ENGNR4 years ago
That’s low
We process about 5-10M a month through Stripe since 2018 without issues. On the 27th of December they have given us 48 hours notice, whilst the entire company is being ran on a skeleton support crew to completely get off stripe and switch to another processor.
We've been in touch with them recently and this was never brought up. We've already started the process to switch do an actual acquiring bank rather than a PSP like Stripe but there's no way this can be completed now in 48 hours, IN BETWEEN CHRISTMAS AND NY.
This seems to be in line with the race to the bottom support from Stripe but pulling something like this is a new low.
So hoping that someone here can escalate.
1. They already hold 50% (!!!) of all our revenue in reserve for 90 days for the last months (currently a couple of MILLION USD)
2. We are already in the process of moving away from Stripe but they have until now never pulled something so low. The reserves are already massively hurting us, hence moving to an actual acquiring bank but now giving us 2 days in between Christmas and NY is just insane.
Again, I'm not forcing Stripe to do business with us (even though we never had issues in 4 years and processed millions through them). I just want them to give us a bit more time than 48 hours to switch to another processor in between Christmas and NY.
Never had the option to pay at the hotel upon arrival.
What I don't understand tho is /why/ a merchant will often accept a credit card but not a debit credit card. While there's differences in fruad protection and refunding, the main difference is debit credit card draws on funds you have while credit card supplies a line of credit to re-pay at a later date.
If you only book a hotel then you'll probably get the option to pay upfront or settle afterwards, but if you buy an entire package deal from a third party comaonty then you usually get asked for some or all money upfront. These packages are often more expensive than going through the effort of finding a good deal yourself, or they're cheaper and rely on a lot of deals not falling through.
I wouldn't trust my customers to show up without at least a reservation on their account, especially now with new covid waves and potential anti covid measures threatening holiday fun.
So, over the last 90 days you've had $4M of revenue, or $1.3M per month. That's rather a lot less than 5-10M.
Ahh the modern P/I/SAAS method of working.
What’s your resilience plan? Surely you have a plan if a supplier stops working with you? With 10M revenue it seems irresponsible to have all your eggs in one basket.
Tens years ago I implemented a payment service for the ecommerce site I worked for. Our main fear wasn't that a payment provider would cancel our contract with 48 hours notice, but it was certainly something that concerned us. Our main goal was to work around instabilities as the PSPs at the time. They where nowhere near as stable as we would have liked. We also wanted to be able to add or move between PSPs in the future, to get better deals.
At any given time we had active contracts with at least two PSPs providing credit card clearing, as well as a few with "buy now, pay later" options and a few payment options for various local markets.
The service/gateway I build would take a order and return a list of payment options that would be valid. Valid meaning available in that country, valid in terms of total amount, insurance and so on. The customer could then pick whatever payment option they preferred.
We where able to turn on or off payment options with a checkbox. So if/when a PSP went down, we could just switch to our backup PSP. Sure the cost would be a bit higher, but that's preferable to losing the order.
Pushing $10M+ though just Stripe, and betting that they will never be down, never fail, and never decide that you violated some rule is nuts. I'm not even faulting Stripe, because other providers WILL do the same.
This is where the Stripe CEO will reply to you when all their support processes have failed, and you have no other course to save your business. That’s the way all $122billion companies operate.
If he hasn’t been here yet, stay on hold he’ll be here soon.
Patrick? Catastrophic customer support fail call for you….
(Call waiting music….) Oh dear he’s on Christmas holidays. I’m pretty sure their automated processes suspended your account for good reason. If you feel this is not correct, email your case for why you should be allowed by us to have a working business to noreply@stripe.com
If you want to know whether a famous Windows audio app works on Surface X (ARM), just ask them on Twitter because the web site sucks and mails aren't replied. If you have an issue with your groceries, just call them out on Twitter because in the store they don't care. For big tech, use HN. Fine.
Pivoting the angle on your perspective a bit:
"If a customer having a problem with our service isn't technical enough to backchannel us, they're not technical enough to be a viral thorn in our side."
To be clear, this is a process defect, and no company should aspire to build this into their processes as a feature. It's a net negative for absolutely everyone except perhaps you, me, and in the short term, the company. I'd argue it's a long term negative for you and me too as we hawk a service to others based on our current experiences, keeping the product from improving for everyone, including ourselves.
A good example of this is apple card support. You just text the support line. It's great because I don't need to wait on the phone. If someone doesn't have the info I need they can pass it on without me needing to know about it. I can continue my day without making a chore out of something. This is the part I was trying to highlight (not the reduced access to support).
> This is how support is handled these days.
... with an implied all other things are dropped/neglected and you replied with
> I personally don't see this as entirely a negative.
I fully agree with your point that companies being available on social media, but your first comment can be read as supporting that other avenues are dropped and that's clearly a negative. The grandparent clearly replied to that reading of your comment.
No option to reach a human by phone, chat, email. It felt pretty awful.
Edit: I should clarify that I mean Amazon retail. I don't use AWS, but I imagine it has much better support.
Edit: I should clarify that I mean Amazon retail. I don't use AWS, but I imagine it has much better support.
Where pleasant in this case is the person replying took the time to read the words you wrote and confirmed that by prefacing most sentences with "so I see you're trying to do xyz", followed by a thorough and well thought out response with references and suggestions.
So many times I've emailed other places (multi-million dollar companies) where it's painfully clear the person replying didn't read anything and some tool scanned my email for keywords which they auto-replied with even though the response makes no sense based on what I wrote. Then it takes additional days and back and forths to get to the point where they understand the original email that was written, in which case it gets "escalated" to another support team / tier within the organization where the process starts again.
These days? When was this not a standard practice for the financial industry?
Most of the time when a bank (or similar) decides to close your account they literally can’t even discuss the reasons with you without putting themselves in jeopardy.
Work for a hedge fund under both US and UK regulatory authority.
It's scary to think a processor can't answer a phone call but hold your entire business' money in their hands.
This is insanity.
Obviously, it would be great if nothing ever went wrong. It would be better still if Stripe had a couple of thousand people manning the phones over Christmas. But automation can and does fail and I figure that by now anybody that decides to farm out a critical portion of their business to a large company is able to figure out for themselves that such a dependency has risks as well as benefits.
It still sucks for the OP, but your characterization, using a novelty account at that, is below the belt, especially on a one-sided story that appears to have plenty left out.
I think this event, and many others (and Stripe is very far from being the worse of the lot - looking at you Apple & Google) shows that these companies simply do not value their customers' peace of mind and are perfectly happy to send automated notices and perform automated takedowns without a (relevantly informed & powerful enough to act) human in the loop, and without the possibility of a meaningful appeal (that gives actual reasons and not "you have violated policies").
Automation can fail, but this begs the question of why this is automated in the first place, given the consequences. This is also not a business bringing in 100$ per month (though I will argue they also deserve respect, but I understand if they're not giving quite the same care as business bringing in hundreds of thousands or millions).
This is a disingenuous argument in general. If cars were much more unsafe than they are, would you also blame car crash victim for driving a car knowing what the risks are?
The pattern is as follows:
- A: I had a really bad accident, we should make these vehicles more secure. - B: No, you had to be aware that it was risky.
- A: Stripe jeopardized our business, they really should have better customer support for these cases. - B: No, you had to be aware it was risky to use them.
It's a non-sequitur: the plight for increased security/customer support is in no way hampered by the fact that the buyer had to be aware of the risk (which I guess he had, but ... so what?).
“Disgusting” is a hilariously strong word to use against someone trying to hold a 100B+ company to a little heat and get attention to their cause.
“Assume positive intent” is a facade for “don’t assume negative intent” - but that doesn’t mean we should dip into the good-will bucket for every company spokesperson here.
If you want to go after the CEOs of other 100B+ companies be my guest, they usually are jerks. But in this very specific case that is not so.
Why don't you directly reach out to them, instead of posting to HN?
I don't want to see this place turn into a tech support forum, and no I don't care how much money is involved.
But this time it isn't mere indignation, the OP is desperate. How much money is involved matters.
I read you're in the hospitality business, did a whole bunch of people cancel/chargeback because of the omicron covid wave, maybe? Just trying to see if there's any reason Stripe may have picked this moment to kill your contract with them rather than any other.
From a business perspective I can see why the timing sucks but this week is just another week, especially with Christmas and NY falling in the weekend. Companies generally try not to pull these stunts around (American) holidays, but there's nothing more special about this week than there is about next week or the week before. You can't expect Stripe to turn off their fraud department for two weeks because it makes the flagged companies sad.
If I were to design an anti fraud system, I'd make sure that the more problems I have with an account, the swifter I can react to changes. The payment processor may be more liable to cover damages if they already had a hunch that the company they were dealing with was bad when fraud took place.
Sounds to me like they just wanted you out and found a reason to get rid of you.
Good luck resolving this.
https://stripe.com/docs/security/data-migrations/exports
However, the card details don't go to you. They'll transfer the card details to another PCI compliant payment processor.
Are You sure your not just dreaming/sleep walking right now?
Just to put things in a bit more perspective You claim that You gross between 60 and 100 million per year in sales. Anyone can do a google search of the top global travel companies based on sales and unless You are in the top 100 those numbers don't jive. Any top 100 in the world company would have their lawyers all over this, even over the Christmas to New years dearth.
Other areas of heightened risk of fraud could be non-delivery of goods (physical item never arrives, resulting in claim via card issuer), defective goods or not-as-described (merchant is just box shifting crap they've never actually seen, and complaints will arrive), or insolvency of the provider.
There have been cases in travel and hospitality where processors put 6 month cashflow halts on funds, to manage the perceived risk of non-delivery. This can in itself be enough to bankrupt the company relying on the processor! (See https://en.wikipedia.org/wiki/Flyglobespan#Financial_difficulties for an example in the UK affecting an airline, where the card processor placed a halt, but had actually spent or otherwise exappropriated the funds)
I only get a 2fa confirmation if it’s some absurd amount of money
Given Stripe is pretty popular, it feels like for many it is becoming the "S3" of payments in terms of an API. Would it be viable for others to implement the same API on the basis of compatibility, portability and interoperability?
In the past, I recall dealing with systems where you'd have multiple backend processors for major external functions, and you'd load balance which provider was used. Some might have more favourable pricing, and be a preferred partner, while others might be potential future preferred partners being tried out (see how many failures you get from them, compared with the current preferred partner).
It seems that, if this was possible to implement (card tokenization obviously being an issue here), you could have multiple independent backend providers implementing the Stripe API as a provider, and you load balance across them.
Just like how you could use another S3 API provider for storage if one is giving you hassle, or not offering satisfactory performance or support. Sure, you have migration work to do, but having the same API and underlying properties should speed things up and let you get new transactions onto the new storage ASAP.
ACME is like this for SSL - there's now multiple CAs implementing the one API. Could we get there for payments too?
The complexity is usually compliance (eg KYB, sanctions checks, AML) and while payment processors have done a lot to reduce the time and complexity it can still be a long and painful process.
In my experience (I’m CTO at a payment network) technical integration is <10% the time for a merchant doing this kind of volume moving processors.
Finally, what you described has happened. A lot of payment processors have been heavily influenced by Stripe’s DX and align relatively closely, or at least closely enough to make transition easier. The challenge is that few even medium sized merchants just use the core ‘move money’ APIs that are ‘easily’ replaceable, they use things like reporting/reconciliation, anti-fraud and a host of other products that make up an ‘ecosystem’ of products that in combination is very hard to replace quickly.
It can be implemented, it has been implemented. Let's say that you'd like to move from one PSP to a new one, but you also have old PSP manage storing credit card information for you. All you have is a weird token, which represents your costumers credit card, but locked to you store. When you switch, you send the list of tokens to the PSP, which will then exchange information with the new PSP. Lastly the new PSP will send you a set of replacement tokens.
Granted it's not super automated, and not something PSPs will do, unless you're moving between them, but they can do it.
That JSON-dump includes the card number, expiry, and billing address.
Most people don't realize is that paying with credit cards mean dealing with as many as four companies. The store, obviously, then the payment service provider, an acquirer and then the actual credit card company (and then maybe your bank).
The acquirer is normally pretty invisible. Some companies acts as both PSP and acquirer, but some PSP also use the same acquirer, or support multiple. In the later case, you can actually switch PSP, but keep the acquirer. In these cases I would guess that you could avoid doing having to transfer raw credit card data between PSPs.
The very sad thing is that bitcoin was designed as a proposal to circumvent this specific problem. Be your own bank and stuff like that.
Then bitcoin and other cryptocurrencies became what they became... Basically speculative bubbles.
It's true that modern cryptocurrency is largely a pyramid scheme, but it could have been so much more.
This is why we (note the royal we) can't have nice things. It is also why becoming a financial services provider is a late-stage growth milestone of a business. Once you get past compliance, monitoring, and risk management boss, offering a line of credit or other finance products is an exercise in bookkeeping, and scales relatively trivially given sane accounting practices and managing your liabilities/issuing demographic.
If as a business, you achieve that and are still even remotely true to your original roots, congratulations, you're The Man(TM) now.
ProviderS. Plural.
Yes it will cost more to integrate with a different API, but not an enormous amount.
They've even implemented the load balancing idea: https://www.spreedly.com/smart-routing-for-payments
Pricing is in the hundreds-per-month plus cents-per-transaction, so they're not a fit for all businesses. But if you collect high-value transactions and keep cards on file (for subscriptions, SaaS, etc.), I highly recommend building on top of them rather than on top of an individual processor, as well as maintaining multiple merchant accounts with different providers. Business continuity is the name of the game!
Doing your own PCI compliant credit card storage system instead of relying on your payment processor's tokenization system is not too difficult, but is a bit of a pain in the ass.
The biggest problem I see to switching between payment processors is the Visa and MC stored credential requirements. A few years ago they changed to a system where when you store a credit card you have to set a flag on the first transaction that tells Visa or MC that you are storing the card.
When you do subsequent transaction using the stored card, you have to tell them you are using a stored card and send them a reference to that original flagged transaction.
Most payment processors I've used give you a transaction ID that is something they generate, not the transaction ID that the Visa or MC network generates. If you are doing your own card storage that can lock you into using that same processor for future on-file and recurring charges on that card, because only that processor knows how to map the transaction ID you know (the one that processor generated) for the original transaction to the Visa or MC transaction ID.
Note that even if your current processor provides a way to get the underlying Visa or MC transaction ID there may be no way to use that with another processor. The other processor's APIs that take a transaction ID are going to expect one of their transaction IDs.
I'm not sure how widespread this is. Visa and MC announced their "Stored Credential Framework" several years ago. As the deadline approached for when it would become required, too many major payment processors were not ready and so it was delayed a year. By the end of that year there were still major ones not ready (Authorize.Net for example still hadn't even said what their plans were) and so it was delayed even more.
The processor we use was ready by the end of the first delay and we got our system converted to work with that, and I stopped following what was going on with the others so have no idea if it now actually is required everywhere or if there are major processors that still have an extension.
I work in this space and I’m sure we can at least get you up on something temporary while we sort this out.
Why not leave them indefinitely? They get to slack on this and send everyone on to a switchboard because we keep using them
What line of work is your business in by the way?
VISA found out before we did, and basically told us to shut it down or lose the ability to accept VISA cards. All this was communicated via the PSP.
I know that bringing up crypto creates a strong positive/negative "with us or against us" reaction. But it would be great if we could discuss this question on a technical level this time! It is a real question: Will using Bitcoin and the lightning network (or similar technologies) free us from the constant fear that a human or algorithmic error kills our business?
And I would expect that running your own node is as easy as setting up a cheap $10/month VM, download the software, start it, wait some hours until it is synced and then you are good to go?
Could it be an area crypto addresses in future? Sure why not. Without becoming basically the same thing? Doubtful.
(In service of interesting conversation, I'm excluding all other current deal breakers such as transaction cost, time, volatility, complexity etc and assuming a "but coin but works / practical" magical Crypto of future :)
Regarding "fraud detection" - isn't that a self made problem of payment processors? When the settlement is instant, the merchant does not need to be afraid of fraud. Bitcoin paid via the lightning network is paid and can not be taken back.
There is no instant settlement between entities at different institutions. If you are in the same bank, you can pull it off because the money never leaves your books. If it does leave your books, you're riding the overnight ACH, and incurring propagation delays as the receiving bank filters the funds through process.
Remember, all networks are glorified, process driven, protocol mediated implementations of humans playing a repetitive game of telephone. The chain ain't done til everybody is done metaphorically talking.
>Regarding "fraud detection"
Let me reframe your question in a more familiar context. Fraud becomes software exploitation over an internetwork of trusted hosts. In theory, if no one was a dick... there should be no problems.
>Bitcoin paid via the lightning network is paid and can not be taken back.
This is an anti-feature in the the financial service space. In fact, a really conservative institution won't even consider a transaction truly settled til the dispute window lapses. Mistakes are made, accounts compromised. Lack of reversals or process to accommodate the work stream does not paint you in a flattering light.
thats why we switched to Stripe, believing they wouldn't shut you down without reason.
Just saying. The perks of cash don't stop at what everyone considers virtuous or convenient to those looking to control economic activity from the top down.
I sent Paddle an email explaining what I was trying to buy, with a screenshot of the payment modal and error message, and their reply was an email bot that said:
> I wasn't able to tell exactly which transaction you're referring to, but it looks like your email **** is linked to a purchase of Unlimited icons pack from Icon54 on *** ** 2017 for USD 0 (order number ######).
> If you need further assistance with this purchase, you can follow this link to chat with me, Kino. I'm a virtual assistant, available 24/7 to help you with this matter.
I emailed this reply to the creator of RunJS and asked him to follow up with Paddle to help me buy his software.
His response was:
> I'd recommend following the instructions that Paddle provided.
> I'm, unfortunately, not able to assist with payment issues.
So my takeaway is yes: payments are broken, especially with Paddle. Payments would be less broken if anybody along the chain cared enough about support to solve payment problems.
Also welcome to why I've been trying to get away from finance and failing miserably. The human cost quantification is far too high for my tastes in my reckoning of hours of suffering induced.
There's some profound revelation on the nature of the great farce that "you can do anything, as long as the money holds out", but this is likely so tautologically obvious it makes very unstimulating discussion.
Events are delayed, no customer support, sucky sdk.
Don't touch them with a 10 foot pole.
That does not tie in with the OPs comments in this thread. I am happy for the OP to correct me, but thought I'd mention this.
Seems to be active in Singapore though?
Edit: actually, maybe not: the doc mentions March 2021 and Oct 2021 funding...
Staff costs are roughly £900,000 of the £1.2M loss and they received investment of £5.5M
These are for year two of their business so they’re not huge losses for a venture backed business and suspect they could have sustained the same level of loss year to Dec 31 2021
I tend prefer bootstrapped businesses but these accounts don’t look too bad
In fact, lower down the thread we can in fact see the OP mentions that rather than processing since 2018 "without issues" as they claim in their post they had their reserve requirements increased a few months ago by Stripe to 50% of revenue held for 90 days!
This is a very substantial reserve requirement and presumably there was a conversation between Stripe and the OP's company at the time about the fraud or risk profile that lead Stripe to impose these increased reserve requirements. Presumably whatever prompted the increase in reserve has got worse and caused Stripe to decide the business relationship is no longer worth it.
On the other hand - just 48 hours to leave doesn't seem like fair play. So either 1. the OP is misrepresenting the communications they've had with Stripe over the past few months (including how abrupt the shut down notice from Stripe actually is), or 2. Stripe really will make snap algorithmic decisions over the future of businesses without remorse...
Maybe there's a way for Stripe to show which it is without breaking any of their privacy considerations.
From OP's website (pomelo pay):
> By partnering with international banks in 2018 we engineered a simple and effective method for their merchants to receive payments using secure QR code technology.
> In 2020 the world has changed and social distancing has become the norm. From city-based side-hustlers to local sole traders there is a need for flexible, safe and adaptable finance tools that are reassuring, not rigid.
> We truly believe that our toolkits, that include low-cost payment features, simple e-commerce platforms and innovative QR code solutions, will help businesses get back on their feet without costing the earth.
We can't say that as a general statement. You can't suddenly start using your account to process, say, ransomware payments and expect a month grace period since it's Christmas and you need to update all your infected clients.
I'm not saying that this is what OP did and it seems likely to me that 48 hours is an uncalled-for short notice period, but there definitely are circumstances where this would be fair.
At most companies I’ve worked at, we’ve at least done an exercise in keeping our core business process running or available on a competing cloud / connectivity provider or OS, or on prem and offsite. Is it impractical to try and do this with your payment processor? I.e route every 3rd customer to PayPal instead of stripe? Legislative / contractual reasons prohibit this perhaps?
Absolutely not blaming the OP here for their situation, a business has made promises of an easy life for payment processing, they’ve (presumably) been paid by the client but are now causing trouble - this is clearly crappy. But it is not exactly uncommon sadly.
Edit: Further reading of the comments here do seem to make out that this case in particular might not be as clear cut as first seen. But my general question still stands.