Well so much for that. Already lost. The system is utterly fucked and broken. @stripe 48-page evidence package. Easy to read, Table of contents, filled with visuals (a junior bank employee could easily understand everything). The customer used the product for 49 days, was logged in 13 hours before filing the chargeback, then canceled the subscription 5 hours after the dispute was already filed. *Technically they are still ACTIVE. Here's everything we submitted: PAYMENT INTEGRITY • AVS postal-code check: PASS • CVC check: PASS • Stripe Radar score: Normal (22 / low risk) • Auth success rate on customer email: 100% • Card brand, last-4, fingerprint, exp, billing ZIP all confirmed by issuer CUSTOMER USE POST-CHARGE • 35 distinct active days in 49 days • 393 authenticated session-refresh events • 17 long-form SEO articles generated • 18 AI images generated • 3 WordPress sites configured (admin credentials added) • 4 Google accounts authenticated via OAuth • Customer added their own paid OpenAI API key (BYOK) • 4 team members added TIMING • 49 days between charge and dispute • Logged into the dashboard 13 hours BEFORE filing the chargeback • Canceled the subscription 5 hours AFTER the dispute was filed INDEPENDENT IP CORROBORATION • Stripe captured IP at checkout: Manchester, UK • Microsoft Clarity captured 22 of 38 sessions over 60 days: also Manchester, UK • Two unrelated 3rd parties placing the same person in the same city across payment + 60 days of authenticated use THE KICKER - THE CUSTOMER'S OWN PUBLIC WEBSITE CURRENTLY DEPENDS ON OUR PRIVATE CDN • Articles generated on his account are LIVE on his own public WordPress sites • Page source contains img tags pointing INSIDE our private R2 bucket • Last-Modified headers on those CDN files match the EXACT minute his account generated them • Currently fetched by every visitor to his website CRYPTOGRAPHIC IDENTITY CHAIN (Automattic / Gravatar) • Every WordPress author avatar = SHA-256(author email) • 3 of his sites, 3 perfect SHA-256 matches against the gmail addresses in our DB • Automattic has no relationship with us, the customer, or the bank • Effectively unforgeable email-to-WP-admin binding DOMAIN OWNERSHIP (third-party attestation) • Google Search Console verified ownership on 4 separate domains • Public WHOIS: 2 of his domains registered 9 SECONDS APART through the same registrar account • Both registered 5 MONTHS BEFORE he bought our subscription • Pre-existing content business, not a stolen-card test VISA CE 3.0 ELIGIBLE • Same payment credential had a $0.00 trial-start invoice marked "paid" 7 days before the disputed charge • Same customer, email, payment method, subscription • Exactly the prior-undisputed-transaction proof Visa CE 3.0 requires The chargeback dispute system is broken.
