Stripe is friendly to “friendly fraud”
Source: Hacker News
Background
Friendly fraud is the term used for chargebacks that the payment system cannot easily prevent, even though large providers like Stripe have many signals at their disposal.
Incident with Ciglue
I sold a product called Ciglue, a cigar glue. A customer purchased the item twice.
- The first order was shipped via DHL, delivered, and I have proof of delivery.
- The customer never requested a refund or a re‑delivery, but a dispute was filed.
The customer claimed the bank had mistakenly bundled the payment with other fraudulent transactions from the Philippines. They promised to contact their bank and even offered to repay me through PayPal. I submitted all the evidence—delivery confirmation, customer communication, website policies—exactly as required.
It turned out the customer was deliberately lying, pretending not to have received the product. The bank sided with the customer, and the dispute was granted. I lost the money, the product, the shipping costs, and the dispute fees.
Before the dispute arrived, the same customer placed another order with untracked shipping. A few days after the first dispute was granted, a second dispute followed. After the first dispute was decided, the customer emailed me to gloat, literally giving me the finger.
Evidence Sent to Stripe
I forwarded the screenshots to Stripe and asked whether the evidence could be reported to the bank, a fraud‑reporting network, or at least used internally by Stripe.
I did not expect Stripe to recover the money or reverse a closed dispute. I understand that the customer’s bank makes the final decision and that card‑network rules apply. However, I expected the report itself to have some impact, given that this is a clear case of “friendly fraud”.
Stripe’s Response
Stripe’s answer was that the evidence does not affect anything beyond my own account. They stated they do not use chargeback‑abuse evidence from one merchant to create cross‑merchant fraud signals or to take action against the customer’s card, email, or other details for other merchants.
While it makes sense to avoid a system where a single annoyed merchant can block a customer across the entire Stripe network, there is a large gap between “automatically block this person everywhere” and “thanks for the screenshots, please consider Radar”.
Stripe markets Radar as a network‑wide, machine‑learning‑driven fraud detection system that leverages many signals. Yet, when a merchant provides concrete evidence that a customer is abusing chargebacks, that evidence appears to have no effect. The recommended solution is to create Radar rules to block the customer from buying again from my store—often requiring an upgrade and additional fees.
Implications for Merchants
- Small merchants have little leverage in disputes: the bank decides, Stripe points to the bank, and the merchant loses money, product, dispute fees, and time.
- New evidence submitted after a dispute is decided may be too late.
- If the same abusive customer shops with another merchant, that merchant starts from zero, lacking any cross‑merchant signal that the customer is a repeat offender.
- Radar cannot easily prevent this type of fraud before the payment, because the transaction looks legitimate (checks passed, physical address matched). The abuse occurs later, during the dispute process.
Conclusion
The current handling of friendly fraud by Stripe leaves merchants vulnerable. While Stripe’s Radar system is promoted as a powerful, network‑wide anti‑fraud tool, evidence of chargeback abuse from individual merchants is not leveraged to protect the broader ecosystem. This creates a gap that fraudsters can exploit, effectively making Stripe “friendly” to the fraudsters by not acting on the submitted evidence.