It's an order over the internet. You don't actually know that. Even if the address verification passed, it only matches the zip and/or the numbers of the street address. Even assuming the address is perfectly correct, that doesn't prove authorization to charge the card -- since someone in the household could have used the card without authorization.

> I would have expected Stripe to use this evidence in some way to feed into the sophisticated machine-learning anti-fraud system. But No.

For all you know, the card holder had their card stolen, used on your website twice, and now you want to the victim of the theft to be penalized by stripe across their network.

You learned an important lesson-- one I had to learn too when I ran an e-commerce site -- when the fraudster emails you begging to let them place another order, your answer should always be no.

I'm quite surprised they were able to get Stripe to actually state all of this clearly. Its nice that Stripe actually communicates details like this. But you can see the logic behind why many other big companies would just respond with an opaque message like "thank you for your report, it will be handled in the appropriate manner". Because saying the truth gets people more upset.

As a rule of thumb, when you get a chargeback you need to completely ban the customer from your db. This includes:

- card ban - email address ban - fingerprint their access and ban

This will save you a lot of hassle when they try to signup/buy your product again and cause you the same amount of grief.

Can someone explain to me why Stripe (or a competitor) doesn't offer a setting "refuse transactions for cards that have filed > x chargebacks with <acquirer> merchants this year"?