Migrating from PayPal to Stripe and back
Resuming on the experience from the blog Kinsta kindly published sharing their experience with Stripe (https://kinsta.com/blog/startups-avoid-stripe/), we must say that hardly anything has changed and we wished that we were made aware of the dangers that working with Stripe pose for a startup where cash flow is the lifeline of a business.
We have 2 startups both working on PayPal payments over 5 years. Our decision to move away from PayPal was because we felt that more than being a payment processor, their focus was to increase their brand and most of this marketing was being done during checkout which made us see a considerable amount of orders being abandoned. Customers simply refused to create a PayPal account (even though it is not needed, the process of checking out without one was cleverly hidden to sway our customers into doing so).
Then came stripe, which seemed like a marvellous development, their checkout was a simple pop-up embedded into our checkout and completely “distraction-free”. Basically, it was everything we were asking for, or so it seemed.
There were teething issues when we could not get clear documentation to explain where we were standing financially. There is a mixture of deducted fees, pending balance and available balance all of which falls into one pot; however, documents for already deducted fees can only be seen at the very end of the month and since there is no running balance doing a reconciliation is a time-draining exercise. This was a minor issue we were happy to overlook as long as we kept the gains from Stripe’s innovative approach.
Then the Stripe fraud problem started
We were in a couple of months were Stripe’s paradise was being enjoyed until the feared word of e-commerce came on to us “FRAUD”, this is when we realised how exposed our business really was to being defrauded on every single transaction and I’ll explain.
10 days after having an ordered correctly processed through stripe, without any flags and all verification checks going green we received the following email from Stripe:
“We recently noticed a suspicious charge on your Stripe account for INSTALLERSHUB.CO.UK. The information we have about this charge indicates it may have been made with a stolen credit card.
We understand that fraud can be frustrating and difficult to spot. Even though this is the first instance of suspicious charges on your account, we recommend a few quick actions to identify and prevent fraudulent charges before they become chargebacks:
1. Ensure that you have both CVC and AVS checks on your account. With these checks enabled, we will decline charges when the customer fails to provide the correct information, which helps prevent fraud. You can enable these checks through the Radar tab in your dashboard: https://dashboard.stripe.com/radar/rules. It’s also important to make certain that you are sending us CVC and AVS data in order for the checks to work.
2. Review charges for anything out of the ordinary. As a business owner, you have the most information about what’s normal for your business. Refund suspicious transactions (unusually large orders, multiple charges on one card in a short time period, etc.). In addition, we will continue to notify you if we notice transactions that look suspicious.
3. Read more tips for fraud prevention. We have a great list of resources that you can find here: https://support.stripe.com/questions/avoiding-fraud-and-disputes.
While we are constantly working to proactively fight fraud on your account, ultimately you are responsible for all transactions you process as a business.
As always, please don’t hesitate to reach out with any questions.
The Stripe team”
This email had many aspects that were an immediate letdown:
- It came 10 days after the transaction took place. By today’s standards, this is too late as items have already been delivered.
- None of the recommendations given by Stripe applied to our account as they manage these options themselves and Radar is only available to larger accounts (the ones they probably care about).
After this, it took us approximately 12 emails with back and forth questions and evasive answers from Stripe (email only as they conveniently don’t have a phone number or chat channel) where they didn’t know much about the fraud alert apart from saying it could be a fraud it could be nothing.
It took us then 15 days and 14 more emails to get them to admit that by relying on their payment processing service we are completely exposed to any transaction being challenged regardless of the time gone past and basically the level of protection for the company supplying the goods is zero. Pointing out as well that we could not get anyone from Stripe on the phone to advise during all this time but several people were happy to “jump in” “hoping in” (their words) on the emails to basically defeat customers by volume and adding excessive information without actually answering the questions raised about our level of exposure.
We asked the below 2 questions and after many evasions, finally got an answer:
Q. Are we exposed to lose money if a transaction is challenged many days after the bank accepted the charge and even if we followed all required safety procedures?
A. To answer your first question, yes, you are still exposed. But to be clear — when processing payments online, or even as a brick and mortar business, you are always exposed to this risk of customers contesting charges later due to fraud. This is the nature of the dispute process, dictated by the credit card networks, and our after-the-fact fraud notifications do not impact this reality.
Q. Your only recommendation is to contact the customer but if this transaction is really fraudulent, we will be calling the same fraudster who placed the order. Is this really the only thing that Stripe can suggest for this and future fraud protection?
A. Our recommendation to contact the customer is simply for your own peace of mind, and so that you can possibly avoid a dispute (and the fee associated with it) if the charge was indeed fraudulent. Because these charges initially look good to us — and also look good to the bank — there isn’t much we can do after the fact. These notices are a courtesy to let you know to keep your eyes on those charges, as banks have flagged them with us after receiving word from their cardholders (again, usually a number of days or weeks after the charge was run) that the purchases may have been fraudulent.
This can be broadly summed up by remembering that Stripe (and the banks) cannot catch all fraud. We do prevent quite a bit! (Much of which our users never see.) But sometimes, charges will go through that looked fine on paper but turn out later to have been fraudulent. We absolutely understand that this is not ideal, but it is also baked into the very nature of card processing.
The outcome from Stripe’s Customer Service
The latest update from Stripe is another faceless email saying that the bank says the cardholder is disputing the transaction as fraudulent and even though we have a POD and passed all the checks from Stripe our company is open to losing £700 on a single transaction and who knows how more on over £8k we have invoiced using stripe because at any time a new claim could come through.
Adding insult to the injury, we have received a £15 levy from Stripe because of the dispute being raised in what seems to be a one-way conversation as we have received many emails from different Customer service staff but not a single one has helped us to address the issue and feels that we can as a startup believe that Stripe was the chosen one…
If you are a Startup avoid Stripe as doing the opposite will have you signing blank cheques out on the internet, completely unprotected and with minimal customer support.
PayPal vs Stripe outcome
Whilst PayPal checks can seem daunting, they are giving us as a startup the much-required peace of mind that if you are doing all things right there should be no liability for you and both banks and payment processors are simply not owning up to their