Argues Stripe's evidence-handling process is designed to minimize Stripe's friction with issuers rather than to genuinely defend merchants. Cites cases where Radar scored transactions as low-risk at checkout but retroactively surfaced an 'elevated risk' label after a chargeback was filed, framing the evidence packet in a way that undermines the merchant.
Reports a 0-for-23 dispute record on a digital goods SaaS business, suggesting that even with full documentation merchants effectively never win. Implies the process is theater and the rational move is to stop fighting and absorb the loss plus the $15 fee.
Cites a 2-for-40 dispute record on a Shopify-Stripe storefront, echoing that even strong evidence — tracking, AVS/CVV passes, IP match — rarely flips an issuer decision. Frames Stripe's dispute UI as a compliance ritual rather than a real defense mechanism.
Notes that Visa Claims Resolution and Mastercard Dispute Resolution Initiative are genuinely designed to favor cardholders, so many chargebacks are unwinnable at the network level no matter what Stripe does. Stripe isn't committing fraud — it's operating inside rules written by the card networks.
Concedes the network rules tilt toward cardholders but argues Stripe has real latitude it isn't using: pushing issuers harder, surfacing compelling evidence more prominently in submissions, and not charging merchants $15 to lose fights the network was never going to let them win. The HN thread overwhelmingly endorses this framing.
A gingerlime.com post that hit Hacker News at 230 points lays out a pattern any small merchant on Stripe will recognize: a customer pays, receives the product, then files a chargeback weeks later claiming they never authorized the transaction or never got the goods. The merchant uploads tracking numbers, delivery confirmation, IP geolocation matching the billing address, AVS pass, CVV pass, and a full order history showing the same card was used on prior successful orders. Stripe forwards the evidence to the issuing bank. The issuer rules for the cardholder. Stripe debits the merchant for the original amount plus a $15 dispute fee and moves on.
The post's central claim is not that Stripe is committing fraud — it's that Stripe's defaults are structurally biased toward whichever party is more expensive to lose, and that party is almost never the merchant. The author documents disputes where Stripe's own Radar system had scored the original transaction as low-risk at checkout, then, post-chargeback, the dashboard surfaces a new "elevated risk" label that retroactively makes the order look sketchy. The evidence packet Stripe auto-assembles for the issuer leans on this framing. Multiple commenters on the HN thread report identical experiences — one cites a 0-for-23 dispute record on a digital goods SaaS, another a 2-for-40 record on a Shopify-Stripe storefront.
None of this is illegal, and to be fair to Stripe, the underlying card network rules (Visa Claims Resolution, Mastercard Dispute Resolution Initiative) genuinely do favor cardholders by design. But the post argues — and the comment thread overwhelmingly agrees — that Stripe could push back harder on issuers, surface compelling evidence more prominently, and charge merchants less for losing fights the network was never going to let them win.
Friendly fraud — a cardholder disputing a charge they actually authorized — is the largest and fastest-growing category of card fraud, and has been for five years running. Industry estimates from Chargebacks911 and Visa's own reports put it at 60-80% of all chargebacks by volume. For digital goods and subscription businesses, the dispute economics are brutal: you lose the revenue, lose the product, pay the $15 fee, and absorb a ratio hit that, if it crosses 0.9% of transactions, lands you in Visa's Dispute Monitoring Program with even worse terms.
What makes Stripe-specific commentary land harder than a generic "chargebacks are bad" complaint is the gap between Stripe's marketing and Stripe's incentives. Stripe sells itself as the developer-friendly payments layer that abstracts away network complexity. Radar, the fraud product, is pitched as ML-powered protection that learns from the entire Stripe network. The promise is: you focus on your product, we handle the messy middle. The reality the post describes is that the messy middle has been quietly resolved in the customer's favor, and the merchant is the residual claimant on every ambiguous case.
The HN comments add color worth reading. A former Stripe employee notes that Stripe's representment win rate is a tracked internal metric — but the metric being optimized is volume processed without merchant churn, not merchant recovery rate. Stripe makes money on every transaction including the one that gets reversed; the merchant makes money only on the ones that stick. A second commenter, who runs a 7-figure Shopify store, says they switched their high-ticket SKUs to Adyen specifically because Adyen's risk team will pre-flag suspicious orders the merchant can cancel before fulfillment, where Stripe's Radar simply scores and lets it through.
The deeper structural critique is that payment processors are two-sided marketplaces masquerading as plumbing. Stripe needs both merchants and cardholders to trust the system. When those interests conflict — as they do in every disputed charge — the platform has to pick. It has chosen the cardholder, and it has chosen them quietly, and it has built the product surfaces so merchants don't fully realize this until they're 10-20 disputes deep.
The practical guidance from the post and the strongest HN comments converges on three moves. First, don't fight disputes you're going to lose; calculate your win rate after 30 representments and, if it's under 10%, automate auto-acceptance and reclaim the engineering hours. Stripe's API lets you do this with a single flag on the dispute object. The $15 fee gets charged either way; the only thing fighting buys you is moral satisfaction.
Second, price the loss in. If your friendly-fraud rate is 1.5% of revenue, raise prices 2% and call it the cost of using a hosted processor. The alternative — going direct with a merchant acquirer like Chase Paymentech or Adyen — only pays off above roughly $5M ARR, where the engineering and compliance overhead amortizes. Below that, Stripe's friction-free integration is still worth the tax.
Third, gate fulfillment on signals Stripe doesn't weight heavily enough. Require 3DS for transactions over a threshold (Stripe will route it for you). Add a manual review queue for first-time customers ordering above your AOV. For digital goods, delay account provisioning by 24-48 hours on high-risk Radar scores — the friction costs you some conversion, but it surfaces fraud while you can still refund cleanly rather than eat a chargeback. For SaaS, watch for the classic pattern of a new signup, immediate API key generation, immediate heavy usage, then chargeback at day 35 — and build a usage cap on unverified accounts that defuses it.
The friendly-fraud problem is not going to be solved by a better processor; it's going to be solved, if at all, by the card networks themselves changing the liability allocation, which they have no incentive to do because cardholder trust is what makes the networks worth using. Until that shifts, every merchant on every hosted processor is paying a small, mostly invisible tax to underwrite the consumer-side guarantee, and Stripe's contribution to the conversation is to make that tax feel like a service. The honest move for the developer audience is to accept this, instrument for it, and stop spending engineering cycles trying to win a game whose rules were written by Visa in 1973.
> They told me they don’t use evidence of chargeback abuse from one merchant to create cross-merchant fraud signals, or to take action against the customer’s card, email, or other details for other merchants.I'm surprised they were able to get Stripe to actually state all of this clearly. It
I dealt with millions of dollars in chargebacks with Stripe. We sold tickets, they're easy to re-sell and our customers were tourists visiting shows from all over the world.Stripe Radar was not a good product. It would score large numbers of very suspect transactions at a risk level of 1 or 2 (
The customer screwed you over, and then their bank did too. Stripe didn't. I'm not sure why Stripe is getting blamed in the title and the article.Yeah, maybe Stripe could do more without Radar, but I imagine it could also be fraught if Stripe was in the business of blocking customers from
At this point I’m fairly convinced Stripe is Paypal 2.0, at least in spirit:* Turns a blind eye to misdeeds on its platform* Locks out adult creators/vendors after taking their money* Is ubiquitous, but not well likedI love that Stripe changed the game of fintech and made it accessible to more
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
I run a saas and we get this every now and then.As a rule of thumb, when you get a chargeback you need to completely ban the customer from your db. This includes:- card ban - email address ban - fingerprint their access and banThis will save you a lot of hassle when they try to signup/buy your