I'm not going to name those countries outright but you should never ever be launching globally until you have these safeguards in place.
Once you are known to be vulnerable to a certain scheme, it quickly becomes known in that region/country.
Again and again I'm reminded why high trust societies remain high trust and why low trust societies rarely transform into high trust society.
Be careful when taking verbatim advice from internet strangers.
The strongest signal is whether they use an eBank/app that has a one-click button to report transactions as fraudulent. The Apple card(?) seems especially prevalent.
in the case of these "friendly fraud" schemes, they are much more likely to come from more developed regions with strong consumer protection laws like the NA.
if anything in many of those "high risk" regions, chargeback are much less common because fewer consumer protection law e.g. banks would automatically reject chargebacks for transactions with 3DS OTP.
Great advice which is why data is what I'm relying on vs anecdotes.
One chargeback a quarter is a lot, depending.
The US and I imagine Canada are known for the ease of chargebacks.
My experience in Europe is that it's a very tough process to even initiate (as a consumer)
But this QJE article[1] argues there's a ceiling to how far things scale. Concluding that the cost to keep a decentralized network secure scales with its total economic value. So while there is immediate value to it's user, it might not scale well, and can't replace a country's financial system anyway because securing it at a sovereign scale would just be more expensive.
[0]: https://www.mdpi.com/1911-8074/17/10/467 [1]: https://academic.oup.com/qje/article/140/1/1/7824430
Outside of South Korea, from enormous help from Pax Americana, has it ever happened?
Why?
X isn’t bad. You should include Y. You only added/omitted Z because of $stereotype/$racistView/$otherAllegation.
Probably just not worth the hassle.
You can’t ignore the stereotypes, but you can let people figure it out themselves. You don’t have to say it when it’s already obvious.
As a rule of thumb, when you get a chargeback you need to completely ban the customer from your db. This includes:
- card ban - email address ban - fingerprint their access and ban
This will save you a lot of hassle when they try to signup/buy your product again and cause you the same amount of grief.
Yes, many of us are incredibly responsive to customer support inquiries (I have a <1hr response time unless you send in a ticket when I'm sleeping) and it doesn't matter. Fraudsters gonna fraud. This isn't a case of "they asked for a refund, we refused, they issued a chargeback", it's a case of a scammer being a POS.
I've dealt with my fair share of chargebacks and in every case I've seen it's someone being a jerk and never a legit case.
The fact that Stripe won't help you, the banks don't care about all the evidence you have, and you end up out the money for the product _and_ you get hit with a chargeback fee on top of it is madness. I could literally have video of the person holding up their ID saying "I XXXXX agree to pay YYYY" and banks would still side with a the scummy scammers.
I have, quite literally, never had someone reach out via support and then file a chargeback later. They do it without reaching out, probably because they are a trash person and they have no interest in getting anything fixed and are just scammers.
If their total dismissal of the problem is itself deception, that's not a particularly big improvement!
My only nit with Stipe is they don't allow me to delete card details for an ongoing subscription I don't plan to renew and already set it not to renew on the service billing page.
I can assure you that I will take note of your feedback and pass it to our team. Your point about post-transaction abuse detection is valid - while Stripe has robust network-level fraud detection, there does appear to be a gap in utilizing merchant-provided evidence of confirmed fraud to protect the broader merchant ecosystem. This type of feedback from merchants who have direct evidence is valuable for improving these systems.The camber, affirmation, word choice, triplet phrase... leaves me wondering. But without a smoking gun its hard to know if a model call was fired.
Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?
Certainly I wouldn't want the inevitable news drama about it. "I'm just a poor innocent grandma, I'm a trusting person when it comes to Facebook ads, and Stripe punished me for getting scammed by banning me from half the stores on the Internet!"
The thing that gets me is that Stripe boasts about their machine learning radar rules etc etc, but somehow can't feed it actually valuable data.
Stripe support saw the emails from the customer boasting about defrauding me, they completely agreed that this is a clear case of friendly-fraud, but did nothing with this info.
Certainly a person showed up in person to a class, but how do you know it was the person whose credit card was used?
Yeah, maybe Stripe could do more without Radar, but I imagine it could also be fraught if Stripe was in the business of blocking customers from their entire network based on one vendor's complaint. Obviously a lot could go wrong with such an approach.
That was the point I tried to make with my blog post. And yes, if it was too easy for merchants to block consumers, that won't be fair either. But surely there's a middle ground here.
Stripe very explicitly told me that they don't do anything with such reports. It's simply ignored.
Also I just wanna throw some praise at Stripe Support. They have an excellent team and go above and beyond to help.
I have worked in card issuing for years and I have seen various submissions by merchants I know that use Stripe where I _know_ that they have an absolute winning case under the network rules that Stripe refuse to contest.
Stripe have decided that fighting most chargebacks is not worth the money, probably becasue they can just pass the costs onto the merchants and let them eat them and the merchants will not go elsewhere.
“You probably don’t want a system where one annoyed merchant can get someone blocked across the whole Stripe payment system. But there’s a pretty big gap between “automatically block this person everywhere” and “thanks for the screenshots, please consider Radar”, and this is where it gets frustrating.”
I'm surprised they were able to get Stripe to actually state all of this clearly. It's nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
(it took a bit of back-n-forth to get a clear answer, but I did get a clear one. Their support is still excellent from my experience and communicate well)
I think this hits on the spirit behind GP's point. Clarity, leading to an article like the one posted, gets more people upset. The equation (Upset/People x People) results in a larger number -- people, as a whole, are more upset.
>But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.
If a company is vague, there's nothing to write about, one person (maybe) gets more upset than they would have facing clarity.
But if the company is clear, there is something to write about, and an article like the one posted makes people, overall, more upset.
"Friendly fraud" is accidental or with the correct intentions – such as the customer not recognising the charge and charging back.
"Just fraud" is already taken for "criminal c uses unwitting cardholder a's card at unwitting merchant b", so what's your objection against "fiendly fraud"?
Even in the post you're wishy washy about what you want. They offer a product that does enhanced fraud detection but you don't like that. You correctly call out that there's major risks with taking a merchant's report and using it to flag a user's future transactions.
* Turns a blind eye to misdeeds on its platform
* Locks out adult creators/vendors after taking their money
* Is ubiquitous, but not well liked
I love that Stripe changed the game of fintech and made it accessible to more parties in a programmatic way, but I find myself repeating “avoid Stripe” to a lot of folks asking me for advice on dealing with payment nowadays for those reasons.
1) Incumbent is slow, clunky, unpleasant to deal with due to years of accumulated constraints to deal with
2) Newcomer can differentiate themselves by being nimble and pleasant to work with, taking market share
3) Over time newcomer has to deal with increasing amount of scrutiny, fraud, overhead, CYA type practices, etc
4) Newcomer is now incumbent, goto 1)
No affiliation, I've just seen them used–it would be better if you self-hosted a BTCPay server.
Most paypros, most of the time, won’t look too hard unless there’s a problem or you’re tripping some internal security measure (like raking in a lot of cash in weird amounts). Of late they’ve been more intrusive due to some weird eTeen puritans, but that’s quieting down again as they remember they like making money, and throwing legal content off their platforms can very quickly cause an exodus of customers looking to avoid having their funds seized.
For me, I do a cheap subscription (4$/mon, first month 2$) and one dispute costs me like 20-30$. So that one person wipes a ton of profit from me. I always try to refund them (but you can't refund a customer with a dispute in effect).
Stripe is great to get going, but has a lot of painful points.
I always thought things are easier with a physical product where you have a 3rd party like DHL that proves delivery was made. But at least in my tiny sample space, that’s not enough to win the dispute.
I suspect Stripe walks a fine line where they want to help you prevent fraud, but they also want to avoid vendors complaining to them that their customers can’t pay.
Context: I worked on a payments team for a short while.
How is it natural if DHL had proof of delivery.
They have a comprehensive customer ID system and let you adjust desired risk levels for various forms of fraud.
Epic username btw lol
The point many people have made here is fair. That this is not just about whether Stripe can reverse a specific dispute after the fact; it’s about whether clear evidence of chargeback abuse can help protect the next business. We can do more there.
There is a real balance to strike overall that we are working towards. We do not want a world where a report from one business automatically blocks a buyer across all businesses on Stripe. Legitimate disputes happen, consumer accounts get compromised, and false positives from over-blocking can hurt real buyers.
But there is a gap between “automatically ban this person everywhere” and “thanks for the screenshots” and we want to build solutions here.
We've seen friendly fraud grow significantly, and it's pushed us to evolve Radar from transaction fraud protection into a broader product that protects a business from fraud and abuse across various points in the customer lifecycle, like account signup, trial start, etc. There's a ton more we can do but here's a few things we're working on to help:
- Tracking serial chargeback abusers. We're working on identifying serial abusers of the dispute process across Stripe's network, and surfacing that to businesses before the transaction happens, as well as leverage it in our decisioning.
- Scoring the risk holistically. While we'll keep building fraud and abuse solutions that help at individual points of the customer lifecycle (trial, payment, refund, etc), we're starting to score customer accounts themselves for aggregate abuse risk, leveraging Stripe network data. We're actively working on product-izing this now.
- Helping you win disputes when friendly fraud happens. Friendly fraud can be really hard to capture. We want to prevent as much as possible, but we also want to make it as easy as possible to fight back against friendly fraud when it does happen. Our Smart Disputes product already incorporates friendly fraud insights into the evidence we compile, and we’re seeing early success. We're building more defenses as well as working to enrich merchant-submitted evidence.
Many of our best ideas come directly from our users. If anyone wants to share feedback on Radar, feel free to email me at jacobmeltzer at stripe dot com.
That said, I don't think you're really addressing the main point on my post. There is clear evidence here of intentional fraud, yet Stripe does nothing with it.
And from what I gathered previously with my own experience, and supported by comments on this discussion, Stripe win rate for disputing chargebacks is virtually nil. I'd love to be proven wrong here if you can share your actual win/lose rate stats.
Notably disputing a credit card charge is completely independent of whether someone owes the debt, the credit card is simply a convenient way for that payment to be handled. What's the point where other collection methods make sense? As an example, if you're consulting for someone and they pay you $x,xxx via card then charge it back, at least in most of the US I believe it's legal for you to do your own collection efforts and contact them repeatedly (this changes if you sell the debt and it's a third party attempting collections).
You can try to collect through persistence, or take them to court, get a judgment, and then a court ordered collection. It all depends on the value of your time.
I’ve heard rumors that some merchant agreements with processors may include arbitration clauses for recovering chargebacks, but I’ve never seen it personally.
Stripe Radar was not a good product. It would score large numbers of very suspect transactions at a risk level of 1 or 2 (out of 100). I don't have an ML background, but something about their methodology was just flawed. It behaved as if there was a wire loose in it. Unfortunately, I don't think they're very incentivized to care.
Anything that actually discourages that behavior directly is better than some slightly more negative reputation in an opaque fraud detection system.
Do better Stripe. Be better Stripe. Or eventually we will find someone better. Think. Don't enshittify. Your support has already become covered in it by doing the needful.