New ask Hacker News story: Stripe Shutdown Our Nonprofit's Account, Holding $12k in Donations Hostage
Stripe Shutdown Our Nonprofit's Account, Holding $12k in Donations Hostage
4 by nickwelsh | 1 comments on Hacker News.
Our founder woke up to a gut-wrenching email from Stripe today, reading "We're writing to you because, after conducting a routine review of your Stripe account for Integrate for Good (account ID: [**]), we've found that it presents a high level of risk for customer disputes." We're a very small, hyper local nonprofit and have been using Stripe without any significant issues for over four years. Radar has flagged only one charge in the past year, and we've had just a single dispute since opening our account. We requested further review of our account and supplied Stripe with further information in the dashboard. Just 45 minutes later, we received a second email confirming their decision to close our account. I find it hard to believe that Stripe was able to "conduct another review of [our] account" in such a short span of time. While trying to figure out what could possibly present "a high level of risk for customer disputes," only one recent, major incident comes to mind. About two months ago, we experienced a security breach where an unauthorized user gained access to the account owner's Stripe login. They attempted to send six large invoices, of which only two went through. We promptly resolved the issue by resetting passwords and multi-factor authentication, and we refunded the wrongful charges. We contacted Stripe support to ensure everything was in order. Support was helpful, they said they would escalate the issue and ensure everything was fine. A few days later, the owner's login was disabled by the security team. Getting it enabled again took nearly two months of trying to get in touch with support. Stripe was emailing us, but the emails were going into the ether. The attack hit the owner's inbox as well, as rules were configured to delete all incoming emails from Stripe, something Stripe support caught! Once we sorted out that mess, we discovered Stripe withheld over $12,000 in donations while the login was disabled. The funds were scheduled to be released today, the same day the account was cancelled. That's $12,000 of donations people have made that we can't access. We are very small, and very much need access to that money to keep our programs running. It took months for us to get there, but only 45 minutes for Stripe to decide to kill our account. We want to figure out what's going on and how to resolve this, but Stripe has disabled both live chat and phone support for our account. (I'm still able to use those options in other Stripe accounts under the same login). Overnight, we've gone from planning our largest annual fundraiser, to considering pulling the plug altogether. We are incredibly frustrated by the complete and utter lack of transparency, the inability to contact Stripe, and absolute hopelessness we're feeling. If anyone knows someone we can hop on a call to discuss this situation with, please leave details or contact us at: Founder & Executive Director: bev@integrateforgood.org Director of Technology (me): nick@integrateforgood.org
4 by nickwelsh | 1 comments on Hacker News.
Our founder woke up to a gut-wrenching email from Stripe today, reading "We're writing to you because, after conducting a routine review of your Stripe account for Integrate for Good (account ID: [**]), we've found that it presents a high level of risk for customer disputes." We're a very small, hyper local nonprofit and have been using Stripe without any significant issues for over four years. Radar has flagged only one charge in the past year, and we've had just a single dispute since opening our account. We requested further review of our account and supplied Stripe with further information in the dashboard. Just 45 minutes later, we received a second email confirming their decision to close our account. I find it hard to believe that Stripe was able to "conduct another review of [our] account" in such a short span of time. While trying to figure out what could possibly present "a high level of risk for customer disputes," only one recent, major incident comes to mind. About two months ago, we experienced a security breach where an unauthorized user gained access to the account owner's Stripe login. They attempted to send six large invoices, of which only two went through. We promptly resolved the issue by resetting passwords and multi-factor authentication, and we refunded the wrongful charges. We contacted Stripe support to ensure everything was in order. Support was helpful, they said they would escalate the issue and ensure everything was fine. A few days later, the owner's login was disabled by the security team. Getting it enabled again took nearly two months of trying to get in touch with support. Stripe was emailing us, but the emails were going into the ether. The attack hit the owner's inbox as well, as rules were configured to delete all incoming emails from Stripe, something Stripe support caught! Once we sorted out that mess, we discovered Stripe withheld over $12,000 in donations while the login was disabled. The funds were scheduled to be released today, the same day the account was cancelled. That's $12,000 of donations people have made that we can't access. We are very small, and very much need access to that money to keep our programs running. It took months for us to get there, but only 45 minutes for Stripe to decide to kill our account. We want to figure out what's going on and how to resolve this, but Stripe has disabled both live chat and phone support for our account. (I'm still able to use those options in other Stripe accounts under the same login). Overnight, we've gone from planning our largest annual fundraiser, to considering pulling the plug altogether. We are incredibly frustrated by the complete and utter lack of transparency, the inability to contact Stripe, and absolute hopelessness we're feeling. If anyone knows someone we can hop on a call to discuss this situation with, please leave details or contact us at: Founder & Executive Director: bev@integrateforgood.org Director of Technology (me): nick@integrateforgood.org
Comments
Post a Comment