mnehring

Hi - For one of my side businesses, I have a business checking account with a fintech company. (That is, not a bank, but rather providing a user interface on top of an existing bank.) I've been plenty happy with the service (all the features I need, no fees, no hassle). In the course of using my account, I accidentally stumbled across a security bug, where the website will leak other clients' private information.

I tried to get in touch with some higher-ups (co-founder and lead engineer) via LinkedIn, but no luck. I emailed support asking to get connected with some higher ups to report the bug, and they thought I was asking for a job. I called support, and the rep didn't seem to understand the nature or the gravity of the security bug, and said they were forward my report to the "accounts department".

Anyhow, what is the normal and proper procedure you would follow to report this to the organization?

I appreciate the insight!

So, in the past, I've observed that it's been controversial on HN to use DigitalOcean in production environments. (The same can be said of other cloud platforms as well, but DigitalOcean seems to be the most popular of the cloud platforms not in the big 3.) But now DigitalOcean is a publicly traded company, so it's got more of a here-to-stay feel. Has anyone had new thoughts about using DigitalOcean in production now that they are a publicly traded company?

I'm in a bit of a tricky spot. I'm a developer, and one aspect of my software is a web-store add-on. (So, I don't run a web store, but my software is used in my clients' web stores.) Anyhow, I integrated with Stripe because it's an easy and beautiful integration, and I personally bill my clients using Stripe, so I was already comfortable with it. Anyhow, my soon-to-be client attempts to sign up with Stripe, and they promptly decline to activate their account. They follow up with an email, and they very promptly get back a "this decision is final" message. ("Thank you for reaching out about this. Unfortunately, we still won't be able to accept payments for [redacted] moving forward.")

Anyhow, I'm 99.99% confident that their decision was made in error. The organization is a local franchise of a well-known nationwide non-profit organization, and is about as non-risky as they come. However, while Stripe has a lot in its favor, talking to humans doesn't seem to be a point in its favor. So, after that long introduction, here's the question:

Is there a secret path to get to a higher up at Stripe to get a real human to manually review a decision that was almost certainly made in error? I know lots of you have worked with Stripe, so perhaps some of you have found this path.