product like Radar ACTUALLY WORK, they would be missing out big time.
I am confident Stripe's radar's shortcomings are deliberate and not simple bugs or design problems.
It appears they have no incentive for the product to be 100% effective and that would explain why Stripe Radar is billed per screened transaction, regardless of outcome.
We benchmark Stripe Radar against other pure play fraud fingerprinting solutions, and the difference is abysmal. The fact that Stripe claims to have seen 80% of any card before it gets to your store make this fact even worse.
So, like parent says, you are going to see radar scores of 90 and 95 for certain charges (clearly fraudulent carding attempts), followed by scores of 15 or 20 for the same card, IP, fingerprint with absolutely no warning.
I've grown tired of escalating this to Support. They just give me the ML model answer. Basically: "It's a black box!"
You can definitely add a rule to start blocking charges from X places, or with Y velocity, or always enforce 3DS, but then you're taking the model into your own hands, and that has some important consequences.
Your acceptance rate goes down. You're heavily interfering with the model and relying (and trusting) it less, and you realise you really don't need Radar to do that for you.
If you're serious about fraud, you must use a pure player solution that is 100% aligned with your interests.
From what we've seen with Stripe Radar in the past, that doesn't seem to be the case.
I'm a big fan of Stripe in may ways, but I really have a love/hate relationship with this side of their business...
Agreed - I remember working on something that only service Australian customers and charged in Australian dollars, but Stripe didn't do much when there was a massive influx of overseas cards charging in US dollars.
Stripe Radar costing money is a bit annoying too - my solution was to block non-Australian cards - but the only way to do that is with Radar, which costs money. Radar doesn't let you whitelist currencies either.
Is there no way to get Stripe to automatically refund all chargebacks/disputes? What if you're only getting a 5% fraud rate for something cheap and you want to just eat the loss and not have to manually deal with disputes? Or if you're selling something like a premium online account, you can just disable the user's account automatically if they dispute the charge.
Yes you might be able to do that, at the risk of some personal liability because this is illegal. It’s also grossly unethical.
If your fraud has a large enough monetary value, large enough scale, or you work with another person on it, you can get hit with a serious felony charge and end up in prison for a few years. Disclaimer: I am not a lawyer or expert on credit card fraud.
Yup, that's an attack that exists and is used regularly. It's not trivial to pull off, but is easy/accessible enough that competitors will sometimes do this to each other's web shops (I've heard of two cases of this just in last 3 years and that's in a city of only 300k people).
This is exactly the big issue no one is talking about. We are putting more and more pseudo security in customer protection but as a seller I am always in constant danger.
A chargeback with stripe costs like $15 for the seller. Even if the charge was only $1.5. Imagine the monetary problems you could create and the seller has no other way than to pay and hope to not get banned.
I have seen a business run with this dealing with mobile phones targeted by organised fraudsters. Moving "too fast" to notice and whoops profit is £0.2m not £3m.
This is another case of the old assumption that businesses have more resources than their customers. It's something everyone in the financial/banking sector seems to assume and it drives me crazy. I run a nonprofit with less than 5000€ income yearly and a handful of volunteers. We have less time and money than one average person who wants to buy something from us or donate. If we got hit by a chargeback storm, we'd go bankrupt in a week.
The same thing happened to me. My solution was to block an IP address from making a purchase after N failed card attempts. It worked well enough to get me back off of the radar of those scammers.
It's called card running. You get a trove of credit cards, so you use them to buy tiny things that the card holders hopefully won't notice. Now you've sorted the list into valid and invalid cards, and can resell the valid list for a lot more money to a scammer who will use it for large scale fraud.
Just to explain, people selling stolen cards have a reputation that makes them money. If they have a reputation for selling cards that have already been burned, they can’t sell each card for as much. But, I’d they have a good way to test their cards, they can get a reputation for only selling cards that still work. This lets them sell each card for multiples of what a fraudster with a bad reputation can charge.
I have no idea why it works this way these days, online fraud should have been solved a long long time ago with technology. The banks/mastercard/visa have the ability to mandate much better security mechanisms (3D Secure etc., 2FA, generating some secure token for any large purchases etc.) so why aren't these compulsory?
The first bank to only authorize purchases with 3DSecure lowers the fraud rate a lot, but people with multiple cards will mostly choose to use other cards, because it's less friction.
Anyway, the merchant eats fraud for card not present transactions. So why would the bank choose to reduce its payment volume in order to reduce fraud it doesn't even have to pay for?
If the merchant says 3D Secure only, it reduces fraud, but also reduces payment volume, because most customers will choose to use a merchant with less friction, especially if their issuing bank doesn't do 3D Secure, or it's broken when they go to purchase.
Reducing fraud is good for merchants, but it the drop in sales may not be worth it. There's a lot of other things merchants can do to reduce fraud that aren't likely to cut into sales as much.
Having worked on the banking side, I’d say it’s because bankers hate technology. You’d be amazed at what some people will do to avoid it. I had one guy retire in 2005. When a new account manager took over his clients, we learned he’d been telling all of them the bank didn’t have email. Just because he didn’t want to adopt it.
And as these additional security settings get more normal it's get harder and sometimes even impossible to pay for your services when you are not in your home country.
What's a payment method actually worth where you have so little control if the payment succeeds?
I really like how they implemented this in India. Due to recent central bank changes, all recurring subscriptions need customer notification before the card is charged. So before a recurring charge occurs (1 day before), they send a sms with a link to cancel that charge if required. Also now most credit cards are providing a single place to manage all subscriptions. So you can approve requests for recurring authorisation (first time) and also delete an existing recurring charge with a single click. Not to mention to be able to see who all are charging or going to charge you recurring in the first place.
To add, the retailers are not allowed to store any card details, like number, dates etc now. They are required to send all these to bank first time, and they get a token only. Next time of a recurring transaction, they simply send this token to bank to charge money.
Customer can see these tokens anytime, along with merchant details, and customer can revoke these tokens anytime.
This is a fantastic idea! Wish it were here in the US. In some areas like fintech/banking it appears "developing" economies like India are light years ahead of us.
There are benefits to being late to market. The US also has close to 5000 banks and nearly as many credit unions, whereas most 'developing' economies have only a handful. Banks have to follow state and federal rules (sometimes both, sometimes only one or the other, depending on the rules and the corporate details). Centralization into only a few firms and maybe a single regulator makes it easier to have consistent features and requirements.
The US too! This sounds great. Even better would be a recurring subscriptions management panel provided by the credit card issuer. Then you could cancel from there, and the service provider would be notified.
The EU already has this but for some insane reason there are no electronic SEPA mandates only paper ones, also you must request the cancellation of the SEPA mandate from the merchant.
I had been using Stripe for a short time a couple of years back. I looked into collecting sponsorships and donations for OSS development via BuyMeACoffee (I strongly advise against them).
As expected, just a couple of bucks accumulated. Then a user sent an unsolicited $15 donation, along with an accompanying comment, asking for macOS user support, for help solving a user issue entirely unrelated to my project. I declined, explained the situation and offered to refund the donation. I never received a reply, but immediately after, I received a chargeback notification. Stripe took the $15 from my account as well as a $15 chargeback fee. The user claimed fraud. An appeal went unanswered, despite me providing all required proof.
In the end, this little experiment cost me money. It also opens up a disturbing avenue of hurting someone financially, given enough credit cards and chargebacks.
It is important to note that Stripe is a wrapper around Wells Fargo.
This means it's an 800 pound gorilla in a dev/bay friendly costume (docs? API?).
They cannot fix the financial system unless they can become Wells. That will not happen. Thus, their actions, pricing, and product development choices all point to Wells.
PayPal has this exact theme of a problem. Or lack of solving.
From your description, this is solidly Amex’s problem, and all of your contact should be with Amex (or with the merchant you can’t reach). I have no idea why they would tell you to contact a merchants credit card processor. In fact it’s such a bizarre instruction from Amex, it makes me wonder how you described this to Amex.
I am curious about your response, what do you think I should do differently? And why do you think this is AMEX's problem?
Also how should I describe a rather basic problem? I told them every aspect of it multiple times to multiple tiers of customer service. Email chains (or lack thereof), website details (include login), they already have transaction details.
I am not saying it's a 100% Stripes problem, I am wondering why I am able to chargeback it 7 times in a row, and that does not trigger any red flags. If a single customer chargebacks a "subscription" multiple times in a row, should that not be an immediate cancel?
Why can I not go to Stripe, fill out my credit card, and click cancel and cancel a subscription? They already have a portal to get transaction information, why not allow me to cancel. Since it's all webhooks anyways, what difference is it if it is through X merchant site or Stripe?
So as you can see, you have no relationship with Stripe. Your have a relationship with Amex and the merchant. Those are your points of contact.
When you make a chargeback, Amex accepts this chargeback, and sends it to the merchant's processor, who then presents it to the merchant for response. This is a process defined in the contracts between each of the parties.
To your other question regarding fraud controls in this system, that's handled in the contracts:
- If you skip out on your debt, Amex must still pay for any charges they authorized. (The payment flow is customer -> Amex -> stripe -> merchant. This flow is reversed for a chargeback/refund.)
- If a merchant skips out, stripe is still responsible for any chargebacks.
Think about what this means: If stripe accepts too many high-risk merchants, they'll lose money. If Amex accepts too many high risk customers, they'll lose money. So they each have an interest in controlling fraud.
So what happens when a merchant gets too many chargebacks (typically less than 1%): Stripe will refuse to do business with that merchant. Why would they do this? Because if Stripe has too many chargebacks, the card network will refuse to do business with Stripe. They may be able to recertify as a high risk processor, but that comes with additional requirements... and if its above those high-risk levels, the card network won't allow stripe to process any payments at all.
This is all defined contractually.
What is the contract you have? You have a contract with Amex: your credit card terms. And you have either an implied or explicit contract with the merchant that they must meet.
Stripe and Amex are not fully aware of your contract with the merchant (refer to first relationship graph above). Part of the chargeback process is the merchant's response. A valid chargeback defense is that the charge meets the contractual terms the customer agreed to (assuming nothing illegal is going on). When the merchant presents the contract in their response, Stripe and Amex can review that contract. Amex (as the card issuer) gets to decide if they accept or reject the merchant's response and issue a decision on the chargeback. (Stripe (on behalf of the merchant) can disagree with this, and it then goes to the card network for a decision.)
So that's the whole process.
If you go to stripe directly (as a customer), you're attempting to do an end run around this contractually enforced process... and stripe isnt going to do that (unless they want to be sued for tortious interference by the merchant).
So hopefully you can see why Amex telling you to call Stripe is so bizarre. What makes it even more odd is that the type of dispute you have is something Amex handles like a 1000 times a day... they have a process for it.
And FYI: Amex can block a merchant from charging you in the future. (Easy on their part: just stop authorizing the charge from the merchant.)
I'm spoke to 12 regular customer service agents (over the months), and 2 managers at this point. How much further up the chain do I need to go? All of them said the exact same thing, "There is nothing more they can do, I need to contact the merchant (I cannot) or Stripe.". I've got it blocked every single time (I guess blocked is an attempt and does not guarantee it will be blocked) I called, and every dispute online via the checkbox.
While I believe everything you said, I have not experienced it.
Do you mention Stripe by name, or the concept of a payment processor at all?
Sometimes when I’m on with CS, if I let it slip that I know a little something about what’s wrong they take the easy out and send me on my way by regurgitating what I just said as the solution.
The average person doesn’t know anything about Stripe or payment processing. I find it hard to think Amex would steer you that way out of the blue.
Is Amex really saying “here’s a phone number to some third party, resolve it yourself”? Totally unprompted?
I would call in and pretend to be as dumb as possible. All you know is you keep getting charged and you don’t want the charges anymore. The business phone number you have is disconnected. Let them take it from there.
I’ll try to add some food for thought: customer service agents and their managers do not know everything. In fact, most of the times, they do not actually know how the products work. They just know what they’re told and they’re only told what they ask. But if they don’t know what to ask, then they can get caught in a situation where they just default to blaming you or someone else so they can close the ticket.
Your best bet is to get in contact with someone who is in sales who can escalate this to an engineer or other more technical person. One way to do this may be to declare that you will tell your customers AMEX is no longer acceptable unless they help you resolve the issue. This may seem harsh but I bet it would work at AMEX and not a VISA or Mastercard
I have a debit credit card. The only option I have to cancel fraudulent payments is closing the card and getting a new one for $40 and changing all my payment informations everywhere.
No idea why this is, and no idea why anyone would give out his data to unknown companies under this conditions.
This sounds like a fun time to run an experiment with getting an injunction against Stripe. Next time it happens, rather than doing a chargeback, sue them for the actual amount in addition to all of your time spent dealing with it. Then seek a preliminary injunction preventing them from charging your card any longer. You can probably do this on your own, although it will be time-consuming.
At that point it becomes a legal problem for them and I suspect they'll be forced to take more serious action.
The only time it makes sense to sue in civil court is either:
- The damages in question would exceed hundreds of thousands of dollars
- You want to make an example out of the defendant and have lots of money to burn
- You are engaging in litigation as part of a settlement extortion scheme ala Prenda Law
America does not award legal fees to the victor - in fact, it's considered so un-American that American lawyers literally call it the British Rule[0]. As a result, small actors - which you almost certainly are - will bankrupt themselves just getting to the discovery phase, regardless of if they are plaintiffs or defendants.
In a few situations, this has become such a problem that US law either provides time-saving motions for common forms of nuisance lawsuits[1] or uses it as a way to encourage certain behaviors[2] out of litigants. However, this kind of fraud case will almost certainly not fall under such measures, and you are almost certainly too small to defend.
Representing yourself in court is technically possible but practically a death sentence to your case. And an actual lawyer would tell you exactly what I've told you, except with actual attorney-client privilege[3] involved, and they'd charge you for telling you that. Except they'd probably also add in a bunch of stuff about class-action waivers and binding arbitration[4] that would make it nearly impossible for them to represent you.
[0] I've also heard French Rule.
[1] Such as Anti-SLAPP motions, though these are not in federal law yet.
[2] The copyright registration system comes with a few key perks; notably statutory damages and the ability to recover attorney's fees. If you do not have either you cannot economically sue a copyright infringer, which sounds like a really good way to comply with Berne without complying with Berne.
[3] I am not a lawyer.
[4] For what it's worth, there are some crafty lawyers that have figured out a way to help people mass-arbitrate, but companies are trying to fight back against that too.
- You want to make an example out of the defendant and have time to burn
Sue them in small claims court. You won't get significant money, but they'll have to burn a little money on lawyers. You have the chance at the moral victory of the judge saying you're right*. You probably have a decent chance of getting on the HN front page when you first file and when you win/lose. You have a noticably higher chance at being covered in the mainstream media than if you just complain on the internet.
*The judge generally doesn't literally say you're right
For such a small transaction, in the US you're stuck with small claims courts, and iirc you generally aren't going to get any damages for your time there unless it somehow interfered with your work hours.
Since this is HN I will characteristically take my precious private moments sitting on the toilet to correct this wrong understanding on the internet. Small claims court is an additional option if the defendant lives in the same state and the amount is small. Civil court is always also an option even if small claims court also applies. So this reply makes no sense. You’re wrong. I know it hurts so bad but it’s okay because we are all wrong sometimes. So we will let it go this once there is no need to delete your account and make a new one. Small claims court is great for some things: I sued my ex land lord who wouldn’t return my deposit. Lawyers aren’t allowed and it’s usually open and shut. Anyway hope you have a great Thursday!
It is if you're not an hourly employee. In small claims courts, you need a pretty clear demonstration of actual damages. You don't get to just make up a number that sounds nice. Therapy bills from stress, maybe, but this scenario seems like it would be taking up an hour or so of time in a month. In any case, small claims courts usually try to get you to go through arbitration first, and stripe would almost certainly cave with a small offer since it would cost less than an hour of a lawyers time.
This happened to me with Citibank. But, I called citibank and got a new card number. Then, citibank gave the new card number to the fraudsters when they tried to charge me the next month.
Unfortunately, I’m going through a divorce right now so I can’t cancel that credit card. But, as soon as I’m free that’s on the top of my list of things to do to start living the rest of my life.
Citibank probably didn’t give them the new card number. There’s a link somewhere between stripe and Citibank that is tied to your account and not the specific card
I will send the full details/email chain tomorrow morning. I appreciate you looking into it, but why does this type of interaction require a HN article for a response? Why do none of the regular methods go anywhere?
Putting out a fire on HN before it gets more press is something anyone would do so it basically means nothing. Now, if a founder commented on here "Don't bother sending me your details. I've un-fucked our support system, just submit a ticket again" that would get my respect.
I’ve talked to one of the founders of stripe on the phone after tweeting a complaint about their product. This was probably ~2014 but I’ve been an advocate for them ever since. It feels like a personal slight to read this blog post. Hopefully, they fix these issues because I like feeling good about using stripe.
Would PayPal give the same response? At least with Stripe you know if you kick up a stink on Hacker News someone there will respond, not that this is ideal but I wouldn't expect to hear from any PayPal employees here.
Last time this happened, OP replied to the Stripe guy something like "you said the same thing when i mentioned this on HN three months ago, i emailed you, and nothing happened". So with Stripe you might well get a response here, but that's not to say you'll actually get a resolution to your problem.
You might have a point. But I think it’s moot because the overwhelming majority of wronged customers won’t or can’t put up a stink on Hacker News or equivalent. So the difference is a sliver.
Yep, is a screen in their consumer-site that shows all active billing plans. Two clicks to cancel. And that page is easier to find now (was buried before)
Yup. It's so obviously better for the consumer (and reduction of consumer support burden) that it's unbelievable that Stripe, or credit cards for that matter, don't have it.
For Stripe to offer that they would have to expose a "Stripe account" for buyers (the same thing the linked article complains about PayPal doing). For cards to do that they would have to move to only accepting merchant specific tokens you can revoke individually instead of the current state where the merchant (or their processor) has your card number.
Assuming the thread gets enough upvotes to be noticed, anyway. That could mean posting at the right time of day, on the right day of the week, following another related story that helps drive more readers to check it out.
While it’s a fair point that with PayPal, you are almost entirely SOL, whereas with Stripe you at least have a chance, it’s not a tenable solution.
With thousands of employees you’re bound to get some (say 5-10%!) which are outright bad at their job or malicious.
The fact the founders quickly offered assistance directly, when they’re business is worth tens of billions is at least worth giving the benefit of the doubt. Even if it’s just for PR, they’re at least doing it.
You should read more of the comments, including at least one that explicitly states how a founder reached out on HN only to never reply via email. It's been documented as an empty gesture, aka bullshit.
Anyway I misread your previous comment, sorry about that.
Just to play devil's advocate... It can be hard to know that there's a problem if it doesn't get escalated to the right people.
I'm sure most devs have an experience where something is broken for weeks before you happen to overhear someone talking about the multi-step workaround for a 5 minute code fix.
I think the same kind of issue applies.. Support teams are encouraged to not escalate, if they do, it often goes to a higher level support (but not any developers/business people). They find a clever solution and that becomes the common practice. It's not until a big stink is made that the right people are aware of a possible problem, and perhaps only then investigate the scope of that problem, and realize it needs prioritization.
Of course, this doesn't answer why the support team didn't even read the email to see you're not asking for a password reset... But might be a contributing factor.
So people came back to empty timelines. Terrible UX, but until someone both experienced it and mentioned it, no one with code access realized how bad this was for returning users. Now there's a friendly message letting returning users know what's going on.
I once found out that an admin person was spending a couple minutes many times a day to open a user profile, find half a dozen different fields and copy them into a word doc template and then printing to a pdf that she emailed to the user. I added a button “generate pdf” for her and she was thrilled.
Put simply, it shouldn't. I'll help fix this when you have a chance to forward on. (We stop recurring payments when a business closes their Stripe account, which looks to not have been the case here.)
Assuming user has issued chargebacks 7-months back to back — why would this not be a signal Stripe needs to understand why and not keep charging the customer; one would think even one charge back from a vendor for a specific customer subscription would require re-authorization by the customer being charged prior to Stripe sending another charge.
Following up here, do let me know if I can help. I haven't received anything to the email address, let me know if there's another way to help get in touch.
Hi Sam from Stripe, how about having a Stripe internal meeting about how Stripe support shouldn‘t consist of "X from Stripe here." HN posts? Are you aware "X from Stripe here." has become a HN meme?
I've done that 4 times, AMEX has a block (multiple blocks as per the reps). But the charges still go through (that's another story).
The AMEX people just keep saying Stripe has a "iron clad contract" so even with that, they cannot do much.
I am not saying it is a 100% Stripe. But why would a company like Stripe allow me to do (successfully) 7 chargebacks in a row. At what point would an account be shut down or a subscription terminated? If this was PayPal, the account would have been frozen ages ago.
I've got a brand new card number, CVC, etc. They can still charge it because the subscription contract exists, there is nothing AMEX can do.
Even with a brand new credit card, reported as stolen, what ever. If a monthly subscription contract exists (which you sign once you click that button to pay $5 monthly I guess), they can continue charging the account.
It’s pretty surprising that credit card companies will route charges to the particular “account” linked with a “number” even if the “number” is “closed” or “cancelled” or “expired”. Certainly not the experience one intuitively expects up front. I realized this when the bank issues me a new card proactively due to a data breach, but old recurring charges still work.
I guess this is both for customer convenience and to give the bank more flexibility, but I think this would be a lot simpler if closed credit card numbers just stopped working.
> Stripe works with card networks and automatically attempts to update saved card details whenever a customer receives a new card (for example, replacing an expired card or one that was reported lost or stolen).
> It is widely supported in the United States, allowing Stripe to automatically update most American Express, Visa, Mastercard, and Discover cards issued there.
Google did this to me with GCS: they automatically updated my expiring credit card. It's not a terrible feature, but I think users should consent to it before companies do it.
Okay. So I can steal an AMEX card (in fact, copy the numbers so that the cardholder is not aware), subscribe it to a bunch of leeching services, and expect that those subscriptions will go on and on even if the holder finds out and changes the card details?
My god.
It doesn’t quite work like that in Europe, as far as I know. The fact that you file chargebacks over and over and they don’t do shit is even more insane.
Which is annoying in its own way because when your card expire, you need to manually re-enter its new details into all the services you're using. And you (or at least I) will inevitably forget one of these until you need it urgently.
Looks less annoying to me than not being able to cancel.
Although in the US people still subscribe to "newspapers" where you can subscribe online but have to wait for hours on hold on a hotline to end the subscription...
Do you have suggestions for replacements for Stripe Connect for marketplace usage? The combination of being able to calculate fees and cuts before you tell Stripe to pay it out to partners through Stripe Connect seems pretty unique.
There are several other Merchant of Record alternatives, but I have not found something that can do quite the programmatic approach you can with Stripe.
Airwallex is pretty good and it can replace both Stripe and Connect.
I am a customer of their banking service and I played with their APIs. It feels like Stripe at the beginning, hopefully they'll be good for this decade
For whatever it’s worth, in your specific scenario, Amex can usually place a merchant block on that specific seller to prevent them from ever charging you again — I know they can for the New York Times, anyways. (I recognize this does not offer value to the Stripe conversation, but still.)
Yeah but such a horrible solution. After the pain of reporting it and getting it changed, now you get to update a dozen or more auto-pay accounts. You're sure to miss at least one and have something (probably important like your internet or phone bill) cut off on you at the worst possible time. Plus you get to spend days without usable plastic. Hope you have a spare card or cash.
Would much prefer a solution simpler/easier/less devstating than dropping Mjölnir on it.
The one part of this article that I totally agree with is how terrible the API integration has become. In the early days, Stripe sold itself on a few things, one of which was the simplicity of integration. Since the whole PaymentIntents and SetupIntents introduction (along with the documentation fiasco that happened at the same time), integrating with Stripe is something like PayPal from 10 years ago. Its shit.
PaymentIntents workflow (including the necessity to listen for webhooks) deserves a special place in hell. Its like they decided to copy Paypal IPN.
I have used, recommended and intgrated Stripe to multiple businesses over the years (generating hundreds of US$ millions). For the past 2 years or so, I have migrated most of them away from Stripe, and any new integrations are done through other payment processors.
PaymentIntents and webhooks are required because of SCA (3d secure) and other type of payments flow (Apple pay, Google pay or just Stripe Checkout) where the user might be redirected to some external services leading to the capture being validated asynchronously.
I have used many other payment providers (in the UK) that deal with 3D Secure (and have done for decades), there's nothing about 3DS that requires things to be asynchronous.
I am currently involved in a project to add Stripe support to a product, and it's a lot more complicated to set up a simple payment than other APIs on the market.
From everything I'd heard about Stripe, I thought the API would be really simple, but it's not.
When I had to integrate the new intents APIs back when SCA launched it seemed pretty clear to me that they tried to come up with an API that covers many use cases (relatively) uniformly but therefore coming at the cost of a huge complexity boost over ther initial "charge a credit card" experience, which, combined with hugely lacking docs on some corner cases we encountered, seemed like a pretty poor decision to me based on what made them useful in the first place when they launched. As things stand I would look elsewhere now for integrating payments
I'm not an expert dealing with PSP, but situations where a payment is validated through a "return to merchant URL" is risky and could lead to payment being captured without the merchant being notified.
Stripe abstracts away all the complexity having to deal with dozens of payments methods behind this single PaymentIntent API, which let you query the status of a payment at anytime (and webhooks are just a way to listen for updates in realtime).
> I'm not an expert dealing with PSP, but situations where a payment is validated through a "return to merchant URL" is risky and could lead to payment being captured without the merchant being notified.
There are ways to deal with that - a very simple one is a "mop up" process, as suggested by the GOV.UK Pay Service:
But then how is this simpler or better than listening for webhooks (push)?
Also, PaymentIntent allows you to query its state (pull) as described in your link.
I'm working though Stripe integration for the first time. It's one of the worst APIs I've ever dealt with.
I couldn't find a single place advising which webhooks to listen to - or what their payloads should be - for simple subscription behavior. It's actually inconsistent in places.
They built and accrued all of this complex billing behavior for all of these incredible upmarket needs, and in the meantime they forgot about the simple cases.
I almost used PayPal or Square. Perhaps I should have.
> I'm working though Stripe integration for the first time. It's one of the worst APIs I've ever dealt with.
Braintree user here, have I got news for you. I regularly have to waste weeks of developer time on payment processing. The documentation is terrible and fragmented, some things are not explained anywhere, support response times hover around two weeks (I'm not kidding), and the canned support responses rarely fit my use case, so there's always a back-and-forth.
This would all be fine if I could just get it done once, but the thing rears its head regularly, what with the newer PSD2 regulations or something else.
As an example, after having done all the 3DS2 integration work (well, it was closer to re-work, as extensive changes were required), Braintree now tells me that 3DS1 is being deprecated (fine) and some of my transactions are 3DS1. Well, which ones, and WHY? I have no idea. I asked support on Sep 27, that was 12 days ago, no answer.
I looked at Stripe and had a really hard time understanding how I can fit my subscription SaaS into it. I think if you fit the simplest common use case and you're willing to outsource everything, Stripe could be simple to use. If you want to be independent in any way, or want to maintain the relation to the customer yourself, things quickly get difficult. But the real reason why I can't even consider Stripe is multiple currencies: I want to settle in three currencies (including USD), and Stripe will only settle in USD to a bank account based in the US. Good luck getting a US bank account if you are an EU small business. Also, pricing looks reasonable at a first glance, until you notice the currency conversion fees and the extra "billing" fee. In my specific case I would end up at about 5.4%.
On the specific point about getting a US bank account in the EU. I’m in the UK and have used Wise [1] (née Transferwise) to set up a ‘virtual’ US bank account. You get a US account number to send to your client / plug into Stripe, and the funds are paid into the Wise account, which you can then transfer into your home currency account at your leisure. It’s worked really well for me and the fees are very reasonable.
Echo this, works really well. Saves many many thousands a month sending Stripe -> Wise US "virtual" account -> UK bank account vs Stripe -> UK bank account.
Stripe's forex fees are horrendous. Wise charges <0.5%, Stripe >3%. The spread here is similar to the credit card charge in the first place!
I found Stripe API really well organized and thought out. Everything is crisp and explained well. It is complex not because of bad design choices, but because payments, especially subscriptions are complex. I've integrated both payonce and subscription payments, takes a lot of effort but that's not Stripe's fault. Payments are insanely complicated and I am actually shocked that Stripe makes all of this possible. They've really tried to make it the best posssible API. It reeks of quality. I would rather have full control than to obscure everything under the rug to make it easy.
I don't get the complaints here. Yea, it is hard to write payments workflows. Learn to properly organize your backend to account for all edge cases. Use stripe test clocks. Use mock objects and stripe CLI. Everything has been handed to you on a silver platter by Stripe IMO.
PaymentIntents and SetupIntents make setting up a basic subscription Billing interface incredibly painful. The documentation is awful and spread across multiple sections of the Help pages so you have to read multiple articles to piece together how it's supposed to work in your specific scenario.
Even understanding when a PaymentIntent is recommended vs when a SetupIntent is needed takes some doing.
And don't get me started on trying to understand whether I need to use the confirmCardPayment or the confirmPayment or confirmCardSetup etc etc functions.
This article is extremely confusing and filled with do many errors it's hard to even list them all. However, the bit I wanted to focus on was the author's claim that PayPal got "sued" and "stopped taking money from people". Getting sued is part of the ordinary course of business for a company like PayPal, and ~85% of lawsuits like that go nowhere, and result in no internal changes. The specific lawsuit the author seems to have been talking about was dismissed entirely by a judge in July, because the contact you sign with Facebook when you use their account explicitly forbids you from suing them instead of going through private arbitration proceedings: https://www.pokertube.com/article/chris-moneymaker-s-class-a... (Chris Moneymaker's Class Action Lawsuit Against PayPal Falls At First Hurdle).
And again, this is the kind of thing that happens to PayPal all the time. The fact that some random lawsuit that never even required a substantial reply from PayPal got picked up by Zed as evidence of their bad behavior "finally catching up to them" really erodes my confidence in the way he represents any of the other details in this article. What else is he misrepresenting or exaggerating?
If it wasn't obvious, cherry-picking bits and pieces from various jurisdictions isn't legal; PayPal deftly deflects any legal challenges to their various dispersed entities making them essentially untouchable if you don't have unlimited resources.
If anyone is interested, in the EU, this is their playbook:
- Ignore all communications unless it's a C&D from lawyers
- Deflect responsibility to PayPal Luxembourg.
- They have, or have had literally 90% of LU lawyers retained, meaning your case will not / cannot be accepted by the majority of LU law-firms due to conflict of interest
- Deflect onto the CSSF (Luxembourg Monetary Watchdog)
- Respond to the CSSF that the complaining company is not based in Luxembourg, which results in the CSSF concluding that they are not the competent structure to rule.
- Case closed, your funds have been stolen, and PayPal has artfully dodged the relevant regulatory bodies.
There are many suit and claims against Paypal. Most of them are settled out of court. Many are exactly about account freezing. The fact that one went to court but was dismissed does not prove that Paypal does not engage in bad bahaviour.
It's not merely the cost of doing business, it's the cost of avoiding judgements against bad practices.
Do note that Paypal did lose some suits, notably in Quebec for example, where customers protection laws are stronger and arbitration clauses in user agreements cannot force you to forfeit rights you have under the law, in particular to sue.
I think you're misinterpreting my comment. I'm not saying that PayPal is good—far from it. I'm saying that the evidence that Zed has presented in favor of PayPal being good (and better then Stripe!) is one random court case that got dismissed 4 months ago, and that's completely nonsensical. I think we both agree that Zed saying "because of one random court case, PayPal has stopped freezing accounts" is just nonsense. So I'm confused about what you're actually disagreeing with with in my comment.
Whoops, yes. I think I was talking to someone about Facebook in a different window when drafting this comment orz. Unfortunately, I didn't notice this reply in time to edit my comment. Thanks for pointing it out anyway :)
I didn’t realize this was Zed until reading your comment. Now I’m smirking thinking of Mr. Shaw getting frustrated by implementing payments “the hard way.”
I think the author is mixing chargebacks with PayPal disputes/claims as PayPal also takes a fee for chargebacks.
Also, one of the things that are wrong in this post is about Stripe rasar(fraud prevention). It's included in standard pricing, it's not 4 %...
My experience over 10+ years using PayPal and 5+ years using Stripe is that Stripe has much better docs. Just had something stop working because PayPal changes their webhooks, and even their docs are wrong.
Just a few hours ago a customer opened a PayPal claim, and now PayPal took the money hostage. The customer closed the claim, but the one case number the customer has resulted in 10 case numbers for me, and they are still open.
When it comes to "friendly fraud" (customer buys something, and claims it was not them after receiving it), it would be hard to do a worse job than PayPal.
If a customer opens e.g. 15 claims for unauthorized use, basically stating that someone else used their card, PayPal usually always agree with the customer on like 12 of them, while 3 of them PayPal think was legit. Sure PayPal, someone stole their PayPal account, purchased digital goods on my service on an account belonging to the PayPal owner that the PayPal owner clearly is using according to me and PayPal themself.
Chargebacks usually costs money, but PayPal claims is basically just a click to take money from the seller, with no risk. So just that possibility makes PayPal much worse than Stripe.
Stripe isn't perfect, but support is better and at least it's much more resistant to friendly fraud.
> I think the author is mixing chargebacks with PayPal disputes/claims as PayPal also takes a fee for chargebacks.
What the article says is that PayPal allows payers to request a refund, which is not a chargeback and is free to the vendor. Stripe does not have a dispute or refund process other than chargebacks and they charge vendors $15 for each according to the article.
I'm sure the business side has its problems, but as a consumer, I far prefer Stripe over PayPal. I've never had a payments problem with Stripe, while PayPal is consistently painful.
I have a credit card issued by a bank in country X, but my home address both in reality and in bank X's records is in country Y. This seems to consistently trigger that fabled PayPal fraud protection the article mentions, making it impossible to enter my information correctly. After lots of poking about in the dark, I eventually figured out that the only way to make PayPal payments through this card is to set my country as "X" and enter a completely fictitious address in X with a separate delivery address in Y, after which the transaction sails through happily.
I tried to pay with Stripe only once and it didn't let me. Can't live in Germany and provide a Dutch bank account. Should not make any difference within the Single Euro Payment Area. Sorry, DeepL, then I will have to continue to use the free version, I'm not missing any features anyway, I just wanted to pay for my use... (I also let support know but they didn't care of course.)
PayPal required for a few years that I use a VPN for being allowed to log in. All the support could do for me was offer to close my Dutch account so that I could open a German account to use here. I hear that others have no problems using PayPal while on holiday abroad, so not sure what's up with that. Sometimes it also throws javascript errors and gets stuck on some loading icon. Plus all the horror stories about paypal.
The things that always worked effortlessly for me were iDeal (collaboration of Dutch banks for online payments), regular bank transfers (always free in the SEPA zone, but takes 0-4 days depending on bank holidays and servers that take a weekend off), and direct debit (provide your name, address, and IBAN, such as at Liberapay, and everything will be arranged automatically). Basically, the European stuff simply works, not sure why.
As a customer: I don't not care to know who you use for payments, I will NEVER interact with them.
Some have pointed out that they had been running in circle between Stripe and AMEX. Maybe AMEX is special I don't know. If there's a problem with my payment and the company responsible for the charge isn't reacting, then it's my banks problem, not mine.
For legitimt companies, if there's any issue with my payment, I don't care how, you can't blame Stripe, as I have no business with them, you go deal with Stripe if they are the issue.
Overall I think many have falsely viewed Stripe as some final solution to payments. Mostly I think because they where easy to create an account with. Even before Stripe it wasn't actually difficult sign up with a payment provider and most of them where better and easier to interact with, even if their APIs where worse.
I've had problems with both, but at this very moment more problems with Stripe then PayPal.
At least with PayPal if I sign up for a $10 a month plan I can go into PayPal via the very very difficult to find recurring transaction area and cancel said transaction. I cannot do that on Stripe.
I strongly feel that I should be able to cancel ANY monthly transaction without having to go through the hoops and juggling act that is attempting to get the merchant to cancel said transaction. If I want to cancel a subscription why do I have to convince someone else to do it.
Just let me cancel my stupid monthly subscription since everyone wants to do them.
To make sure I understand, you (as a consumer) would like a way to log in to Stripe and see all of your payments and subscriptions connected to businesses that are using Stripe? Then cancel recurring subscriptions there?
If you use Apple’s App Store, similar to how they let you view/manage all subscriptions on one place?
(I build things at Stripe, in a space that’s relevant to this use case.)
Just as a contrary standpoint, I personally like to see the Paypal logo and the fact that it is Paypal processing my payment and not some I-roll-ed-my-own just-wait-for-me-get-hacked random system.
I also learned to loathe stripe (and square) due to those PoS system that have ridiculously high tipping options even for transactions that really ought not to be tipping situation. No, I do not want to give 20% tips when buying bread over the counter at the bakery, thank you very much. (This may not be stripe fault, but the store owner. I resent both just to cover all bases.)
I used to tip the highest option at the “woke” coffee shop that I went to on the daily. Then, I asked the barista if she got the tips. She said the employees never saw any of those add on tips and I should give her cash if I wanted to tip _her_.
Yup. I’m just pointing out that tips get stolen that way very often. You should ask the server you think your tipping if they get those tips. Far too often you’re just overpaying for coffee.
Coffee shop I went to today requires you to order from a tablet and it also asked for minimum 20% tip. The nerve lol.
Tangential, but the iPad ordering sucked. Couldn’t find the Flat White option, turned out you have to click into Cappuccino option first, as if that makes any sense. Oh and you order pastries from it as well. What happened to be able to see the pastries behind the window counter?
Why should I tip in those situations? They aren’t considered to be Tipped Employees; they are subject to the same minimum wage as any other non-waiter/waitress jobs.
Because that minimum wage is below cost of living, and there is an implicit assumption in the system that food employees are paid directly by the customers, rather than the employer.
Hurting the employees to fix the system is wrong. Turn your wrath to the employer and the legal frameworks enabling such underpayment.
They simply got blow-back and retracted that new AUP and replaced it with a blank single-page PDF, but very specific, legal language doesn't just get inserted "by mistake". AUP changes, especially incredibly controversial and possibly existential changes, will obviously go through multiple levels of approval and legal at a company the size of PayPal. They just got caught.
I switched a site from WorldPay (hey remember those guys) to Stripe not long ago.
Way lower charges. Way more finicky to integrate and yes the documentation is API reference not 'tutorial'. 100% agree about the weird error cases (to the extent I think I've still not handled them all) and the asynchronous stuff (which I kind of understand but also hate).
Fortunately it's a business model where chargebacks are extremely unlikely so that's not affected us.
I'd honestly prefer some sort of a not for profit organization running them (like Canada's eTransfer with some additions, Europes bank to bank payments, etc). Anytime money is involving it ends up resulting in laundering money, fraud, stealing money, high transaction fees, or anything else.
I want something completely unrealistic- a company that does one thing and doesn't aspire to do more. No extra add ons 2 years in, no extra services, just do payments.
Most of the conventional merchant services platforms do this, but they lack all of the modern-web polish that stripe and paypal and square have. They will happily take your volume on a cost-plus basis if you can handle the absolutely disgusting 1998 web presence and lack of docs, and often the antiquated API's that use SOAP and XML.
They're great. They don't change. All payments API's are shit, but one that is predictably shit and doesn't change once you've dealt with the shit is a quasi-meta-good thing as bad as that sounds. You have a person you can speak to, they know you on a first name basis, and they do a single thing- facilitate your ability to process payments.
I always keep an eye out, and haven't yet found an alternative to PP. My situation is that I sell a hardware gadget, and run my business from a passive web page. PP lets me create forms that link to their website, so they actually handle the transaction themselves. Most of the other services seem to start with: "Here's a sample of the code that you need to have running on your server."
This liberates me from running a web server, having my own URL, or doing any kind of coding. I love coding, and do it all the time by day, but it would add a layer of complexity to my business that I don't need.
PP has worked fine for me, but they always say that you should have a backup.
Liberapay was the smoothest payment experience I ever had, but I don't know if you have to be a non-profit to be listed there or something.
Other than that, I always appreciate when one can simply fall back to a bank transfer, then I can choose to just give them 100% of the money without risk to either party (no magic fraud detection, no cut going to paypal) at the cost of waiting a few days for the payment to be confirmed. So basically, just post your IBAN on your website please and offer to tick that as a payment option. No third party needed besides the bank account that you already need for running a business.
There's no real API (certainly within the USA) for using bank transfers and being told that a payment has completed (even worse, most of the bank transfers are far from instant). So while this can work for a donation model, where the individual payments are not connected with access to services or goood, it really doesn't work where you (the provider of said services or goods) need to know that the payment has completed.
> There's no real API (certainly within the USA) for using bank transfers and being told that a payment has completed
As a consumer, I can just download the transaction list as CSV. There doesn't really need to be a standard API if it takes 5 minutes to map your bank's fields in your favorite scripting language. For business accounts, I'm presuming this will be similar, if not better because they would more frequently actually use it.
Even including thorough testing, it should be a few hours of work, and for that you can save whatever cut third parties would otherwise take before it lands in your bank account, plus the consumer doesn't need to deal with fraud shenanigans that might trip incorrectly.
> even worse, most of the bank transfers are far from instant
Yes, I mentioned that as a downside and it really is one, but for anything but food delivery I'm quite likely to choose this option. The anti-fraud on other methods, as someone frequently working across borders and with uBlock and such installed, just makes it impossible or annoyingly hard to pay too often otherwise. Plus, I don't want to give paypal more money if that choice is available to me.
I make my income from people buying software from me. After they've paid, their expectation is that they will get a link that they can follow to download the software.
This is not possible with US-style bank transfers at this time.
A company I used to work for used eWay as a backup - apparently the fees were a bit higher than Braintree but it functioned perfectly as a failover payment gateway.
Unless something has changed, Adyen only works with businesses with payment volumes in the millions. They don't have a sign up form. It's a "Contact Us" kind of thing.
Their definition of a small business large enough to talk to was annual $50m in card transactions. At that size, your transaction costs are pretty low and the white glove service starts getting pretty good.
I hope their API and SDK got better. It was a pain to implement and use some years ago. Stripe was light years ahead and we ended up switching. Also the capital demands from Adyen were much higher than Stripe.
I would say they’re ok now. But that being said, I feel like we’re putting too much emphasis on the ease of integration anyway. Sure, it’s your first interaction with a payment gateway. But it’s also something you really only do once... I believe other criterias are a lot more important.
Management: "Hey guys, we need to implement some sort of payment system".
Developers: "Ok, we'll see what's out there."
Developers: "This one isn't well documented, this one isn't either... Oh hey this one is."
Developers: "We suggest Stripe."
Management: "Ok"
I think you vastly underestimate the importance of ease of use.
Accurate, appropriately detailed, and up-to-date documentation and references are about way, way more than "first impressions".
I really don't see how it's a hard problem either? How often does a payment gateway API really need to change? Just spend the resources necessary to get it right. If you really need to, hire (another) FTE on docs.
I feel like stripe changed their api every day. They support legacy apis forever but you could definitely have a full time job keeping up with the latest version of stripe.
Stripe also has much better transparency for troubleshooting. You can see exactly what happened to a payment, when and why. In the Adyen UI, it's not even simple to find a given payment. Stripe also has much better docs, and their API makes more sense and gets in your way less. As a developer, I much prefer integrating and dealing with Stripe, over Adyen.
I had to integrate with them years ago. The API was really terrible. Inconsistent, badly documented and overall look like it was released prematurely. It scarred me for life.
The article is full of misrepresentations, some of which were already pointed out. One I have to point out myself:
">People really, really, hate Peter Thiel and Elon Musk. So much so that they will refuse to give my small business money if it goes through Paypal on the off chance that those two guys might get some of it."
This looks like pure spin. I don't know of anyone who refuses to use PayPal because of this reason. (Thiel and Musk are not running the company anymore.) I know a lot of people who refuse to use PayPal because it has some kind of directive to ban people for wrongthink. There are countless instances documented on ReclaimTheNet.org [1], and those are just the ones involving people of notoriety.
There is literally a campaign of people closing PayPal accounts in protest of company's behavior right now. (That $2,500 fine proposal was the last straw.) Guess what? Many people see "errors" when they try to close an account. Dark patterns everywhere.
In short, if you choose to use PayPal as a sole payment method for your business, know that you are alienating a lot of potential customers.
Speaking personally, I refuse to use PayPal as a payment method because its payment form demands a phone number. Websites that only accept PayPal lose my business.
The Thiel and Musk thing is bizarre, I've never heard of anyone being worried about that.
eBay bought Paypal in the 'Paypal Mafia' two decades ago in 2002 which is when most of them cashed out their stock. I highly, highly doubt their founder stock is still in any way connected to the various corporate iterations of Paypal that were sold and resold.
Even 10 years ago this would be a silly thing to be concerned about. Paypal has enough real problems anyway.
Not tried, but also researched thoroughly. The main difference as a ‘Merchant of Record’ is that they are effectively resellers of your product, and pay you a (majority) cut on all sales. As you mention, one of the big attractions for me is the fact they take care of local taxation laws - as a UK based seller I would be on the hook for calculating and charging VAT in all countries that I sell to, which is a massive headache / pain in the arse to get right. Much like the App Store, Paddle removes all of that, as a MoR they are your only ‘customer’ from an accountancy point of view.
Of course, one of the big drawbacks here is conceding control of a critical part of your infrastructure to another organisation. Better hope they don’t hell ban you, or you’ll be totally screwed. But that seems to be an issue with whoever you choose.
You could force 3ds authentication for every charge. Works in Europe, as SDA is mandatory. Also supported with like >98% of customers from NA. Just very few banks do not support 3ds.
Growth of digital wallets could make payment products more homogeneous.
If Apple/Google control the UX and fraud verification, people should go with the cheapest option.
I'd love to buy a cheaper Stripe alternative, and if it has a poor UX I'd only use it for Google/Apple wallet payment, which could be more than 75% in Europe by the end of the decade.
That’s not how digital wallets work, they’re just on the client side, you still need Stripe or something like it to talk to the credit card companies and perform the payment (and all the other backoffice steps required that people don’t know about, swiping the card is the simplest part of the whole process).
This is a maddening writeup to read, only because for developers and business owners the single most important part of our businesses, receiving money from paying customers, is also the most excruciating, arbitrary, and frustrating part of our businesses as well. Stripe was "supposed" to fix this. But as we all know, banking and payments is hard.
I run a nice successful business where premium subscriptions are my primary revenue model, and I as well relied on Paypal for years as my payment card processor. Some notes about my experiences over the past 20 years
1) The Paypal hell-ban thing is real. I had a handful of customers open support tickets monthly with me and indicate no matter what they did they could not successfully send us a credit card payment using Paypal as our payment processor. Paypal just says "Nope" and that's it. For all of the customer's payment methods.
2) It's true, there is a subset of people in this world that absolute loath Paypal and will open support tickets telling you so, which means there's a lot more of those people out there that just bail.
3) A few years ago I transitioned to Braintree payments as my primary credit card processor since I wanted to resolve #2 and just provide a simple hosted credit card form. Surprisingly, the transition was pretty easy, the APIs and webhooks were documented nicely, there were libraries available, and it didn't take me long at all to get up and running quickly. The onboarding process was pretty onerous (you'd think I was taking out a 10 million dollar mortage on a vacation home) but once we got going everything has been super smooth. Highly recommend Braintree.
4) I left our existing Paypal integration in place, and shockingly almost 25% of my transactions still come from people who deliberately click on and decide to use Paypal in place of just a simple "enter your credit card information" form.
I've never run into freezes, or some of the other nightmares seen out there, but definitely payments even in this day and time can be maddeningly frustrating. And there's always chargebacks and some of my favorite customer "excuses" for demands for refunds etc. Like:
1) "My 5 year old son signed up for an account on your service and purchased a premium subscription, please provide a refund immediately" - transaction happened at 2am local to the customer and you've got to provide your credit card CVV.
2) Customer purchases a 2 year premium subscription and then opens a support ticket and demands a refund because "I'm not quite sure what this is" - meanwhile they could have purchased a 6 month subscription to try it out just fine. A surprising number of people will just bulldoze through and buy the most expensive option and then have buyers remorse.
3) "The browser autofilled everything and submitted the payment without my involvement whatsoever" - and then demand a refund. Never mind customer has to literally click the "Pay Now" button.
4) And of course the fraudulent chargebacks. They'll open support tickets and correspond with you and demand refunds and then charge it back as an unauthorized fraudulent charge. Maddening.
5) Various other crazy excuses for demanding refunds or charging back something instead of just outright saying "this isn't what I expected for xxx reason" - they'll throw spouses, kids, criminals, everything under the bus instead of themselves. It's wild.
> I left our existing Paypal integration in place, and shockingly almost 25% of my transactions still come from people who deliberately click on and decide to use Paypal in place of just a simple "enter your credit card information" form.
European here, but perhaps my experience is relevant: for nearly all the online credit-card processors, this step will require push-TAN and will fail for me. A fair proportion of websites are buggy and will not gracefully recover the session after the processor reports failure. Paypal, in contrast, has always been unproblematic.
I'm patient and generally try the card before Paypal, but impatient customers in the same boat may behave differently.
I'm in that 25%. The fewer people I have to give my card details to, the better. It also saves me remembering/typing in the details every time since I just need to use my password manager to log into paypal and then I'm good.
Braintree customer here (subscriptions). I'm surprised you found their APIs well documented, I have a terrible time every time I have to revisit the integration, which I have to do every (roughly) year or so. The whole 3DS2 migration in particular was very poorly handled, with documentation that had nothing to do with my use case.
One more thing which I'm not sure you ran into: Braintree will eventually, at an arbitrary moment that you cannot predict or plan for, block all of your incoming funds and begin an audit. That audit can take anywhere from around a week to multiple weeks, during which time things will appear normal to your customers, but no funds will be disbursed to you. They will request various documents from you, some of which will feel somewhat invasive. From what I understand, this is routine procedure, usually tied to your monthly billing amounts, but could be triggered by other factors as well (unknown).
So, it's better to make sure the business can handle a several week long suspension in disbursements.
I always choose PayPal when it's an option. Always works, I don't have to make a new Privacy card, and don't have to worry about a buggy form not submitting after I've filled it out. I appreciate you leaving it as an option.
Only for payments above a certain level. Many (most?) of my income comes from payments of US$1, and Braintree's fee structure for that (2.59% plus !!! $0.49 !!! per transaction) is untenable.
>After several lawsuits and years of backlash Paypal has stopped seizing people's money illegally. I still have no idea how this was not full on totally illegal, but I'm sure someone can explain to me how payment companies get away with keeping money that is clearly not theirs.
Sometimes the ease of use is just too good to pass on, but you can make it easier for yourself to switch providers later by using a tokenizer so that you own the CC numbers without needing to bend over backwards to be PCI compliant. Makes it a million times easier to switch providers down the road. I just switched to Basis Theory (basistheory.com) and its stupid simple.
>People really, really, hate Peter Thiel and Elon Musk.
This coming from Zed Shaw at least carries more weight than me ranting about this observation on HN.
One of the thing listed in the article that had me really worry was chargeback. And it seems to be quite common in Stripe world. In low margin world $15 is quite a lot unless you have volume.
Corporations really want you to believe that grassroots personal boycotts are ineffective and a waste of time, but the truth is much more complicated.
Enough people boycott PayPal to make a web developer choose another payment product. He writes about it on HN which amplifies the boycott’s message to tens of thousands of readers. Some of them will join the boycott. PayPal’s PR department is presumably unhappy about this reason now coming up in searches like “PayPal vs Stripe.” And it didn’t take any centralized organizing.
No.. because the merchant is paying for those fees. Not the customer / consumer.
You might have different agreements, because you negotiated lower prices because supposedly you have better fraud detection etc.. But that's not the same as "because we feel it's the right thing to do".
On the side of the merchant you do the same.. with "Stripe Chargeback Protection", but you charge for that.
You took a part of the bank's/card's business (risk management), and that's fine, but please don't tell us stripe is doing things because you feel anything.
I am finding myself too locked in with Stripe Connect (we are building a marketplace) where Stripe is handling all KYC, onboarding, payment, and seller payout. Does anyone have any good recommendations on how to build redundancy into this? ie: receive payment via PayPal and build our own payout system
With Connect, you can do onboarding flows yourself with the Custom plan. Note that information gathering and regulatory requirements for onboarding across dozens of countries is a huge amount of effort. We have whole teams working on this problem alone; not for the feint of heart.
In the abstract we don’t care if you do onboarding or we do. Stripe doesn’t make money there. We offer a solution because it’s a difficult problem that we’re in a position to handle for users.
With payouts you could do something similar. I believe there are platforms that pay everything out to one bank account and then pay out to customers themselves. I’m not an expert on these flows, but I believe it’s to cut down on foreign exchange fees—preventing multiple “hops”. We’re working on making this better.
Thank you for the candid response. To be honest, another main reason I want to implement other payment provider is in case Stripe Connect bans one of our sellers.
My goal is to have an approved Stripe Connect account that's controlled by my company (the marketpalce) and pull some sellers, who don't want to go through Stripe onboarding/payout, under it. Then i will build a manual payout flow on top of it.
Which platforms are you referring to? I would love to dive deeper in those.
> Paypal's inclusion of fraud prevention makes it about 50% cheaper than Stripe with Radar.
The money quote. (No pun intended!) I doubt this article will stay on the front page for very long, because HN seems to have a difficult time with content that is critical of one of Y Combinator's biggest portfolio positions.
This isn't quite accurate. Stripe Radar (our fraud prevention tool) is included free of charge for all accounts with standard pricing: https://stripe.com/radar/pricing.
I think this article is equally critical of both companies. Which is quite remarkable given the narrative that was popular a few years ago. We've gone from an obvious winner to a dead heat. Goes to show: if you've got perfect competition, just wait a while...
Paypal is also completely unusable for companies that are based in country with different currency than they do bussiness in. If for example you are swiss (CHF) and do online bussiness in USD or EUR. Once you want to transfer the money to your company bank account it can be account only in CHF and Paypal will insist on doing the conversion with their very “friendly” exchange rate. Basically taking another ~5% making them much more expensive than the rest.
Interesting Paypal didn't allow me to do this because the bank (Wises bank was in different country than my country (which is true). It required bank in my nation.
Did a quick ctrl-f for 'bitcoin' here in the comments.
Finding nothing. Just have to add: Lightning Network payments are ~free, ~instant, and as bearer instruments the merchants aren't responsible for fraud.
The website doesn't work, the email doesn't work, I charge it back every single month, yet Stripe doesn't care one bit.
Attempting to contact Stripe results in emails asking if I need help resetting my password (yes I legit sent an email asking for them to investigate the "company" and they sent back a reply with details on how to reset my password), to telling me to contact my credit card provider.
Honestly both companies are giant bags of turds, if you can you should look elsewhere, you can save money on almost every fee, there are alternatives to every single product they provide, and pretty much all of the alternatives are varying degrees of better or cheaper.