They don't say why the hate Stripe, but presumably Stripe closed their account for fraud/spam/PBL reasons and took "their" money and won't give it to them. Whether or not this person/team succeeds, the real point is that spite is a powerful motivator. We all find motivation, in our own places, in our own ways, and spite is up there.
If they think the response from Stripe for fraud/spam/PBL was too harsh, wait until they see how their banking partners (Deutsche+Fargo) will handle that; if they can't even keep up a level of due diligence that's "clean" enough for Stripe, they'll eventually end up owing the whole company to the banks due to contractual penalties and cost of fraud.
A big reason why companies use an outsourced card payment service instead of going directly for a merchant account with banks is the difficulty of handling fraud & spam well, which is horribly expensive unless you have got a major economy of scale.
As a payment processor, your potential risk is larger than your turnover. And while Stripe might freeze part of your incoming funds, in this business you'll need significant upfront capital as collateral - which you'll lose if you're mediocre at handling fraud.
Yeah, you nailed it. They claim that their Japanese online Coffee shop was hit by a BIN attack and strip wouldn't let them back in, but didn't exactly give any details
I didn't know what BIN attack was until now but it seems to be essentially brute forcing card details until one succeeds. How is that even feasible and why would the sellers account be banned in the case someone got the right combo? Very strange and suspicious.
A BIN attack is feasible if the entry point lets you endlessly try card info. There's not that many, and issuers will give leeway on the card details (some won't care if the card holder's name is botched or completely wrong for instance)
That's also why a PSP will ban the seller if they let that happen on their payment page.
> A BIN attack is feasible if the entry point lets you endlessly try card info
Yeah, I just figured with all these fraud detection systems in place that rate limiting would be figured out and implemented. Regardless if the seller has a custom page or not, I still would think that PSP APIs would inherently disallow this to protect their customers.
The complicating factor is that every business is different, and there are legitimate cases where an influx of random card just happens, or a slow trickle of payments goes on at a steady pace.
In particular the PSP usually have no window on the seller's system (the seller handles the client and transparently passes the info to the PSP, contractually promising it won't peek into it). So they can't decide on their own if a set of payment requests come from a single end user or multiple ones.
There usually will be additional services and hooks to protect from these issues, but with additional fees attached to it, and a bit of dev to do on the seller side. Which means some smaller shops will forgo them and get bitten.
Good luck to them, but this is the "reason" crypto exists. I don't think we need (or can sustain) dozens of payment processors all with their own flavor of politics/dispute resolution quirks.
The uncomfortable truth is that the vast majority of consumers, both in terms of quantity and amount of money owned, would rather have a bank be liable when something goes wrong instead of being liable themselves.
Crypto is very much like gold. When it gets stolen, either due to your account getting hacked, your bank's account getting hacked, you being phished, you buying a phone and actually receiving a brick, or even your employee transferring all the money your company has and fleeing to China, there's no recourse.
That's not how traditional finance works. Most financial transactions are, to some degree, reversible, and many of those that aren't will be refunded by the bank / insurance / government in case of fraud. This is something that most banking customers want.
Apart from the myriad technical reasons that existing crypto transactions will never be a replacement for existing payment processors, I'm personally not interested in a payment system that makes all of my transactions a matter of public record.
- New currencies / economies (niche-specific wealth)
- Stop macro exploitation of intl economies
- Information available to all
- Sanity restored to money system / no more theft
- Sanity restored to content / no more censorship
Then sign me up! Or actually don't... I'll sign me up!
Crypto as in:
- Centralized exchanges
- Centralized content hubs and "vaults"
- Crypto twitter celeb ICOs and pump/dumps
- NFTs ZKPs PePes and emojis
- More corruption than ever
- More theft than ever
- Information obfuscated by memes and schemes
Then no thanks, I'm good. Crypto was cool in the beginning, just got steered into a mess that nobody wants anything to do with anymore (probably intentionally).
FWIW people are still building in the former list and never stopped. It's the "degen" speculators that got loud enough to overtake the public-facing narratives for their own personal gain.
I'm not sure this is a convincing take on crypto. At the end of the day, you still need an on ramp and off ramp to deal in it, regardless of whether that's a bank or some other third party. We've already seen multiple times that e.g. certain blockchain assets are blacklisted. If you ever tried to move or cash them, the most likely outcome is a SWAT team at your door once there's a link to your name, similarly any financial institutions or corporations mediating it would face severe punishment. So effectively those assets are fenced off, no one wants the risk, and the end result is not different from regular finance.
