This is sad. May be it is too late now. But you should have come to HN aka official Stripe Support Forum and ask for support first before closing it down.
It's a shame that we have to complain on social media to get an actual human response to this kind of thing. If Stripe decides to reverse their decision, I'll leave it up, but it will remain open source.
When I was starting up a small business, Stripe decided that it needed to “verify my activity” or some such nonsense and withheld all of my payments for several weeks. Meaning that I could not pay my team.
As far as I can tell, a client paid in a funky way that set off some automated system, and no real person was willing to work with me to get it resolved.
You have a choice when you partner with a payment gateway.
You can work with a laissez-faire gateway. It will not exist for long, because your company will be people who figured out they're not complying with various laws, so they will either disappear without a trace, or in the worst case scenario, take you down with them. You may end up having to explain to various authorities what you were doing.
Or, you can work with one that's serious about AML/KYC compliance. This means sometimes your account gets flagged for suspicious activity, and you have to play by their rules to get it back. Depending on the provider, they may actually have some ways for you to get your account back, or they won't be bothered.
Stripe is in the category of providers that will actually work with you to get your account back, but they're certainly not perfect. On the other hand, try something like Paypal and you're screwed. Or go with a different big player and find out how much nobody cares about you and the $40 a month of revenue you bring them.
Every time I hear some horror story about Stripe, either the account is back up and running very quickly, or the business was doing something egregiously bad. YMMV, this is just the professional opinion of someone who has been working in FinTech for a long time, and with Stripe for quite some time too.
How does crypto eliminate fraud? It eliminates KYC and AML (until you try to turn crypto into fiat), and you probably won't be held accountable for accepting a fraudulent transaction (yet), but stolen crypto wallets are definitely for sale and being used:
You're wallet being stolen does not count towards fraud for the store owner. The store owner verifies the transaction before sending the product. You losing your money before you make it to the store is unrelated
Every bank/money transmitter has a list of transaction patterns/behaviors that are basically red flags for criminal activity. A lot are heuristics based, few are right out documented anywhere, but one example is # of credit card/account numbers bound to an account, another is structuring, i.e. a paytern of transaction activity specifically intended to avoid bank reporting controls. Or stupidly, putting words that are high risk w.r.t sanction compliance in memo fields, or getting a false positive OFAC hit.
None of this is discussed with customers in a candid way; as a result it can feel very off putting. It's one of the things that bugs me about modern finance. It's too busy building itself into a governmental reporting mechanism, and far too prone to overreach through the exploitation of sanctioning mechanisms.
It's one of those "can't have nice things" sorta bits.
There are also explicit laws forbidding telling your customers of your suspicions ("tipping off" in the context of money laundering).
Of course, this doesn't mean your customer service agents should never be helpful and forthcoming, but it's easier and less risky to tell them to say nothing and burn the odd legit customer, rather than risk being on the wrong side of AML legislation.
If a mandatory reporter files a SAR, they are forbidden to share that info with customers. This doesn’t apply so much with payment processors. Stripe and others just don’t want to share their heuristics, because carders can thwart these heuristics. That’s more reasonable suspicion than some laws.
It's a shame there is no regulation protecting small business from these practices. It shouldn't be legal for a big corporation to shut down someone's business on a whim.
Sadly, not only is it legal, but it is incentivized. Financial service providers have enormous civil and criminal liability by tech company standards, and some regulations require them to use "risk-based" approaches to decline service to clients. The legal consequences of shutting out innocent small businesses are essentially nothing compared to the consequences of allowing a single criminal or terrorist to use their service.
The regulations in practice do the opposite. Customers can easily issue charge backs, which puts the cost of fraud on the payment processor, which makes them too aggressive with the big red button. It costs them less to vaporize a small business than for their fraud prevention system to have a false negative.
The right way to fix this is for something like Zelle to get a standardized payment request API. Then the merchant submits a payment request using the customer's email address (the only information the merchant needs from them, so no data breaches), and payments go through irreversibly if they haven't been contested in 30 days, or immediately if the customer affirmatively legitimates the payment on their bank's website/app because the merchant needs to be paid before delivering goods or services. (And payment requests from merchants the customer has never used before get denied after 30 days if not affirmatively legitimated.)
That also removes the credit card fees because it's really a bank transfer.
