WingNews logo WingNews
top | item 36791297

Ask HN: Alternatives to Stripe?

42 points| tempaccount3333 | 2 years ago

I posted a few months ago how our Stripe account is a victim of card testing attacks (https://news.ycombinator.com/item?id=35682534)

At that point, I was frustrated that they wouldn't address the situation. I had contacted customer support numerous times only to be put on the back burner. It was only after that post that Stripe reached out to me and the problem seemed to damp down for a little bit. Now, less than 3 months later we are experiencing the same issue yet again. Lots of new "customers" that never visit our website but end up signing up for a subscription. Every new customer that signs up we have to manually check to see if they are "real". If not, we refund and block them immediately in Stripe. We missed one the other day and ended up getting a charge back. We reached out to Stripe and they advised us to accept the dispute, which we did. However, Stripe refuses to reimburse us for the charge back fee of $15. In light of Stripe's refusal to correct the problem and reimburse us for their mistakes, we are exploring alternatives for our subscription service. We already moved away from PayPal because of their hostility towards other businesses (though we never experienced any such issues directly).

What alternatives to Stripe exist? Stripe's own data suggest that card testing attacks on their network will only increase (see https://images.ctfassets.net/fzn2n1nzq965/Sfz8gaQMU7lsp0Ubd3w1X/84a4254625d05e1fbfe0117de34c1d62/Card_testing_sent_to_Stripe_vs_baseline_v4b_OL.svg?w=900&q=80

Thanks!

30 comments

order

hbcondo714|2 years ago

One side effect my SaaS[1] experienced with card testing is that Stripe's reporting still includes this fraudulent activity as successful which throws off my numbers. For those who can relate, I documented it on GitHub[2] and even developed a mobile app (PWA) that corrects the issue with Stripe's mobile app reporting.

[1] https://last10k.com

[2] https://github.com/hbcondo/revenut-web

revitatone|2 years ago

Have you tried enabling 3DS verification and machine verification review?

here4U|2 years ago

You may be frustrated with how Stripe is responding, but why would using another payment provider solve the root issue?

Does your site use a captcha in the subscription flow to prevent card testing?

tothrowaway|2 years ago

Indeed. The problem may even be worse with other systems.

There are other trivial ways to prevent unsophisticated card testing. For example, I have a card tester who visits my checkout page every day via a direct link (he must have bookmarked it). Little does he know, the real checkout page is now located at a different URL. So I just reject every transaction at that page.

tempaccount3333|2 years ago

It has nothing to do with our website. The card testing happens outside our website.

twelve40|2 years ago

bin attacks and card attacks plague many different payment providers, first-hand experience. I'm not aware of much that can be done about this at the payment provider, they also suffer.

enescakir|2 years ago

https://www.adyen.com

revitatone|2 years ago

Adyen requires us to have a monthly transaction volume greater than $1 million. If we don't reach $1 million, they will charge transaction fees as if we had reached $1 million.

netman21|2 years ago

Square is great. We use both Square and Stripe. Square pays the same day, a huge benefit over Stripe.

tempaccount3333|2 years ago

Does Square do subscription pricing? I don't see that on their website.

revitatone|2 years ago

Can you tell us why to avoid using Stripe? Are Stripe's standards very different from those of other payment processors?

mvid|2 years ago

Checkout.com