My story with stripe…
From 24 transactions only 6 were real. All the payments with US cards, with address validated, this means they stole their card and their ID. All of them downloaded our software for free, refunded a total of $1425.
Customer service took an average of 24h to answer every ticket even when I reported them we were been “attacked” / 10 faxe payments in few minutes, different IP’s countries etc..
We implemented all the security measures they mention here:
https://support.stripe.com/questions/what-are-fraudulent-charges-and-how-can-i-prevent-them
And we implemented Stripe at our FOSS open-eshop.com and I regret it π
Last emails exchanged, I’ve got many more if needed: (I’ve removed names)
TLDR;
——————
12th Jan 14
Hello,
Yesterday I got few payments, and now since I enabled the address validation I need to think payments are fine. But I found this 2 that didn’t validate the address but they have successfully paid?
ch_XXXX
ch_XXXX
With a card form USA but done form turkey…can you please check and let me know if I should refund them…
Thanks!
————————–
12th Jan 14
Hi there,
Thanks for writing in, and I applaud your vigilance in protecting yourself against fraud! You should definitely refunded these charges, as they are almost certainly fraudulent.
Address checks are primarily used in the US, Canada, and the UK, though banks in other countries can also support them. If a bank supports the check, they’ll return pass or fail (and we’ll decline the latter depending on your account settings). Banks that don’t support verifying the address will return ‘unchecked’, which is never automatically declined. This is why those charges succeeded.
I’m very glad you wrote in, because there are other highly suspicious charges from about the same timeframe. I note a very high number of failures on charge attempts from cards not matching the country the charge was made from – all of these charges are very suspicious, and I urge you to review each one and consider refunding them all. Until the amount of fraud stabilizes (your store seems to have been targeted) you may wish to decline/refund all charges where the card’s country of origin does not match the IP of the browser used to make the purchase. There is no way to do this automatically via Stripe, so you will need to carefully review your charges regularly.
I’m sorry for the problems you’re having here, and will have the team look further into these suspected fraudulent charges and see if any further action can be taken on our end.
Cheers,
———————-
12th Jan 14
Ok, this is getting ridiculous.
This client email [email protected]:
Is the responsible for all this fraud purchases, with different cards and email addresses.
β
ch_XXX reClassifieds 2014-01-11 23:02 89.99
ch_XXX ModernDeluxe 2014-01-11 22:25 89.99
ch_XXX Responsive 2014-01-11 22:23 89.99
ch_XXX BootPlus 2014-01-11 22:22 79.99
ch_XXX RTL 2014-01-11 20:17 89.99
ch_XXX Kamaleon 2014-01-11 19:36 99.99
ch_XXX Mobile 2014-01-11 19:21 79.99
ch_XXX Ocean 2014-01-11 19:08 69.99
β
How is this even possible?
βAlso from 25 correct transactions, only 5 seems legit!!! β I am stopping stripe from my site immediately I can not trust any sale made from your side.
We have a 0 tolerance for this kind of issues and we take our business extremely seriously.
————————
13th Jan 14
Hi Chema,
Thanks for getting in touch, and very sorry to see that you are dealing with fraudulent transactions.
It appears that you have refunded all suspicious charges, which means that you are unlikely to see any chargebacks from this sudden spate of fraud. I’ve also blocked the information associated with these charges, which will help prevent further bad charges from this source.
Please let me know if you have any other questions about suspicious transactions or Stripe more generally!
Best,
————————–
13th Jan 14
I have way too many questions and doubts.
Can somebody let me know why from 25 transactions I got only 6 real? and all this scamers got my software for free?
I am extremely disappointed, never happened this to me and your service its really terrible, I never get any answer in less than 24 hours even for this kind of urgent matter?
And always the answer its the same: follow our fraud guides which I did and for nothing. Also I did the implementation in our software that uses 16.000 people and I am thinking to remove it since I think its going to happen the same to all of them…. http://open-classifieds.com/ http://open-eshop.com/
I have disabled your payment gateway for now until you can guarantee that your service works as it should.
———————-
14th Jan 14
Hi again Chema,
Very sorry for the frustration here; we’ve been experiencing a high level of support requests recently, and so our response time has been a bit slower than usual.
Once again, apologies that both the CVC and AVS checks were not able to decline more of these charges. Unfortunately, it does seem that sellers of digital goods or software are often targeted by bad actors who are testing out stolen credit card information. We are currently beta testing new fraud detection measures; would you be interested in becoming a part of this beta? This would result in more suspicious charges being declined initially rather than just being flagged for our review.
Please let me know if you have any questions about the above beta or Stripe more generally!
Best,
——————–
Few emails here asking whats going on…
———————
22nd Feb 2014
Hi Chema,
Circling back with you on this. I can confirm you’re on the list for this fraud beta. In checking in with the team on the status of this, it looks like we’re still working on fine tuning our systems and haven’t opened this beta up yet.
When we do, we’ll be in touch with you. Stay tuned!
Thanks,
——————
Soon will continue, also I would like to point that the integration it’s really simple and nice well documented API, great panel to export data / visualize sales and that it’s quite expensive if there’s currency exchange 5% total.
UPDATE 24-09-2014
I had enabled it for almost 2 months, a client with stolen card managed to buy another time, reported it to stripe they answered me I did the right thing and refunded the amount. 1 month later same client with same card managed to buy once more… So Stripe obviously didn’t do anything about me reporting the scam. Worst part is that took them 3 working days to answer to an email reporting the fraud and the answer didn’t even mention any solution.
My solution disable Stripe once more and never use it or recommend it to anyone!