Update: a few hours after this original blog post was published we were contacted by various people at Stripe and got our account reinstated. You can read more about that in the follow up post!
We have heard a lot about Stripe in the recent years but as a European company we couldn’t sign up for a long time, until they finally started accepting UK based companies. We have been a high volume PayPal user – both as a merchant and a buyer – since 2007, with over a million dollars traded on their platform. We had our fair share of disputes and long chats with the PayPal support team but there wasn’t anything unmanageable. There are two major problems with PayPal though: 1) their reputation, a lot of clients tell us that they would like to avoid paying with PayPal, at all costs 2) their API is a nightmare, it’s overcomplicated and lacks features that should be default in 2014. Long story short, we were excited to build out Kinsta’s credit card acceptance program with Stripe.
The signup process is easy, although you have to send in a lot of documents but that’s understandable. While you’re waiting for the confirmation of your live account, you can already start building your client for their API and they provide libraries for the most common languages, which are written based on modern programming standards and as a result of that they’re really easy to work with. That’s not a surprise, as Stripe was born out of frustration of the founding team with payment processors available in those days, they set out to disrupt the industry. And they did: the API doesn’t feel like it’s only an afterthought like it does with PayPal, it’s a real pleasure to work with.
Setting up and starting to receive payments with Stripe is easy.
Then the Problems Start
I can’t remember when was the last time we had to deal with a fraudulent payment online… maybe we’re lucky (or maybe PayPal’s fraud protection is not that bad after all). About a week after we started using Stripe (among PayPal and Bitcoin) on our site, the first scammer arrived. The funny thing is that he paid for the service (apparently with a stolen credit card) and never even used the service! A week after that payment was charged back and as it was already deemed suspicious by our team, we refunded it immediately.
As the number of our transactions increased, so did the fraudulent activity. Again, it’s strange that except one person (who tried to use an account for email spamming, but he was caught and banned in no time) all the stolen credit card abusers just wanted to pay us the money and then do nothing, it just seems illogical to me. If they wanted to test a bunch of card numbers, they could’ve done it with a service that costs $1 or so, and if they wanted to use it for spamming or something else, why didn’t they at least try to do it?
Unfortunately, Stripe has a chargeback fee of $15 so we were losing money on each transaction that, in my opinion, should’ve been stopped by Stripe even before they happened. For example, there was a guy who used the same email address and tried cards from 3 different continents in a span of 15 minutes. Unless he’s the Flash, that’s not really possible and it’s a huge warning for all payment processors I know of, yet Stripe didn’t blink an eye.
As we were losing money and Stripe wasn’t providing any help to stop these whatsoever, we set out to find a company who specializes in online fraud prevention. Here are a couple of them that we heard good things about but didn’t have a chance to check them out yet: minFraud by MaxMind, Sift Science and Signifyd. They’re very affordable, even for a small business. I’m really not sure why Stripe doesn’t have a partnership with any of these companies, it seems like a no-brainer for me.
Before we could finish the implementation of any of the above-listed services, one night (and I’d like to underline the night part) we received an email from Stripe, out of the blue, that stated:
Thanks for signing up with Stripe!
Unfortunately at this time we will need to stop offering service for kinsta.com. Currently Stripe can only support users with a low risk of customer disputes–after reviewing your submitted information and website, it does seem like your site presents a higher level of risk than we can currently support. Unfortunately we will be unable to accept any additional payments on your behalf.” And that was it.
I’d like to emphasize that none of our legit users disputed anything, ever, only the stolen credit card owners requested a chargeback through their banks, which is what you’d expect. What I did not, however, expect from Stripe in any situation is that they’d just close down our account, in the middle of the night without fair notice. Or help. And that goes in the face of everything that we experienced with Stripe prior to that.
They could’ve given us advice on how to minimize frauds, what we could have changed in our form or anything. Plus a warning like “if this continues, we will have to suspend your account” a couple of weeks before the final decision would’ve been nice, too. On top of all that they’re not replying to inquiries about the issue. This is a perfect case study of how not to handle customer relations.
Is the problem with us? After searching on Google for a bit, it turns out that this is a rather usual way to do business at Stripe nowadays. See here, here, here and here. And if you need more, just do a search yourself and pay extra attention to the comment sections. Turns out we’re lucky, we have programmers and can move to another API in a short time. When everyday people who sell and ship tangible products get scammed, it can break their whole business and sometimes their lives too (as we’ve read in the topics linked above). To think that implementing a good fraud detection system could solve all this, yet they don’t do anything about it is mind-boggling.
Not long ago Stripe was just a startup happy for all new clients, set out to disrupt the way PayPal handled customer care and business in general. A few years in and they’ve become the same faceless enterprise. Even if it’s hard as you scale, you should never lose sight of your initial goals so that you can keep true to yourself and provide the value that users signed up for in the first place. This should be the most important takeaway for everyone dealing with customers, including Kinsta.
When you’re building a company that you’d like to last a long time, don’t forget that your current small clients (and I’m not arrogant enough to consider ourselves anything other than tiny in Stripe’s eyes) can grow huge in no time, after all this is the Internet we’re talking about! We’re living in the age of hyperscaling.
It’s also important that as a startup you provide multiple payment options for your clients. Not everyone likes PayPal but not everyone trusts online merchants with their credit cards – and then there are those who like to use Bitcoin. If you’re starting a business nowadays it’s better to be prepared for the “next big thing”. Bitcoin could be one of those.
We sincerely hope that Bitcoin (or something else based on the groundwork laid out by Bitcoin) will get mainstream in the coming years, it makes all this so simple (no disputes, no chargebacks, ridiculously low fees). For now though we’ll talk to a couple of other credit card processing companies (but we’re leaning towards Braintree) and update this post once we have a solution. Until then we can only advise you to stay away from Stripe, they’re not the great startup they once were.