$ 41k Loss: Stripe Security Failure – Allows Instant Payrout to Debit Cards With New Accounts Accounts | by Forreddit | Feb, 2025

This is to show screenshots for: Hacked by Stripe – $ 41k lost, no real help from support. What’s today? : R / Stripe

The stripe promotes himself as a safe, reliable payment platform. But if $ 41,000 is stolen from our account – despite following self strife instructions – the company refuses to pay the US, standing on a system that fails.

Our platform is exclusively allowed Stripe Standector Accounts through Stripe content – a setup that is always in place. Every stripe’s Service Agreement (SSA)If any changes are made in this configuration, we must be informed. However, despite our strict situations, 6 unauthorized Express Accounts managed to join our platform and withdraw funds.

Our platform in stripe confitment only allows standard accounts. We have this connection switch as follows:

Meaning: No expression an account that needs to join our platform to accept only standard accounts.

The stripe’s own documentation is clearly stated:

Meaning: Without the choice of yes, it is impossible to withdraw debt debt debt.

Our account settings have not changed during the attack, and Hacker does not have access to our Dashboard (stripe confirmed). These settings live on the Dashboard:

Meaning: Our account has the correct settings in place to not allow debit card withdrawal to make it impossible to give up in such a way.

In addition, as shown below, the connected account of the question is a newly made account on our platform, before stealing funds from our account:

The stripe documentation clearly expresses very clearly, in Bold, which: New stripe users do not immediately fit for instant payments.

Meaning: These new accounts should not have made a speedy payment.

By own rules, stripe should prevent this attack on multiple levels. However, this has occurred – suggests a severe error in striks security mechanisms. There is stripe’s own safeguards worked as advertised, this fraud is impossible.

According to own stripe policies, this situation cannot be. However, it happened – indicates a failure of stripe security protocols.

If the stripe does not allow these new express accounts to immediately make charge of debits, we are not in this situation.

This stripe security failure we trust is a backup for any security issues on our side to losing funds and stripes is responsible for paying. The stripe position has become we do not pay and we look into the situation.

Should not be answered that they will look into the situation and then make a decision if warant warry a reimbursement ???

At least, stripe should be fully inspected and THEN determined if the recurrence is prepared. However, they dismissed our claims directly – despite clear evidence that their own security policies failed.

If stripe’s Constructed safeguards Isn’t sure to protect, what does every business depend on their platform?

We call the stripe recognized their failure and have a responsibility. If they don’t, how to have any business sure their funds are certainly secure?