Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I hate seeing comments like this because Stripe’s hands are tied here. Anytime a bank or payment processor has frozen or shut down an account and you’re getting stonewalled it’s almost guaranteed to be an AML related issue and it’s against the law for them to tip a customer off that their account is being or might be investigated for suspicious activity. This isn’t Stripe deciding that you’re a fraudster and so you’re undeserving of help. This is Stripe doing business in compliance with the law. I’m not saying that makes it acceptable but if you’re upset about the behavior described in this post call your Senators and Representative to complain about the Bank Secrecy Act and the USA PATRIOT Act; they’re to blame for this sort of frustrating non-response.


I don't think that's accurate.

I do some payments that are ridiculously suspect but legal.

I have never been completely blackholed and given robot responses, any time a problem comes up.

Stripe is lower margin than other banks/payment providers, so they don't look very hard.

They have a very strong incentive to throw away troublesome customers, which they do.

I don't think it's right to say Stripe's "hands are tied".

They could spend more to identify false positives, but they don't.

If I used Stripe for all of my transactions I would be blocked. I know this because I have 100% confirmed this from an inside source at Stripe and at a countries central bank.

Yet somehow I have and continue to maintain accounts with other banks without breaking the law.


> it’s against the law for them to tip a customer off that their account is being or might be investigated for suspicious activity

What law do you think forbids this? In my experience running global payments through multiple rails, on an OFAC/risk ping you typically get a request for enhanced due diligence, which normally looks to the payee like “send me a picture of your drivers license”.

The most common result is that O Bin Laden (matching the OFAC list) is actually Oscar bin Laden; with further info you disambiguate the payee from the OFAC listed entity and are allowed to transact.

I have never encountered a reg that says you are obliged to ghost your customer.


In the UK at least, section 333A of the Proceeds of Crime Act 2002? (Disclaimer: not a lawyer)

See https://www.lawsociety.org.uk/topics/anti-money-laundering/t...


The Bank Secrecy Act. And I don’t “think” it. I know it.


While this is clearly "a thing", I would be a fine bottle of wine that the OP's issue is not one of those things, and is just some dumb algorithmic or overworked fraud prevention contractor problem.

I would bet that 99.9% of the Stripe (and Paypal) horror stories that get posted almost weekly are _not_ federal money laundering or terrorism financing investigations with legal secrecy provisions imposed on the payment processor.


Which bit of the BSA?

edit: As I re-read the thread I see that I am thinking more of onboarding KYC, as opposed to this case which would be ongoing-activity investigation. So that would explain the difference in expectations here. Still interested in learning more about the regs for ongoing investigations if you have time to share!


The bit at 31 USC § 5318(g)(2)(A) under the title “Notification prohibited.” FinCEN has also promulgated confidentiality rules thereunder. I don’t have a pincite for that but I believe it’s tucked amongst their record keeping rules.


Thanks!

For anyone following along, text at https://www.fincen.gov/resources/statutes-and-regulations/ba... > https://www.govinfo.gov/content/pkg/USCODE-2020-title31/pdf/....

This is for SARs (Suspicious Activity Reports). (At least, that's the one I've encountered before, there may be other forms too).


Unless you are a federal prosecutor, law enforcement officer, or bank executive that has actively worked on a Bank Secrecy Act case, I don't think you can authoritatively state that this sort of cowboy-style, "Move Fast and Break Things" way of blitz-scaling revenues while downscaling customer service favored by companies such as Stripe has ANYTHING to do with the Bank Secrecy Act.

If anything, I would bet that regulators would be concerned about the fact that companies such as Stripe have triggered a race to the bottom whereby underwriting has become an after-the-fact exercise that can severely damage and/or kill a high-growth SME. The old way, where you filled out a ton of paperwork, provided every bit of information possible about you and your business, and then went back and forth with a human to get approval, was a much more stable way to business. But alas, when you've got former bank governors on your payroll and political mega-PAC donors on your cap table, people don't scrutinize very much.


I am indeed more than qualified to “authoritatively state this”. Even by the ridiculous standards you’ve outlined. And I would be more than happy to take that bet.


So you’re stating that you have been involved in a situation in which a merchant account was frozen due to circumstances involving the Bank Secrecy Act? I just want to be completely certain that this is the assertion?


Wouldn’t that only apply to investigations by e.g. Fincen? How many of these are just internal risk triggers by Stripe? Why would they have to stonewall you in those cases?

(Obviously it’s quite difficult to know the ratio of cases like these involving government investigations and those involving their own internal risk procedures.)


Sure, and my experience is outside finance (more spam and fraud prevention).

Even if it is government under the hood you have to know what you're accused of. Not American so I doubt the US political system is interested in hearing from me, but I agree that's the only way of solving the deeper AML problems.


> Even if it is government under the hood you have to know what you're accused of.

This is exactly why the whole process is suspect. The government farms out the policing of certain financial crimes onto the financial institutions as a prerequisite for operating the business. If the government came along and froze your bank account you’d have a right to ask why and a right to get some answers. But instead the government pawns the responsibility off onto businesses and then prohibits those businesses from telling you why.

And so the BSA and Patriot Act effectively allow the government to take your property and take away your right to confront the government about why they took your property. And it’s all on merely a vague suspicion of misconduct. No proof whatsoever.

I can’t help but laugh at the irony— the federal government laundering their otherwise unconstitutional activities through the banks.


Interesting to notice the censorship of speech on social media is implemented the same way. The government does not remove undesirable information directly, instead it calls up all major platforms "for a chat" and tells them to voluntarily remove it, or face Congressional hearings and likely further unpleasantries down the road. An offer they can not refuse. Looks like they think they found a loophole in the Constitution and they are going to mine it for all the power they can get from it.


I'm trying to understand your position here:

You think AML/KYC laws, as they currently exist, are unconstitutional?

edit:

That's a fine position to have, but it's a fringe one, and I don't think you should be offering it as a reason why Stripe does what it does that's generally accepted by everyone else.


No. I don’t think it’s unconstitutional which is why I said “otherwise unconstitutional”. And you’re (perhaps deliberately) completely misunderstanding and conflating my two comments. I am quite confident that OP’s problems with Stripe are AML related which is not at all a “fringe” position.


> I am quite confident that OP’s problems with Stripe are AML related

I'm curious as to why you think that? Is this a way way more common thing than I expect? Or is "My startup uses Stripe Connect to accept payments on behalf of our clients" a raging red AML flag I don't recognise (I've never done that, so it could easily be)?


I’m confident it’s an AML issue because they’re getting stonewalled which is standard operating procedure when a Suspicious Activity Report has been filed. I don’t think using Stripe Connect is the red flag.

The thing with SARs is that they tend to be cascading as OP described. So if I (innocently and totally coincidentally) do a transaction with someone who has been flagged for suspicious activity my account might now be flagged as “higher risk” for suspicious activity and will be monitored more closely.

And, if they decide they’ve found suspicious activity in my account then everyone who does business with me is at risk of having their accounts flagged as “higher risk” for closer monitoring and so on.

And the bank isn’t allowed to tip anyone off because if any of those accounts are actually laundering money they might suddenly withdraw it and then the “lead” from the SAR is moot. It’s actually a crime to notify someone about the suspicious transaction(s). Which is why you get stonewalled.


Those laws certainly feel like guilty until proven innocent or in many cases, guilty no chance to prove innocence.


Exactly. Not fringe. Part of the normal struggle for existence.


It'd be unconstitutional, were the government in charge, without due process.


>almost guaranteed

The issue most people in this thread are talking about exists in the almost. If it was always guaranteed, then there would not be so much evidence to the contrary.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: