I'm sorry that happened to you. Could you email me at this handle at stripe.com? I want to look into why we didn’t auto-detect that surge in suspicious transactions.

We’re here to support startups. If you ever have a unique circumstance, write us; we’ll try to be reasonable, in the same fashion that your hosting provider will try to be reasonable if an engineer e.g. fumble fingers a deploy and briefly turns on a larger fleet of servers than they intended.

(It's worth noting, for precision's sake, that a refund is not a chargeback. Chargebacks are when the person who actually owns the credit card calls the bank to complain; they're strictly worse for all parties than simple refunds.)

While this is an interesting response, it strictly does not the answer the poster’s question. Would they be liable for the fees for an attack like this?

It's difficult for me to predict our response in every possible hypothetical circumstance, so I'm promising what I feel we can actually promise: a human who cares about your success will review the circumstances and make a judgment call.

Translation: Come to HN with your problems and you'll get the VIP treatment while there's a spotlight on the company.

Attempting to find an answer as an outsider lead me to this PR release from last year: https://stripe.com/newsroom/news/chargeback-protection < It makes me assume that if the merchant wasn't paying that extra fee they are going to be slammed.

He's given an honest answer, the situation has to be checked.

You don't know that the poster is 100% honest also. Patio has always been transparent and honest, long before he joined Stripe ;)

For what it's worth, the success of my business doesn't hinge on whether Stripe gives me a dollar. I hope yours doesn't either.

The fee is only $1 when the transaction amount is $24.14. The fee is $29.30 for a $1,000 transaction. For industries with lower margins or higher refund rates, Stripe's refusal to return the fee on refunded transactions is a problem. Regardless, Stripe's nickel-and-diming is not something to be grateful for in any industry when there are competitors that don't do the same.

Feel free to substitue $29.30, or even $1,000 as values that should not sink one's software business.

Considering how often you're going to be issuing refunds (I tend to do maybe 2 or 3 in a big month), I'd be surprised if we hadn't each spent more in billable hours typing into this text box than we will in Stripe refund fees over the next four years.

I organise tech conferences as part of a non-profit.

If I've already started selling tickets, and had to postpone the event because of something like COVID-19, I'd be looking at paying Stripe something like $3,500 in payment processing fees (it's 3.4%+$0.50 here; and assuming $100k in ticket revenue) for the privilege of refunding my attendees.

It's not an amount that would sink our non-profit, but the full fee is also not something that we should have to pay, just because we want to do right by our attendees.

I'm pretty sure you don't have a big business.

Receiving a temporarily update on a situation that has to be checked, is better than no update.

That's the un-charitable interpretation. When dealing with complex problems with no clear cut analytical solution putting a real human in the loop who can make a judgement call instead of playing back a prewritten script is often the optimal solution.

> That's the un-charitable interpretation.

Well, the truth sucks sometimes, doesn't it?

Traditionally there's been 2 customer service lines: regular and VIP.

Now there's 3: regular, VIP, and social media apology tour. And it'd sure be nice if these companies had decent policies to begin with... But that's the problem, isn't it?

Decent policies that apply in all situations and are robust against being exploited by bad actors are very, very hard to come by sometimes.

I do get that. But many of these stories we hear have to do with consistent customers with a stable payment history and a good relationship. Something goes terribly wrong, helpdesk bombs it, and then what? Well, twitter, HN, reddit.

All I know is the current situation, well, stinks.

Sounds like Google. Either you know somebody deep in there or you are lost with your request. Your problem.

In the case of Google we have a supertanker full of anecdotes of them ignoring customers with problems. In the case of Stripe we have no evidence their customer service is non existent outside social media flareups. To the contrary,they seem to have a pretty good reputation.

So no, not like google at all. That somebody gets a response from a VP on hacker news is not evidence they will get no response outside hacker news.

You're right. Maybe I was too harsh.

That happened to a non-profit I help as well.

We were attacked by someone using different IP addresses testing out credit cards. Stripe caught a lot of these but surprisingly it seemed several went through that we had to refund & pay the transaction fee for. A lot of these didn't even require the CVC check it seemed.

We were able to get fairly good support, 100 times better than most places I deal with.

Unfortunately we had to switch to Radar for Teams to put in fairly basic checks such as making sure CVC verification happens before accepting the card. This costs a bit extra per transaction.

At the end of the day we were able to get it solved. Stripe puts plenty of human resources on helping & they have fairly good documentation. It does really stink that we need to purchase Radar for Teams just to add a few basic rules in place to prevent scammers like this. We lost around $100 that could have went to helping families whose kids have cancer which always sucks. We also had to implement an "invisible" Google Captcha which I wasn't a fan of. This could have been a lot worse though which is what troubled me the most.

Just to be clear in this example a chargeback wouldn't have happened. A chargeback can only happen if there was a valid credit card that made a purchase that requested a reversal of the money transfer.