There is a particular kind of dread that comes with checking your bank account on a Monday morning and finding nothing. Not a technical glitch. Not a delay. Just a clean, corporate email sitting in your inbox telling you that Stripe has placed a hold on your funds and that the review process is underway. No timeline given. No specifics offered. Just the word compliance, floating there like a weather warning with no satellite map attached.

This is not a fringe experience. It is not something that happens only to fraudsters, bad actors, or merchants selling products that exist in murky legal gray zones. It happens to supplement sellers, CBD shop owners, online coaches, dropshippers, adult content creators, travel booking companies, and nonprofit donation platforms. It happens to people who have been processing payments for months or years before Stripe’s algorithm, in some automated and often inexplicable fashion, decides that something about their account looks risky. And when it happens, the money stops. Your business, in many cases, stops with it.

I have been digging into how Stripe handles high-risk merchant categories for several months now, and what I found is a system that is, at its core, structurally designed to protect the processor at the expense of the merchant. The terms of service are written to give Stripe almost unlimited latitude. The support infrastructure is built to prevent real answers from reaching the people who need them. And the regulatory environment, until very recently, has offered these merchants almost nowhere to turn.

The Aggregator Problem

Most people who sign up for Stripe do not understand what they are signing up for. The onboarding flow is elegant, the documentation is thorough, and the whole experience is engineered to feel like you are opening a bank account for your business. You are not. You are becoming a sub-merchant under Stripe’s master merchant ID, sharing risk exposure with thousands of other businesses you have never met.

This distinction matters enormously. A former employee of a high-risk payment processor, who posted in a now-viral Hacker News¹ thread from 2022, laid it out plainly. Most traditional payment processors, the commenter wrote, underwrite a company before allowing it to process. Underwriting means they look over the business model and financials and make sure the business is an acceptable risk. So you are more likely to be declined initially, but if you are approved, you should be good going forward because the underwriters actually saw the deal.

Stripe, Square, and PayPal operate differently. They let anyone sign up and only underwrite when the account hits a critical revenue threshold. It is easy to get an account, but when you scale up, that is when you get scrutinized and potentially terminated. The commenter called this a very unethical practice because it lets merchants build their entire business infrastructure around a payment processor that can pull the rug out with no warning at any time.

Stripe’s own terms of service confirm this. The user agreement explicitly states that Stripe reserves the right to change the payout schedule, impose holds, or freeze an account as necessary based on their risk assessment. They may also consider your creditworthiness or the validity of the information you provided. As Easy Pay Direct² notes, this clause allows Stripe to impose holds, extend them, or even freeze and terminate accounts at their discretion, for any reason and at any time.

The Stripe-prohibited and restricted businesses list is long and detailed. It covers everything from online gambling and adult services to certain financial products, travel booking with long lead times, supplements, CBD, nutraceuticals, and subscription models with free trials. Many of these categories are entirely legal. Some of them represent multi-billion-dollar industries. But according to Stripe’s³ own documentation, restricted businesses may require prior approval before processing, and prohibited businesses cannot use the service at all.

The problem is that Stripe approves many of these businesses at signup, only to flag them later. Allen Kopelman, CEO of Nationwide Payment Systems⁴, put it directly in a November 2025 analysis of Stripe’s terms: initial approval is temporary, and if their automated systems later flag your business as restricted or high-risk, even if you were approved before, they can freeze your payouts and close your account without warning.

The Algorithm Does Not Know You

On September 15, 2022, a developer posted what became one of the most widely read accounts of Stripe’s behavior on Hacker News⁵. The post described a situation that has since become a template for dozens of similar complaints.

The developer had been running a business using Stripe Connect since 2016. Stripe’s staff knew its customers and its business model. He had had actual phone conversations with Stripe staff about his operations. Then one morning, a customer account was deactivated. Reason listed: Other.

He contacted Stripe support and got nothing. Frontline staff told him they would look into it. Days passed. When they finally escalated from every possible angle, phone, Twitter, and personal connections inside the company, the responses were all the same. Why was the account flagged? I do not have that information. What can we do to get this fixed? I do not have access to that information. Who does? I do not have access to that information.

After a week, the account was reactivated. No explanation was ever given. But that was not the end. The same morning that the resolution arrived, 35 percent of his client accounts were deactivated for being under review. One of those accounts was the same one they had just reviewed the week before. The post ends on a note that resonates across hundreds of similar stories: these accounts have hundreds of thousands of dollars in them being held hostage by an utterly incompetent team or algorithm that seems to lack any empathy for the havoc they wreak on businesses when they pull the rug out with no warning.

The pattern described in that post has become almost a genre of its own on tech forums and review sites. Merchants receive what SecureGlobalPay⁶ describes as a short and generic message that does not give much detail. Often, the email cites elevated risk or compliance concerns without specifying what those concerns are. And then the wait begins.

The Money Stays Put

What makes a Stripe account freeze so financially devastating is not just the loss of the ability to process payments. It is the simultaneous lockup of whatever money was already in the pipeline. Merchants can find themselves in a situation where they cannot process new transactions and cannot access money they have already earned from transactions that have already cleared.

The standard hold period is 90 days. But as DirectPayNet⁷ documents, the emails that merchants receive saying Stripe is holding their funds for 90 days are not reminders. They are renewals of the hold period. Combined with the 180-day window during which customers can initiate chargebacks, this can mean a merchant’s money is effectively frozen for the better part of a year. Some merchants report receiving the extension email multiple times, pushing the hold to 180 days or beyond.

The legal guide at Terms.law⁸ documents a number of specific cases. One merchant had their funds held for over six months following an October 2024 freeze, with the account closed and over sixteen thousand dollars locked inside. Stripe had originally promised release by October 2025, then extended the deadline to January 2026. After January passed, Stripe stopped responding entirely. Another case involved over eight hundred thousand dollars held since December 2024, with legal letters ignored for over eight months. One case, involving over four hundred thousand dollars, was only resolved after the situation reached the front page of Hacker News.

The legal implications of this are serious, and they are starting to get serious attention. Under California law, where Stripe is headquartered, every contract contains an implied covenant of good faith and fair dealing. This covenant prevents a party from exercising discretion in ways that are arbitrary or that frustrate the other party’s reasonable expectations. Indefinite fund retention without specific justification may exceed what is contractually permitted and could constitute conversion, which in plain terms means wrongful possession of someone else’s property.

Law firm Parag L. Amin⁹ noted in an April 2025 analysis that for California business owners in the one to twenty million dollar revenue range, these sudden financial disruptions can trigger a cascade of legal and operational complications. Cash flow interruptions do not just create inconvenience. They can make it impossible to pay vendors, meet payroll, and fulfill customer orders.

The Feedback Loop That Kills You

One of the most grimly ironic patterns in how Stripe freezes work is that the freeze itself can create the conditions that justify the freeze. Here is how it works. Stripe freezes an account and holds the funds pending review. This means the merchant cannot fulfill orders that customers have already paid for. Customers, finding their orders undelivered and unable to reach the merchant (who is busy trying to get Stripe to respond), initiate chargebacks. Those chargebacks show up as data in Stripe’s risk system, apparently validating the decision to freeze the account in the first place.

This feedback loop is not theoretical. The Terms.law legal guide documents one case involving $130,000 frozen after Stripe cited a rising dispute rate. The disputes had only arisen because Stripe had held the funds, preventing order fulfillment. The merchant was being penalized for a problem that Stripe’s own action had created.

The false positive rate in fraud detection systems across industries has been estimated at anywhere from 30 to 70 percent, according to data cited by Chargeback.io¹⁰. This means that a substantial portion of the merchants facing these freezes are not bad actors at all. They are collateral damage in Stripe’s risk management operations, caught in a system that was designed to protect Stripe’s liability exposure at scale, not to be fair to individual merchants.

On Reddit, the complaints are endless. One thread after another describes the same experience: a merchant builds their business, processes for months or years, then receives the email. Support tickets go unanswered. The support staff who do respond cannot offer specific information, either because they lack access to it or because they have been told not to share it. As DirectPayNet¹¹ observed, Stripe does not have to give any precise details about why they have taken action. They often cite elevated risk to their processing even when a merchant has a squeaky-clean processing history.

When the Vague Answer Is the Only Answer

I want to focus for a moment on the language Stripe uses when it communicates with merchants during a freeze. The words matter. When Stripe sends you an email explaining why your account has been restricted, the explanation typically falls into one of a handful of categories: elevated risk, unusual activity, compliance review, high dispute rates, or simply a reference to their terms of service without specifying which clause was violated.

None of these explanations gives a merchant the information they would need to actually fix the problem. Elevated risk compared to what? Unusual activity of what kind? Which specific transactions triggered the review? What documentation would resolve the concern? The answers to these questions are, in most cases, simply not provided.

Stripe¹² has a public explanation for why they do not share more details. On their support page about why some businesses are not allowed, they describe using a combination of transaction history, machine learning, supplemental business information, and common sense. They want to understand the actual risks posed by a specific business. This is a reasonable framework. But the implementation, as merchant after merchant has discovered, often means being told you are high-risk with no further explanation and no path to appeal that leads anywhere useful.

One developer in a 2023 Hacker News thread¹³ described running an AI image generation service that did not fall under any of Stripe’s prohibited categories and was not operating under any illegality. His account was shut down anyway. His conclusion: Stripe in 2023 is a joke. They will shut down your account when you make a decent amount of sales. Their fraud detection is terrible. The fact that the account was eventually terminated rather than reviewed and reinstated speaks to something structural. The risk system is optimized to remove potential problems, not to investigate them.

From a business standpoint, this makes a cold kind of sense. Stripe processes billions of dollars in transactions annually. Their risk of liability from a fraudulent merchant is real and measurable. Their cost of losing a legitimate merchant is diffuse and harder to quantify. So the system is calibrated to protect Stripe, and merchants who are not a good fit for the risk tolerance simply get cut loose.

The Flipcause Disaster and What It Reveals

No single case in recent years has made the stakes of Stripe’s fund-holding practices more visible than the collapse of Flipcause, a California-based nonprofit donation platform that filed for Chapter 11 bankruptcy in December 2025¹⁴.

Flipcause has processed over a billion dollars in donations for more than ten thousand nonprofits since its founding in 2012. By late 2025, the company was struggling to complete a sale and was quietly failing to transfer donation funds to the charities it served. The Better Business Bureau had issued a warning about complaint patterns as early as August 2025. A federal lawsuit had been filed. California’s Attorney General issued a cease-and-desist order in November 2025.

Then, on December 2, 2025, Stripe notified Flipcause of an internal review. Two days later, Stripe terminated services and froze approximately $2.2 million in funds. The spark that triggered this, according to bankruptcy court filings, was a warning from Mastercard. In October, Mastercard had written to Stripe, warning that Flipcause might not be transferring funds to nonprofits, and warning that Mastercard could assess fines on Stripe of $190,000 due to Flipcause’s conduct. Fifteen days after Stripe pulled the plug, Flipcause filed for bankruptcy. Over 3,200 nonprofits were left as unsecured creditors, owed a combined $29 million.

The Flipcause case is not a simple story about Stripe doing something wrong. The company’s executives had extracted millions of dollars in compensation in the months before filing, while donations went untransferred. Stripe’s termination may well have been justified under the circumstances. But the case illustrates something important about how Stripe’s fund-freezing mechanism operates when the stakes are high. When Flipcause asked the bankruptcy court to release the frozen funds so that nonprofits could receive their donations, Terms.law¹⁵ shows that Stripe filed a 13-page objection, arguing it faced up to $6 million in potential chargebacks and fines, and that a complete third-party accounting should be undertaken before any money was dispensed.

Stripe’s legal position was defensible. But for the nonprofits watching this play out, organizations that had done nothing wrong and were simply waiting for donors’ money to reach them, the experience of watching a payment processor hold the money in a bankruptcy court fight while their programs stalled was a visceral education in how the system works. The money flows through Stripe. Stripe decides when it stops. And Stripe fights hard to keep it stopped when it believes its own exposure is at risk.

The Regulatory Push That Is Starting

For most of Stripe’s existence, the legal framework governing how payment aggregators can treat merchant funds has been minimal and fragmented. Stripe is not a bank. It is not regulated as a bank. It does not have FDIC insurance obligations, capital reserve requirements, or the due-process protections that come with being a depository institution. Its merchant agreements are contracts, not banking relationships, and contract law does not offer the same protections.

This is beginning to change, at least in some jurisdictions. Starting April 28, 2026, new UK regulations will require payment service providers to give merchants 90 days’ notice before terminating accounts and to provide sufficiently detailed explanations for termination decisions, according to legal analysts tracking the issue. US merchants, who lack equivalent protections, can point to this as a precedent and argue that sudden terminations without explanation violate the implied covenant of good faith, but it is an uphill fight in American courts.

The regulatory pressure is coming from another direction as well. In late 2025, Stripe’s stablecoin subsidiary Bridge applied for a national trust bank charter with the Office of the Comptroller of the Currency. Four major organizations filed opposition letters. The National Community Reinvestment Coalition¹⁶ called the application deeply problematic, citing Stripe’s history of merchant complaints, ongoing litigation, and a 2020 Massachusetts enforcement action in which Stripe paid $120,000 and agreed to improve fraud controls after facilitating payments for a fraudulent cryptocurrency operation.

According to Payments Dive¹⁷, the Bank Policy Institute warned that approval could significantly increase risks to the US financial system. The Independent Community Bankers of America called it dangerous regulatory arbitrage. These organizations were making arguments about systemic risk in the banking sector, not about merchant protection specifically. But the letters cited Stripe’s track record with merchants as evidence of governance and compliance weakness that would normally weigh against granting a federal charter.

Despite that opposition, Bridge received a conditional OCC approval in early 2026. The story is not over. Post-approval requirements include capital standards, compliance reviews, and ongoing examination cycles. A federal charter does not end the regulatory scrutiny. It begins a different, more demanding version of it.

What Merchants Can Actually Do

Reading through forum posts, legal guides, and merchant advice columns, the practical guidance available to merchants facing a Stripe freeze is remarkably consistent. It is also, taken as a whole, a fairly clear picture of how limited your options actually are.

The first step, universally recommended, is to open a merchant account with another payment processor immediately. Not to fight the freeze. Not to get the money back. Just to keep the business alive. This is survivalism advice. It acknowledges that the fight to get your Stripe funds released is likely to be long and unreliable, and that you cannot afford to wait for it.

The second step is documentation. Save every email. Take screenshots of every dashboard notification. Keep records of every support ticket, every upload, and every communication with Stripe. If you end up pursuing legal action or filing for arbitration, which is the route recommended by several legal resources because Stripe’s user agreement includes an arbitration clause, this documentation is your case.

The third step is escalation. Stripe’s frontline support, as dozens of accounts confirm, is structurally unable to give you useful information or make decisions about frozen funds. The only routes that have produced results in documented cases are posting the situation publicly on platforms where Stripe’s reputation is visible, engaging a lawyer who can send a formal demand letter, or filing in arbitration. One merchant in the Terms.law case database got its four hundred thousand dollars released only after the situation hit the front page of Hacker News. Another only got resolution after legal letters that Stripe initially ignored were followed by formal arbitration filings.

For merchants in explicitly high-risk categories, the advice is blunter. If you’re in a category that Stripe considers permanently prohibited, the account freeze is final. Stripe has built their business model around serving low-risk merchants, and it won’t make exceptions. The right move, in those cases, is not to fight. It is to find a high-risk merchant account provider, which comes with higher fees and more paperwork, but also comes with a relationship built on the understanding of what your business actually does.

The Bigger Picture Nobody Talks About

There is a structural truth underneath all of this that rarely gets stated plainly. Stripe became a nearly $160 billion company by making payment processing frictionless. The ease of signup, the developer-friendly API, the clean dashboard, and the global reach are genuine achievements. They solved real problems for millions of businesses that previously had no good way to accept online payments.

But the business model that made this possible requires Stripe to sit on top of the traditional banking and card network infrastructure, which comes with risk rules that Stripe did not write and cannot easily negotiate around. Stripe is ultimately accountable to Mastercard, Visa, and the banks that underlie its operations. When those entities flag a category as risky or issue a violation letter, as Mastercard did with Flipcause, Stripe’s response is to protect its own position in the network, not to protect the merchant.

This is not malice. It is the logical outcome of Stripe’s position in the financial stack. But the gap between how Stripe presents itself to merchants and how it actually behaves when the risk system fires is enormous. Stripe presents itself as your payment partner. When the algorithm flags your account, you discover that the partnership has terms you never quite understood, written in a language of risk management that was never really designed to include you.

The Enterpret¹⁸ analysis of Stripe’s public feedback, drawing from Twitter, Reddit, Google Play Store, the Apple App Store, and G2, found that locked accounts and frozen funds dominate the complaints across all platforms. The report acknowledged the difficulty of knowing which complaints come from innocent merchants caught in automated systems and which come from bad actors unhappy about enforcement. But it concluded one thing clearly: Stripe’s customer support is overwhelmed, and it is very hard for users, legitimate or not, to get meaningful help.

The word compliance is doing a lot of work in those support emails. It signals regulatory necessity without specifying which regulation. It implies that the decision was not Stripe’s but rather something imposed on Stripe from outside. It makes the freeze feel like a fact of the financial universe rather than a choice made by an algorithm and rubber-stamped by a risk team. And it protects Stripe from having to explain itself, because explaining itself might involve disclosing the criteria of the system, which would immediately be gamed by the people the system is actually meant to catch.

For the merchant on the other end of that email, sitting with a frozen account and a growing list of unfulfilled orders, the word compliance is the least useful word in the English language. It is, in a meaningful sense, no explanation at all.

A Note on What Should Change

I am not making the argument that Stripe should have no risk controls. The payment infrastructure that keeps online commerce functional depends on processors being able to remove bad actors quickly and without advance warning that would let them drain accounts before termination. The 2020 Massachusetts enforcement action, in which Stripe was penalized for facilitating payments for a fraudulent cryptocurrency scheme, shows that the risks of being too permissive are real and legally costly.

But there is a meaningful difference between removing a merchant who is actively committing fraud and locking the funds of a supplement seller or a nonprofit donation platform for 180 days with no explanation that would help them understand what they did wrong or what they could do to fix it. The current system conflates these two situations in ways that cause substantial and unnecessary harm to legitimate businesses.

The UK regulation requiring 90 days’ notice and a meaningful explanation before termination is a reasonable floor. The argument that explaining termination decisions would help bad actors game the system has some merit, but it does not justify leaving innocent merchants without the information they would need to appeal or migrate. A system that tells you only that you are high-risk and that this decision is final is not a compliance system. It is a black box with a billing address.

The merchants posting are not all bad actors with grievances. Many of them are people who built real things, employed real people, and served real customers, and who found out too late that the payment infrastructure their business depended on was never really theirs to rely on. That is worth saying out loud.

Sources

1. “Stripe has decided to nuke my entire business,” Hacker News, news.ycombinator.com/item?id=32854528. Accessed 27 Mar. 2026. ↩︎
2. Easy Pay Direct, www.easypaydirect.com/blog/stripe-holding-funds-and-how-to-fix-it/. Accessed 27 Mar. 2026. ↩︎
3. “Prohibited and Restricted Businesses” Stripe, stripe.com/en-th/legal/restricted-businesses. Accessed 30 Mar. 2026. ↩︎
4. Kopelman, Allen. “Stripe’s Terms of Service: What Merchants Don’t Realize Until It’s Too Late” Payment Solutions To Grow Your Business, 4 Nov. 2025, nationwidepaymentsystems.com/stripes-terms-of-service-what-merchants-dont-realize-until-its-too-late/. Accessed 30 Mar. 2026. ↩︎
5. “Stripe has decided to nuke my entire business” Hacker News, news.ycombinator.com/item?id=32854528. Accessed 30 Mar. 2026. ↩︎
6. “Stripe Account Frozen or Closed? What It Means and What to Do Next” SecureGlobalPay Merchant Account Services, 22 Oct. 2025, secureglobalpay.net/stripe-account-frozen-closed/. Accessed 30 Mar. 2026. ↩︎
7. Sparagis, Maria. “Stripe Paused Payouts: Why and How to Save Your Business” DirectPayNet, 13 Sept. 2024, directpaynet.com/how-long-stripe-holds-funds-and-what-you-can-do-about-it/. Accessed 30 Mar. 2026. ↩︎
8. Tokmakov, Sergei. “Stripe Froze Your Money? Here’s How to Get It Back” Terms.Law, 3 Mar. 2025, terms.law/2025/03/03/when-stripe-holds-your-money-the-definitive-legal-guide-to-getting-your-funds-released/. Accessed 30 Mar. 2026. ↩︎
9. “When Stripe Freezes Your Business Funds: Legal Solutions and Protection Strategies” Law Office Of Parag L Amin, P.C., 3 Apr. 2025, www.lawpla.com/blog/when-stripe-freezes-your-business-funds-legal-solutions-and-protection-strategies/. Accessed 30 Mar. 2026. ↩︎
10. Sterling, Theodore. “Stripe Closed, Suspended, or Froze My Account: Here’s What to Do” www.chargeback.io/blog/stripe-closed-suspended-my-account. Accessed 30 Mar. 2026. ↩︎
11. Sparagis, Maria. “Stripe Account Suspended? Here’s Why You Should Always Have a Back-Up Plan!” DirectPayNet, 4 Jan. 2021, directpaynet.com/stripe-account-suspended-heres-why-you-should-always-have-a-back-up-plan/. Accessed 30 Mar. 2026. ↩︎
12. Lyon, Danika. “Why some businesses aren’t allowed” 12 Aug. 2016, stripe.com/blog/why-some-businesses-arent-allowed. Accessed 30 Mar. 2026. ↩︎
13. “Stripe is no longer a suitable payment processor” Hacker News, news.ycombinator.com/item?id=36967159. Accessed 30 Mar. 2026. ↩︎
14. Shabazz, Rasheed. “Donation platform Flipcause filed for Chapter 11 bankruptcy” Oakland Voices, 21 Dec. 2025, oaklandvoices.us/2025/12/21/flipcause-bankruptcy-chapter-11-nonprofits-owed-millions/. Accessed 30 Mar. 2026. ↩︎
15. Tokmakov, Sergei. “Stripe Froze Your Money? Here’s How to Get It Back” Terms.Law, 3 Mar. 2025, terms.law/2025/03/03/when-stripe-holds-your-money-the-definitive-legal-guide-to-getting-your-funds-released/. Accessed 30 Mar. 2026. ↩︎
16. “NCRC Comment in Opposition to Stripe Inc’s National Trust Charter Application » NCRC” 18 Nov. 2025, ncrc.org/ncrc-comment-in-opposition-to-stripe-incs-national-trust-charter-application/. Accessed 30 Mar. 2026. ↩︎
17. Payments Dive, www.paymentsdive.com/news/stripe-faces-bank-charter-pushback/806275/. Accessed 30 Mar. 2026. ↩︎
18. “Stripe cracks down on scammers but mistakenly freezes out innocent users” www.enterpret.com/blog/stripe-cracks-down-on-scammers-but-mistakenly-freezes-out-innocent-users. Accessed 30 Mar. 2026. ↩︎