One side effect my SaaS[1] experienced with card testing is that Stripe's reporting still includes this fraudulent activity as successful which throws off my numbers. For those who can relate, I documented it on GitHub[2] and even developed a mobile app (PWA) that corrects the issue with Stripe's mobile app reporting.

[1] https://last10k.com

[2] https://github.com/hbcondo/revenut-web

Have you tried enabling 3DS verification and machine verification review?

You may be frustrated with how Stripe is responding, but why would using another payment provider solve the root issue?

Does your site use a captcha in the subscription flow to prevent card testing?

Indeed. The problem may even be worse with other systems.

There are other trivial ways to prevent unsophisticated card testing. For example, I have a card tester who visits my checkout page every day via a direct link (he must have bookmarked it). Little does he know, the real checkout page is now located at a different URL. So I just reject every transaction at that page.

It has nothing to do with our website. The card testing happens outside our website.

Aren't you able to disable checkouts from outside your website?

Hopefully their keys did not leak...

it's a public key

Stripe indicated to me they put in a captcha on their end

(Edwin from Stripe here.) I think we _may_ have chatted? (Hard to tell with tempaccount name.) Could you email me at edwin@stripe.com and link to this thread?

> (Edwin from Stripe here.) I think we _may_ have chatted? (Hard to tell with tempaccount name.) Could you email me at edwin@stripe.com and link to this thread?

I am so tired of hearing this. Even worse, you just openly admitted that Stripe has extremely broken processes: "I think we _may_ have chatted?"

Why did that go dark? Did it go dark? Did OP go dark? We'll never know. We just know that Edwin is here for tech support: it's an HN meme. We don't have many of those here.

I'm genuinely disappointed that unless someone complains on [searches Google for your email] channels, they get burned. There are tons of those small companies, entrepreneurs, and others who are getting hosed. I understand there's no incentive to fixing those processes. I couldn't wake up every day and admit to myself that there are certain classes of customers who, despite having equal issues, get preferential treatment because they're loud. This is on the front page right now: https://news.ycombinator.com/item?id=36788274

But as an empath it hurts me.

As someone who has transacted hundreds of millions through Stripe, I'm just floored. It was relatively nuanced before — the support — but this admission just shocks me.

How the hell is the guy supposed to be able to identify the account from this post? It gives no identification.

I have another post they commented on. They can see my historical posts.

"May have" because OP's HN name is "tempaccount3333", and I did ask them to email me once before, but I don't see anything—so I need them to reach out so I can identify their account and see what's going on.

There's no identifying info here (name or business) and we don't see any emails referencing this thread.

I'm just wondering why I have to post here to get your attention on this?

Because here it’s public and they want to save face. When it’s private they dgaf because it doesn’t affect other potential or current clients who might be swayed away from them

bin attacks and card attacks plague many different payment providers, first-hand experience. I'm not aware of much that can be done about this at the payment provider, they also suffer.

Saying they suffer is a bit much. At best they get to collect their fee if there never ends up being a chargeback. If there is a chargeback they don't have to pay the chargeback fee. Sounds like it is an overall win for them to let these slide through.

nope, they get a lot of crap from customers and reputation damage. It's a p0 incident in places where I worked (not stripe, but i can't imagine why they alone would be glad to repel customers for a couple bucks), and everyone absolutely hates it.

Adyen requires us to have a monthly transaction volume greater than $1 million. If we don't reach $1 million, they will charge transaction fees as if we had reached $1 million.

Square is great. We use both Square and Stripe. Square pays the same day, a huge benefit over Stripe.

Does Square do subscription pricing? I don't see that on their website.

Braintree is owned by PayPal.

Indeed, but I don't think PayPal is entirely sour. I've used the product at multiple companies and have only had good experiences.

Timely post:

https://world.hey.com/jason/who-do-you-do-business-with-47c6...

Paddle, LemonSqueezy are pretty decent.

I'll check them out.

Can you tell us why to avoid using Stripe? Are Stripe's standards very different from those of other payment processors?

Checkout.com