Stripe is friendly to “friendly fraud”

Stripe 对“友好欺诈”很友好

Friendly fraud is the laundered name for something that the payment system is not really able to prevent. Even though I’m pretty sure they can do way better. Particularly big and sophisticated payment providers like Stripe, with a mountain of signals. “友好欺诈”（Friendly fraud）是一个被美化过的词汇，用来形容支付系统实际上无法防范的某种行为。尽管我非常确定他们本可以做得更好，尤其是像 Stripe 这样拥有海量数据信号、规模庞大且技术先进的支付服务商。

I had a customer buy my product twice. It’s called Ciglue. It’s cigar glue. Not Rolex or iPhone. The first order was shipped with DHL and delivered, with proof of delivery. The customer didn’t contact to request a refund or a re-delivery, but I saw a dispute filed, so I reached out to them. They said it was the bank’s mistake because the bank bundled this payment with some real fraudulent transactions from the Philippines. They promised to contact their bank and even offered to pay me back via Paypal. I was happy that it’s just a misunderstanding. 曾有一位客户两次购买了我的产品。我的产品叫 Ciglue，是一种雪茄胶水，不是劳力士或 iPhone。第一笔订单通过 DHL 发货并已送达，且有送达证明。客户没有联系我要求退款或补发，但我却收到了拒付（dispute）通知，于是我主动联系了对方。他们声称这是银行的失误，因为银行将这笔交易与来自菲律宾的一些真实欺诈交易混在一起处理了。他们承诺会联系银行，甚至主动提出通过 PayPal 把钱赔给我。我当时很高兴，以为这只是个误会。

I submitted the evidence of the delivery, customer communication, website policies, everything by the book. It turned out the customer was doing it on purpose, and lying to me. They not only didn’t contact the bank to correct the situation, they actually pretended not to have received the product. And the bank, naturally, sided with them. I had no recourse. Dispute granted. Money, product, shipping and dispute fees, all gone. 我按规定提交了送达证明、客户沟通记录、网站政策等所有证据。结果证明，该客户是蓄意为之，并在欺骗我。他们不仅没有联系银行纠正情况，反而假装没有收到产品。而银行自然站在了他们那边。我无计可施，拒付申请被批准。钱、产品、运费以及拒付手续费，全部损失。

This is annoying, but not exactly unheard of. If you sell online, you probably know the feeling: you send the product, collect the evidence, submit everything properly, and then somehow still lose. Before the dispute came in, the same customer placed another order, this time with untracked shipping, and a few days after the first dispute, another dispute followed. Once the first dispute was granted, things became clear. The customer emailed me to gloat about their clever scheme. Literally giving me the finger. 这很令人恼火，但也并非闻所未闻。如果你从事在线销售，你可能很熟悉这种感觉：你发了货，收集了证据，按流程提交了一切，最后却莫名其妙地输了。在第一笔拒付到来之前，同一位客户又下了一单，这次选择了无追踪的运输方式。在第一笔拒付发生几天后，第二笔拒付也随之而来。当第一笔拒付被批准后，一切都真相大白了。客户发邮件向我炫耀他们的“高明”手段，简直是在对我竖中指。

I sent the screenshots to Stripe and asked if this could be reported properly. To the bank, to some fraud reporting network, or even just internally inside Stripe. I wasn’t expecting Stripe to recover the money or reverse a closed dispute. I understand that the customer’s bank makes the final decision, and that card network rules are what they are. But I did expect the report itself to matter. 我把截图发给了 Stripe，询问这是否可以被正式上报——无论是给银行、给某个欺诈举报网络，还是仅仅在 Stripe 内部记录。我并不指望 Stripe 能帮我追回资金或撤销已结案的拒付。我理解最终决定权在客户的银行手中，卡组织的规则就是如此。但我确实认为，这份举报本身应该是有意义的。

This is a very clear case of “friendly fraud”. The card belonged to the customer, the address was valid etc. The customer appeared to enjoy screwing me over. Pretty sad considering this is a pretty cheap product in a niche hobby. But still. I would have expected Stripe to use this evidence in some way to feed into the sophisticated machine-learning anti-fraud system. But No. 这是一个非常典型的“友好欺诈”案例。信用卡属于客户本人，地址也是有效的，等等。客户似乎很享受坑我的过程。考虑到这只是一个小众爱好中相当廉价的产品，这真的很可悲。但我依然期望 Stripe 能以某种方式利用这些证据，将其输入到其先进的机器学习反欺诈系统中。然而并没有。

After quite a bit of back and forth, Stripe’s answer seems to be that it doesn’t really matter beyond my own account. They told me they don’t use evidence of chargeback abuse from one merchant to create cross-merchant fraud signals, or to take action against the customer’s card, email, or other details for other merchants. 在经过多次沟通后，Stripe 的答复似乎是：除了我自己的账户之外，这并不重要。他们告诉我，他们不会利用某个商户遭遇的拒付滥用证据来创建跨商户的欺诈信号，也不会针对该客户的信用卡、邮箱或其他信息在其他商户处采取行动。

You probably don’t want a system where one annoyed merchant can get someone blocked across the whole Stripe payment system. But there’s a pretty big gap between “automatically block this person everywhere” and “thanks for the screenshots, please consider Radar”, and this is where it gets frustrating. 你可能确实不希望出现一种系统，让任何一个心怀不满的商户就能让某人在整个 Stripe 支付系统中被封禁。但在“自动封禁该用户”和“谢谢你的截图，请考虑使用 Radar”之间，存在着巨大的鸿沟，而这正是令人沮丧的地方。

Stripe sells Radar on the strength of its network: lots of payments, lots of signals, better fraud detection, machine learning, etc. Stripe sees a lot of transactions, so in theory it can spot things that an individual merchant can’t. But when a merchant sends actual evidence that a customer is abusing chargebacks, suddenly it means nothing. The recommended solution is to use Radar rules to block the customer from buying from me again. And I probably have to upgrade and pay Stripe to use this rule anyway. Gee thanks! Stripe 销售 Radar 的卖点在于其网络优势：海量的支付数据、丰富的信号、更强的欺诈检测、机器学习等。Stripe 处理大量交易，理论上它能发现单个商户无法察觉的问题。但当商户提交了客户滥用拒付的实锤证据时，这些证据却变得毫无意义。他们推荐的解决方案是使用 Radar 规则来阻止该客户再次购买。而且我可能还得升级并付费给 Stripe 才能使用这项规则。真是太感谢了！

The next merchant still starts from zero. This is also not the kind of fraud Radar can easily solve before the payment. The transaction looked fine, checks passed, physical address matched. The abuse happened later, through the dispute process. There is no clever checkout rule for “customer receives the product and later lies to their bank”. 下一个商户依然得从零开始防范。而且，这也不是 Radar 在支付前能轻易解决的那种欺诈。交易看起来没问题，检查通过，物理地址匹配。滥用行为发生在事后，通过拒付流程进行。对于“客户收到产品后向银行撒谎”这种行为，根本没有所谓的智能结账规则可以应对。

Small merchants already have very little leverage in disputes: the bank decides, Stripe points at the bank, and I lose the money, the product, the dispute fee, and the time spent dealing with it all. If new evidence appears later, it may be too late to submit. If the customer does the same thing elsewhere, and something tells me this isn’t this person’s first rodeo, then the next merchant gets to get suckered. Nothing friendly about this. Besides perhaps Stripe effectively being friendly with the fraudsters here by not doing anything about it. 小商户在拒付问题上本就几乎没有话语权：银行说了算，Stripe 把责任推给银行，而我损失了钱、产品、拒付手续费以及处理这一切所耗费的时间。如果事后出现了新证据，往往也太迟了。如果该客户在别处也做同样的事——我有种预感这绝不是此人的第一次作案——那么下一个商户又会被坑。这事儿一点也不“友好”。除了 Stripe 通过不作为，实际上对欺诈者表现得相当“友好”之外。