Stripe 正在冻结 5 万美元并向我们的客户退款。
我们每天处理2万美元的实体按摩设备销售,客户超过14万。退款率为0.35%。Stripe在没有任何警告、具体说明和人工审核的情况下关闭了我们的账户,理由是“未经授权的支付”。
我们花了一周时间进行调查,最终自己找到了根本原因,因为Stripe并没有告诉我们。
我们的结账平台(CheckoutChamp)在处理后续购买的追加销售时,将其作为独立的Stripe收费,使用的是存储的卡片令牌,而没有触发3D安全验证。大约64%的客户接受了追加销售,这意味着大多数订单在客户的银行账单上产生了2-3笔收费,而不是一笔。那些未能识别额外收费的客户联系了他们的银行,导致了早期欺诈警告(Visa TC40 / Mastercard SAFE报告)。Stripe的雷达系统将这些识别为“未经授权”的活动。
这与在Shopify上完美运行的追加销售流程完全相同,因为Shopify的后续购买API会将追加销售添加到现有交易中。而CheckoutChamp则创建了一个独立的收费。这就是全部区别。这是一个交易架构问题,而不是欺诈问题。
我们立即修复了所有问题:禁用了所有后续购买的追加销售,取消了所有活跃的订阅,将结账流程重构为单一交易流程。
然后我们尝试告知Stripe。
我们提交了一份详细的根本原因分析报告,附上了来自Stripe自己仪表板的截图,显示我们的退款率为0.35%。我们附上了结账平台的数据,证明追加销售已被禁用。我们提交了33份以上的文件:雇主识别号码(EIN)、组织章程、6个月的银行对账单、供应商合同、第三方物流发票、库存照片、客户发票。我们还提供了25%的滚动储备。
两个支持案例都以模板回复的方式关闭。没有一条回复提到我们的根本原因分析。
其中一条回复将我们的案例称为“Greg Misc LLC”。而我们的公司是JS Commerce Group LLC。这就是他们审查的仔细程度。
我们给patrick@stripe.com发了邮件,但没有回复。我们给risk-support@stripe.com发了邮件,也没有回复。
我们在X平台上发帖。Stripe的社交团队回复:“我们的内部团队仍在审查您的案例。”自那条回复以来,两个支持案例再次被关闭。X团队和支持团队显然没有联系。
现在,Stripe正在自动向已经收到产品并每天使用的客户退款约5万美元。这些客户并没有要求退款。当钱出现在他们的账户中时,他们会感到困惑,而我们不得不解释发生了什么。
这周我与6家替代支付处理商进行了交谈。每一家都在几分钟内理解了追加销售架构问题。他们都说了同样的话:这是一个已知问题,涉及为追加销售创建独立收费的平台。没有一家认为这是欺诈。
Stripe的系统设计是,一旦你被标记,就没有途径让人类评估新的证据。支持团队发送模板,风险团队不回复直接邮件,X团队在公开场合说得很好,但与内部流程没有任何联系。而自动退款的时钟仍在滴答作响。
如果你是阅读此文的商家:不要依赖单一支付处理商。你的业务多么干净都无所谓。结账平台的架构缺陷可能会触发算法,一旦发生,再多的证据也无法到达人工审核。
查看原文
We process $20K/day selling physical massage devices. 140K+ customers. Chargeback rate: 0.35%. Stripe shut us down for "unauthorized payments" with no warning, no specifics, and no human review.<p>We spent a week investigating and found the root cause ourselves, since Stripe wouldn't tell us.<p>Our checkout platform (CheckoutChamp) was processing post-purchase upsells as separate Stripe charges using the stored card token, without triggering 3D Secure. About 64% of our customers accepted an upsell, which means the majority of orders created 2-3 charges on the customer's bank statement instead of one. Customers who didn't recognize the additional charges contacted their banks, generating Early Fraud Warnings (Visa TC40 / Mastercard SAFE reports). Stripe's Radar system picked these up as "unauthorized" activity.<p>This is the exact same upsell flow that works perfectly on Shopify, because Shopify's post-purchase API adds upsells to the existing transaction. CheckoutChamp creates a separate charge. That's the entire difference. It's a transaction architecture issue, not fraud.<p>We immediately fixed everything: disabled all post-purchase upsells, canceled every active subscription, restructured the checkout to a single-transaction flow.<p>Then we tried to tell Stripe.<p>We submitted a detailed root cause analysis with screenshots from Stripe's own dashboard showing our 0.35% chargeback rate. We attached our checkout platform data proving upsells were disabled. We submitted 33+ documents: EIN, Articles of Organization, 6 months of bank statements, supplier contracts, 3PL invoices, inventory photos, customer invoices. We offered a 25% rolling reserve.<p>Both support cases were closed with template responses. Not a single reply referenced our root cause analysis.<p>One response addressed our case to "Greg Misc LLC." Our company is JS Commerce Group LLC. That's how carefully they're reviewing.<p>We emailed patrick@stripe.com. No response. We emailed risk-support@stripe.com. No response.<p>We posted on X. Stripe's social team replied: "Our internal team is still reviewing your case." Since that reply, both support cases were closed again. The X team and the support team are clearly not connected.<p>Now Stripe is auto-refunding ~$50K to customers who already received their products and are using them daily. These customers didn't ask for refunds. They're going to be confused when money appears in their account and then we have to explain what happened.<p>I've spoken to 6 alternative payment processors this week. Every single one understood the upsell architecture problem within minutes. They all said the same thing: this is a known issue with platforms that create separate charges for upsells. None of them considered it fraud.<p>Stripe's system is designed so that once you're flagged, there is no path to a human who can evaluate new evidence. The support team sends templates. The risk team doesn't respond to direct emails. The X team says the right things publicly but has no connection to the internal process. And the auto-refund clock keeps ticking.<p>If you're a merchant reading this: do not rely on a single payment processor. It doesn't matter how clean your business is. An architectural quirk in your checkout platform can trigger an algorithm, and once that happens, no amount of evidence will reach a human.<p>acct_1S1HBtFTqKgMyUVJ