How does onlyfans.com work around the “no porn” Stripe rule?

Cascading payments might be the real answer, and shuffling higher risk charges to non-Stripe providers, but in my experience, Stripe can get pretty moralizing pretty quickly.

We built an adult ecommerce site (purely toys for purchase, no porn) and because other adult toy sites had been successful on Stripe, Stripe assured us this wouldn't be a problem.

Six months and several million dollars processed later, Stripe informs us we're going to be deplatformed because Wells Fargo (their banking partner) had reviewed our account (apparently because of its volume) and determined we violated their standards because of the nature of the toys.

We did a bit of back and forth where Stripe suggested we alter the colors available (seriously) to assuage Wells Fargo's puritanical concerns, and Stripe insisted it wasn't _their_ moralizing, but rather Wells Fargo (paragons of fucking virtue as they are), but we weren't willing to compromise on the nature of our product or have our product's options or colors dictated to us by one of the most corrupt banks on the planet.

We ended up deplatforming and moving to a high-risk processor who was willing to match our competitive Stripe rate. That processor sucks and their fraud protections are weak and their interface is garbage, but they're not telling us how to run our business.

Was mostly disappointed that we went through an arduous review process with Stripe beforehand and received assurances we'd be fine since our chargeback rate is insanely low and we ship actual physical product and have no nudity on our site, but alas.

Since, I know a friend in this industry, let me explain what's going on here. Yes, OnlyFans uses Stripe, but that's not the entire story.

In the adult/porn world, there's a high amount of chargebacks and fraud relative to low-risk industries like SaaS software. If you pass a certain chargeback threshold in the adult industry, your account is terminated, and no payment processor will do business with you.

To reduce the likelihood of passing that chargeback threshold and being banned, OnlyFans uses "cascading payments", which essentially load balances the payments across multiple payment processors in order to reduce their chargeback ratios across their merchant accounts.

The payment is either processed by Stripe, Securion, CCBill(the leading payment processor for adult), or another company.

Last time I checked the network requests, I noticed it was storing the card on Stripe, CCBill, and Securion, but using CCBill or Securion to process the payment.

I think Stripe is there for models on the site who don't sell adult content. OnlyFans probably does a check to see if the page is adult-related and if it is, then routes it to the correct payment processor.

My understanding is the rules are dictated by Visa/MC/Amex, and are largely based on chargeback risk for categories of merchants. There are likely further legal and pearl-clutchy reasons that combine to just out and out ban.

Anecdote: we talked with every payment processor around for a product we were making that involved storing and spending value from a digital wallet. It was close enough to various Visa/MC rules and money transmitting statutes that the usual response was arguing for a few weeks about why we comply until higher management decided something akin to: well if you had a lot of volume we’d take the risk dealing with it, but you don’t so it’s not worth our time.

Last ditch effort was Stripe, who said: sure! And we asked again with more detail, making sure they saw the same issues and wouldn’t make us tear it down in a month. They said: sure! Did it a third time higher up for diligence, and finally just came to the conclusion they have different priorities and are getting big enough to use their scale to throw some weight around for all the small merchants.

Often, when the market doesn't provide an essential gateway service to a law-abiding subpopulation, some sort of 'public option' is proposed.

Not enough market housing, offer public/subsidized options. Not enough low- or no-cost private education, offer public schools. Too little affordable healthcare/insurance, offer Medicaid, a 'public option', single-payer. Public transport.

Should the government offer a 'public option' payment-processor of last resort, with guaranteed service for all legal but unpopular businesses? A service that couldn't reject camgirls, weed-sellers, Alex Jones, gun shops, etc?

Many of the rules aren't rules. We ran a travel company and used Stripe in the past, which is also one of the disallowed industries. We got approval from Stripe after proving that we have a negligible fraud & chargeback rate due to being focused on business users

How do you find out what payment processor(s) a given site uses?

I know that some provide methods whereby a site can have the actual payment entry form served and processed by the payment processor instead of by the site's own server, so you'd be able to see from the user's end where they payment is actually being processed.

I've never done a survey, but just anecdotally most sites I've encountered seem to not be using that option. Their payment entry form comes from their own site and posts back to it, where their own back-end handles dealing with their payment processor's API.

Using the method where the user interacts directly with the payment processor does have the advantage that it simplifies PCI compliance. If your systems never even see the credit card, just receiving a token from the payment processor at the end of the transaction that you can use to initiate subsequent on-file or recurring transactions, most of PCI goes away for you.

On the other hand, that also means that you are stuck with that payment processor for on-file or recurring transactions for that customer. Your token from payment processor X is completely worthless for doing charges at payment processor Y.

If I was in a business that has a significantly above average risk of running into payment processor trouble so I might need to change processors, I'd want to store the credit cards myself. That makes it possible to change payment processors without having to get all of your subscription customers to come back and re-enter credit card information [1].

[1] Well...at least for now. I'm not sure if that will still be possible if the Visa stored credential framework ever actually becomes required. Briefly, under the SCF requirements when you store a credit card, you have to send a flag to Visa with the transaction saying you are storing it. On subsequent on-file or recurring transactions, you have to send a reference to the transaction that stored the card.

The problem is that you reference that transaction by sending Visa's transaction number. But Visa's number for transactions is generally not the transaction number you get from your payment processor. The payment processor has its own transaction numbers and those are what you see.

I believe MC is also doing SCF. Not sure about Discover and Amex. It was supposed to become mandatory something like two or three years ago, but payment processors kept asking for extensions.

Onlyfans is a platform for content subscriptions. It just happens to be a popular platform for adult content.

Also, it surely makes them a ton of money.

As a payment processing fintech builder for several decades the many comments about diversifying across processors is correct. The misunderstanding here for many may be that knowledgeable business owners (merchants) always have more than one processing account each with a different entity holding the risk, think multiple banks. Having multiple processors, aside from the point of this question, directly relates to up time and availability of which nearly all rely on the "middleman" - Have a backup! However problem businesses and their business owners that get caught being nefarious earn a permanent place on the card brands "list" that forbids them from taking card payments in the future. An individual business can have multiple merchant accounts and as with anything else once one understands how a system works it can then be manipulated to fit ones need.

Probably because the content is not public. I heard users just share cat pictures, so there is plausible deniability.

That's a good question, since Stripe backed out at the VERY last minute for a customer of mine who sells alcohol over the internet, despite repeated assurances it would be fine.

My guess is Onlyfans has a very low rate of chargebacks/fraud and negotiated a special deal with Stripe.

The reason that rule is there is because most adult sites are dodgy.

Doesn't Patreon (which also has a lot of porn content) also use Stripe as a payment processor?

How much of the internet traffic is actually pornography in general? I have heard a lot of anecdotal hearsay that it constitutes a majority.

Why do you think the porn industry is prone to more fraud/risk?

My guess would be that Onlyfans do a lot of fraud prevention on their end and negotiated an exception with Stripe...

Would it be possible to sidestep the issue completely?

Is your industry one that you could start pushing for cryptocurrency for payments? You'd be basically reducing your risk to zero and by using a stable token you would also have no volatility.

Somewhat related, a story that digs into who's running onlyfans.com: https://forensicnews.net/2020/08/13/onlyfans-faces-allegatio...

If anyone is interested in talking about fraud prediction or high risk adult payment transactions, I have been looking at this space and think there are some interesting opportunities. Email in profile.

This thread is a aompelling argument for Bitcoin/LN as an intermediary--just saying. It's getting easier every day.

Bisq for exchange will get easier over the next 5 years or so, too.

We would use a multi-gateway round robin setup for volume over 50k per month. I'm more than willing to point you in the right direction.

There are other payment processors other than Stripe....

Ever heard of CCBill?

Probably cause Stripe likes money?

OnlyFans isnt a porn site in the same way that Twitter isnt a porn site. Many of the high profile users are in the adult industry but people use onlyfans for other types of content as well.

They are NOT using Stripe. Stripe has a no porn rule because they want to go public at some time and everything needs to look clean, also on their customer side. Also their (Stripe) backend banks don't tolerate porn.

Also there is not only Stripe out there!

Btw. you are in the wrong forum. Look on gfy.com forum for example