I have background here and can take a pretty good guess at what happened. You used a Brex card, which Google sees as a “privacy card.” These are often used by scammers trying to circumvent Google blocking their credit card account numbers.
The solution here is to never use a hidden or “privacy” card number with Google, although of course Google will never tell you that or confirm or deny this. I only know this due to working with clients in this area.
You can try removing that card and adding a regular hard card number and asking for a reinstatement again, but it may be too late for this account.
Hopefully this helps folks reading this to not make the same mistake (although it’s incredibly frustrating that stuff like this has to be learned by trial and error or knowledge from those of us who have dealt with this previously.)
> of course Google will never tell you that or confirm or deny this
This is my problem with de facto utilities that are not regulated like utilities. Google can have enormous impact on your business and personal life but you cannot get proper communications with them. If something goes wrong you can't fix it, even if it's your fault because often you don't know what you did wrong. If it's their mistake, you might get a chance if your issue gets attention by a large audience.
It feels like there should be a legal recourse where you get compensated for damages due to service design choices of the utility. I'm sure in many places you can get compensated if the energy company cuts your electricity and doesn't clearly say the reason and what you can do about it.
You can lose your business, you can loose access to your digital assets that you built all your life and for what? So that some employees at Google can have easier time managing an issue(not disclosing the reason for account restrictions probably makes the scammers life harder too and you are just a collateral damage that doesn't even show up in the analytics).
Can you imagine E.ON cutting off the energy of the English futbol fans because it's easier for them to internally manage the surges during the games due to the tea kettles and not give them any explanation whatsoever?
Edit: Interestingly, UK GDPR seems to have some protections agains automated decision making[0].
So that some employees at Google can have easier time managing an issue(not disclosing the reason for account restrictions probably makes the scammers life harder too
Yet, while this is often the cited reason, it is simply not true.
There is no way on Earth, that scammers don't find out about such restrictions trivially, easily. So all this really does, is inconvenience the honest, and do zip, zero, nada to hassle the miscreants.
edit: more thought here, likely this is just an excuse, to not properly train reps, or to not deal with the issue at all.
It is the equiv of "think of the children!", but corp speak instead of politi speak. "Sorry for the bad service, security issue!"
Any company with revenue greater than a certain amount, like a billion a year, or even way less, should fall into some category of public regulation that sets certain standards for consumer support.
I agree, We need legal measures. Imagine OP getting the Google Account itself banned then the only hope is to write a blog and pray that it makes to the front page of HN. It's ludicrous that we've accepted that if the Internet service is operating at scale, There would be no mechanism in place to address the customer's grievances even if that customer is an advertiser.
The first time I tried using Microsoft Ads, I used a debit card in which foreign payments wasn't enabled and as soon as I clicked make payment my account was banned, No recourse through support just like how OP faced with Google. But that was in my past life, I don't want to see Ads, So I don't show Ads now.
I've been unable to close my Facebook Account, Because I couldn't take backup of my business page and there's no way to reach to them.
The GDPR is useless though because they don't tell you why.
You're just left guessing as to what the problem may have been, not that you can do anything even if you did know. I've had the same problem with eBay.
Problem is it encourages the very behaviour they want to stop. If you're going to have an account thats central to your business, but can get shut down at any time, it just encourages burner accounts so you aren't left high and dry when the inevitable happens.
This is a recipe for a dystopian bureaucratic nightmare .
As soon as it's illegal to make design mistakes, there will be no more innovation or updates, everything stays exactly as it is. The Department of Design Friendliness will audit you quarterly. Improvements get designed and approved by government committees. It's like a scene out of the movie Brazil.
There seems to be this mindset of a certain class of folks that feel these companies [Google, Apple, Microsoft, Amazon, Twitter, Facebook, Netflix, etc.] are somehow entrenched for centuries and the only option . They're not. They're barely 20 years old in most cases. That's nothing historically speaking. A third of them will be failing into niches over the next decade. Capitalism sucks in many ways, but it is really good at "creative destruction". True monopoly power is rare.
Many are extremely vulnerable to disruptive competition as most of their revenue is from a single source: ads. Take that away, and they crumble. As Facebook and Twitter are discovering now that Apple/iOS default to blocked app tracking. Google search quality has plummeted and people are turning to alternatives like Reddit.
Microsoft, Apple, Amazon are less vulnerable to ads, but they too have vulnerabilities.
Google isn't a utility: you don't need to use it, nor do most people. Google search is dying in favour of alternatives like Reddit. Google mail is only one of many options. Android phones are only one of many options.
The solution for a better service is to build (if you're an entrepreneur) and use (if you're a consumer) better services!
Experience has taught me they have no such qualms when keeping advertiser money whether or not they revoke publisher earnings.
As a teen (back in '09), I ran a domain parking network that was used by a modest number of users (about 50 users with ~300 domains total). At the time the Google AdSense TOS allowed any site that had "content" (there was no stipulation about it being original), so my network worked by displaying random wikipedia articles that are relevant (using a very simple algorithm) to the domain in question, along with several adsense blocks and a few other features. Each domain was also a fully functional wikipedia mirror, and content was properly attributed etc.. Anyway, most months I would get a payout of around $800 that I would then distribute to my users (I took a 20% cut). At 11:30 PM the night of payouts one month, they decided to change the TOS, revoke all of my earnings, and suspend my AdSense account. I sent an email to my users explaining the situation and I actually paid them all out-of-pocket for the missed earnings because I had the money to do so from doing random web design for local businesses and I felt quite bad -- some of my users were in dire rent situations, etc., and I was in regular contact with them so I wanted to make them whole even if it meant I would lose a good bit of money since I was a teenager without these sorts of problems.
Anyway, one of my friends ran his own online service (a network of web proxies) and he actually specifically advertised on my network because for some reason the traffic converted well for his particular service. I had him check his AdWords spend several weeks later and we discovered that he was never refunded for the ads that ran on my network, even though those earnings were taken away from me. In other words, at least back then Google probably didn't refund advertisers in cases of clickfraud, etc., unless the advertister specifically knew they were being defrauded. At least that's what appeared to happen based on the info I had access to haha. They are super shady.
The issues exist with normal non-anonymous cards also.
I'm currently having an issue because I used the same amex card on multiple Google accounts (within a corp gsuite instance), and I must have triggered something because now that card won't work anywhere with Google. And it fails with a useless "try again later error".
Same then happened with a standard visa card. These corporate cards haven't worked for over a year.
I wish they would just do some extra bit of verification rather than blacklist the cards without explanation.
Corporate cards have some of extra handling to deal with them. I know I tried to buy a WASD keyboard using a corp card, and their payment processor didn't let me use it either.
Looking around, it looks like when a Corp Card is issues (Capital one example[0]), they can lock the card to only be allowed with certain MCC (merchant category code). These are the codes that say what kind of product is being purchased. So it's possible the issuer of your corp card locked your card to certain MCCs. If your card in MCC locked, the merchant and processor likely won't know this until the payment has been tried, and there is a good chance the network/bank didn't send back a useful error code.
Keeping in mind my perspective is as someone who helps clients with these—and I also have a tech company background, so I understand how anti-spam systems are built. I don’t have any inside knowledge.
Google likely uses privacy cards as one signal of whether an account is spammy. If you’re a customer who spends $1M a month with Google and you add a Brex card, it’s going to be far less likely to trigger an account suspension.
If, on the other hand, you’re this guy, with a brand new account and you start off with a privacy card, that puts their internal systems over the threshold for what they consider “spam” - bam, instant suspension.
I don’t think this is personally fair to new customers. Unfortunately, Google is always going to be geared to large customers and not to smaller ones. Most smaller companies will never encounter this situation anyway since they will use hard cards.
Google has an internal policy of not talking about anything related to enforcement. They've banned and ghosted their own business partners, not to mention their own employees' husbands, with zero explanation. This isn't anything new either; you can find examples of it going all the way back to the company's founding.
The underlying logic seems to be to lay traps and pitfalls for bad actors to fall into rather than having a transparent and evenly-enforced set of rules. i.e. if we tell scammers they can't use privacy cards, instead of just silently banning anyone who uses them, then how can we tell scams apart from real users?
The goal is to capture as much revenue as possible. A company would never intentionally limit their revenue intake unless it was absolutely detrimental to the business. Inconveniencing the few customers who use these cards most likely doesn't show up on their radar.
> The solution here is to never use a hidden or “privacy” card number with Google
The author regularly uses the same CC with many other google services
> The same credit card on the account, a corporate Mastercard from Brex, is attached to Google Cloud, Google Workspace, and Google Domains. Collectively, Google services have successfully charged that same card over $2,000 since that email.
Google Ads is a separate division with separate policies, separate payment infrastructure, and separate fraud detection systems. Don't try and make sense of it; it's inscrutable on purpose.
Aren't bans from Google services always eternal in the sense that trying to circumvent them by e.g. creating different accounts just gets you in even hotter water? Plus, it is very easy to detect when someone reinstates an ad (or Play Store app / YouTube channel) for something that was already banned under a different account.
If you make a new account just make sure the recovery phone number and email address aren't ones which have a bad history.
If you want to make a new ads account make sure in addition the postal address doesn't match a bad one.
If you want to make a new payments account, make sure none of the credit card numbers in the account match a bad one.
Note that because different teams within Google don't talk to one another, you don't for example need a new postal address if the issue is on the payments side.
I use a normal credit card that I use everyday and they canceled my account for no reason that I can see at all. No reason. No appeal. And they keep sending me email to create ads! This is despite paying for google domain, apps, and google drive space forever.
Can you imagine a company treating you like this in person?
Like say you walked into Wal*Mart and selected some merchandise from the shelf, then walked to the register and paid using a Vanilla Visa card, as you noted there was a Visa sticker on the door when you entered. While you are picking up your bag from the bagging area a security guard roughly picks you up and throws you out the door and tells you to never come back. You ask why but their only response is "You were being suspicious."
I have actually seen this multiple times - a very common thing, at least in the US, is using gift card magstripes for cloning stolen card track data onto.
This is mostly irrelevant in countries that use chip and pin.
You probably have enough history with Google to get away with it.
What they likely do is have several flags that push an account closer to being autobanned, so it's not just one thing, but a combination that gets you knocked out. I'd imagine a list like:
Using scammer friendly credit card: -10 points
Used a TOR exit node: -20 points
Account age < 2 years: -15 points
Account spend < $1000US: -10 points
Service being advertised is not well known to Google's data mining: -10 points
etc...
Get enough demerits and your account is toast, and since people are expensive once a bot flags the account you don't really have a recourse. Ironically if you want your ad to continue to run the best people to talk to probably isn't Google's tech support but black market scammers who have built and industry around understanding and circumventing these protections.
This is your best bet, because you used a some kind of burner/debit card.
Google does indeed discriminate on your payment method.
Most likely due to them having too much data to process they analyze the data from abusers and these kind of cards seem to stick out like a sore thumb.
That's not true, it's their choice not to process the data manually.
Google loves to leverage developers and code to fix every problem, including (especially?) customer service. In particular, they hate manual labor and seek to automate everything -- which is a horrible approach when it's applied unilaterally to all aspects of business relationships and customer service.
At some point, Google needs to grow up and learn that being clever only takes you so far. As it is, Google leaders seem to love computers and money, not people. I'd wager 20:1 that anyone at Google reading this thread takes action by tweaking algorithms, not by restructuring the company to help customers in person.
Burner/single use. Maybe it is different in different countries but Google do allow debit cards. Company credit cards are not standard in large parts of EU for instance.
Anyone know of a way to know if one's credit card is classified this way? The author was using the corporate card they were issued... and presumably hadn't sought out a "privacy card", a term I never heard before today.
Brex has a feature where you can create vendor-specific cards, which I think is what's being referred to as the “privacy” feature. It makes it less disruptive to disable a card if a vendor leaks it, because it only interrupts payments to that vendor instead of having to update your card with every vendor.
I wasn't using that feature here, but it might be the case that the information that arrives at Google is just the issuer so they classify all Brex cards as “privacy” cards?
For corporate cards (and I beleive gift cards and debit, no idea about privacy cards they didn't exist yet) when I wrote this sort of software way back you could identify by card ranges/format (that was the case in the past), just like how you identify if a card is Visa, Mastercard, Amex. A Visa subrange will be corporate, restricted purchase, etc. So for example, a trucker can have a corporate card that works to purchase gas outside but not the CStore inside.
If you know someone who write's merchant software they should be able to get you the ranges from their payment processor's specs.
That is extremely frustrating. I use a "privacy" card (issued by privacy.com) to containerize my monthly subscription spend, as I don't feel comfortable with any company having the ability to charge my actual card (which is a legit card). I'm using one with YouTube TV. I'll be pissed if they suspend my account because of this. There has to be a better way.
Nobody cares. Google, a 1,3 trillion company, a gargantuan gatekeeper, the 3 letter acronym factory can't give you a proper error message :D. And they smear it right into your face. They don't care about you. Just give them your money and shut the F up. That's all.
And people try to sort it out. I mean what's wrong with people? :DDDD
I have had similar problems using many platforms. I use virtual cards whenever I can to achieve better security and control of expenses (compartmentalization). I have given some companies my real name and address but used a virtual card, and then they locked my account later. This situation seems to be ramping up due to the escalating financial war with Russia. It would certainly be helpful if companies would tell us up front that if we use a payment card that cannot be firmly tied to our identity, they will lock the account afterwards. This would allow us to go somewhere else without wasting all the time to setup the account.
So, I've started using LibreFox recently. Signed up for IBM Cloud after verifying my credit card and lo and behold, an account suspension letter was delivered after an hour. I guess it has something to do with their algorithm triggering accounts signed up using privacy focused browsers.
I have had nearly this exact experience, marketing a small SaaS.
A sudden ads suspension arrived, with no explanation beyond "suspicious payments". This from the same billing account used with GSuite, Domains, GCP; and from a business that was having no trouble running ads on FB, Twitter, and Reddit. "How silly, but I'm sure we can get it fixed".. I thought.
Like OP I'm also a Xoogler, so after two rounds of unsuccessful appeals through the front door (including updating my payment account to a hard card, providing articles of incorporation, and so on, to no avail), I figured it was time to call in my first ever favor. Surely one of my old-timer engineer buddies could thunk a ticket somewhere and maybe we'd help them fix a bug in some automated system in the process.
But the Google of 2022 is far different than the earlier days. It seems individual employees, even well-placed engineers, have incredibly and increasingly limited agency to fix things outside their immediate purview; a wiki about internal escalations for ads suspension stated they were no longer accepted, vaguely for reasons of "compliance".
On the bright side, the whole episode made me rethink and ultimately diversify our technology dependency on Google. I was naive not to do so more seriously and earlier.
I'm feel reasonably sure that Google has introduced some kind of internal policy against employees helping out or publicly commenting on such matters.
Anyone who has read the comments of a few of these types of articles on HN over the years might recall that in the past, there was almost invariably would be a comment starting with "Hi, Googler here!" offering some help. I don't recall seeing any comments like that in the past 6 months or longer.
Understandable to prohibit public commentary/shows of assistance; but that wasn't at issue here.
What I sought was someone to escalate the details in a ticket & get eyes on a likely false positive -- from a very friendly/technical customer (me). The buddies I asked, admittedly not on Ads risk engineering, looked around, hit walls, and gave up.
Given the amount of chaos the insider help can cause, I'm not surprised they would do that. There was a video I can't find now doing rounds on twitter with girls saying how they used relationships/sex with instagram employees to get their accounts unblocked. Companies are likely aiming for more accountability than that.
Ads fraud is generally a no-op from internal escalations though, something that personally I won't touch unless I know the person.
As I see it, Ads generally won't ban an account that has historical spend even if they see something lightly suspicious, and that's where the business is. With smaller spenders, new accounts, and various other flags, your risk of cancellation is _significantly_ higher, but Google's risk is lower since they didn't have the spend already.
Every company should have a clear policy against jumping into these kinds of support claims outside of established channels, because they are the main vector for social engineering.
There are reasons that accounts get suspended and whether or not those reasons are perfect, having humans reach in and jerk around with the system is much less perfect.
I've tried to have my Google Play developer account unsuspended by reaching out to a friend at Google and also had no luck. My initial ban was for "After a regular review we have determined that your app interferes with or accesses another service or product in an unauthorized manner. This violates the provision of your agreement with Google referred to above". I had two different apps using this API so that earned me two strikes in one go and then a ban for 'multiple violations'.
So much of many people's digital identity depends on Google/Apple (or FB/Twitter/etc). This is a huge dependency problem.
Clearly Google doesn't want to do support, but this seems like an opportunity to me. If they offer in-house (US based) support that can actually resolve the issue for a fee, they would improve countless users' lives. Actual support would be infinitely better than the current black hole of oblivion any time an automated processes flags something.
( I realize paying for support isn't popular, but it seems like the only way 1.) Google would care about helping you and 2.) reduce support ticket volume. )
It is great that engineers can choose between multiple services, but advertisers have far fewer options. Getting banned from Google means you lose Google search, Youtube, almost all of the display ads on the open web and most of the ad slots on android apps.
It is devastating and there is nothing you can do about it.
We decided to focus on other online acquisition channels, FB and Instagram working best. For this product, it turns out offline channels convert better anyway - so it was a suspension we could live with, despite not understanding it.
But I could imagine how distressing this would be for a business more dependent on search. And you can find lots of small business owners and indie hackers with such stories if you start looking..
It feels like every month or so there is another story like this about Google's customer support. For me it is one of the reasons I will *never* build on Google Cloud.
Combine this with their propensity to randomly shut down services and also jack up the prices of things by some wild amount overnight with no warning or justification. (Google Maps API and Kubernetes control plane.)
I would never consider risking all of my work on Google's reputation which is a shame because I'm sure the services themselves work relatively well. It feels like everyone outside of google is widely aware of these issues but everyone inside is completely blind to them.
Side Note: has anyone ever "won" an appeal with Google or does the system deny 100% of appeals?
Google doesn't know how to do any non-competing product ... they ether build the best in class, and scale it so much that the edge cases don't matter or compete and lose each time from smartphones to cloud to all the services where it wasn't google in the lead by far.
What I understood from people who work there it's impossible to even know how's responsible for what, so chaotic organizational structure and lake of accountability / ownership / freedom to take something to the finish line.
I won an appeal for suspicious payment. But my account is still suspended because it thinks I have unpaid balances, which I do not. They've ignored this appeal for 3 weeks.
"The other issue with Google is there is no button I can push to send an email to complain to Google about my terrible user experience or to get support with improving it. Larry Page should be reading such an inbox, because this is a huge weakness for Google and they probably don't even realize how bad it stinks. "
It seems like the way to win an appeal with Google is to somehow get in the internal escalation queue, usually by knowing an engineer or getting lucky on HN or similar.
This has not been true for years. My google ads account was blocked, I had several google engineer friends create internal tickets for my case, and none of it worked out.
Even cynical me would think this isn't true, but willing to be shown differently.
However, I would be willing to believe that it's just laziness in how they are trying to protect themselves from something that has a similar look to known existing behaviors to malicious users. If an account shows any behavior that matches the same activity patterns that has been used by malicious users in the past, just shut down that account. The laziness comes from how they handle those accounts once flagged in that they just shut them down. The non-lazy method would probably not scale well, so they again chose the lazy way to not do anything else.
I think Hanlon's razor applies here. Any benefit would be overwhelmed by the reputational damage of "if you use Google there's a non-zero chance they'll completely rugpull you for no reason and with no possibility of appeal".
I'm slowly leaning more and more towards "It's unacceptable to ban a user without providing EXACT details about why they were banned".
I understand that this is a cat and mouse game of abuse by these companies - I no longer care.
I'm utterly disgusted when the company in question is a monopoly (and to be clear: Google is a monopoly in search, and it should have been addressed years ago - except the US government is crippled and dysfunctional)
I don't mind some sanity checks around the process (the most obvious and foolproof: Make a representative show up in person at a company location) but this whole "Appeal and get auto-denied with no explanation" bullshit needs to stop.
I'm leaning this way too. I've read and understand the counterargument - "if we tell the bad actors why we banned them, it will give them explicit help on new ways to scam us." You know what? Too bad.
Here's my best analogy: If you run a jewelry store, yes, you can have hidden cameras and silent alarms and lots of things so the bad guys don't know what your defenses are. But also, sometimes a big person with a big weapon standing at the doorway is fine too. It very clearly tells people what your defenses are, and that's OK.
To build on that in Google's case: If they just said "Sorry, your payment via Brex triggered some of our security policies because lots of bad actors use Brex", then yes, bad actors would stop using Brex and look for other methods to defraud. Is that a....bad thing?
There would probably be a lawsuit coming from Brex if that was written down, so it would just expose Google to additional liability.
It's the kind of situation where the correct decision for Google is to not reveal anything, as it just adds risk on their end for not much gain, but at the same time, we're all losing because everyone is subject to random acts of overzealous algorithms with no clear understanding of what happened, candidates don't get interview feedback if they fail the interview, executives never apologize for anything because that would be admitting guilt, and so on. But hey, we minimized liability!
I 100% agree with this. I also think it should apply to things like error codes from applications.
The bad actors will figure it out anyway because that is their day job. So the people who get harmed are the innocents who don't want to fight in some information war just to run an ad.
I had basically this exact experience. I finished a no-profit side project and wanted to get some traffic to it so I started a small campaign. I was immediately suspended for suspicious payment.
After literally months of trying to convince them I was the owner of the account and the payment methods, I succeeded by finally sending pictures of credit cards on the accounts (not secure, I gave up) and also just deleting every campaign. I'm not sure which one had an effect -- it was just me throwing pasta against a wall.
I was relieved, BUT! my account is still suspended. Why? It says I have an unpaid balance.
I thought this would be an easy suspension to appeal. Well, I submitted it on July 7, and still no action. Here's there message of responding within 5 business days:
I once tried to call the company, but they refused to talk to me because my account was suspended. There's no way out but to somehow convince them to unsuspend, and in my case, that didn't even work.
It's truly the worst customer experiences I've ever had.
> the Kafkaesque experience makes me think question our reliance on other Google services, like Cloud and Workspace
This last paragraph should really give pause for thought to anyone at Google whose OKRs involve revenue from non-Enterprise business customers.
Anecdotally speaking - I've considered running Google ads for my company more than a few times, and every single time the thought of a spurious "account violation" for those ads spreading and knocking out our Workspace and Cloud accounts has stopped me doing so - and I've spoken to a fair few other business owners who have reasoned likewise.
I believe something similar happened with IBM. In the 90s, IBM was a household brand name that ranked up there with Coca Cola. Even in 2007 it was 5th on the Global 500 [1].
However, IBM pulled out of the consumer market. Watson on Jeopardy (c 2011) was their last public stunt. Their TV commercials became more and more abstract and eventually they were out of mind for the average person. So as one day, people no longer thought of IBM when they thought about who can solve big technology problems.
Of course, IBM suffers from many other problems, but I think you're on to something about the importance of doing consumer well to support your enterprise business when you're a large tech company.
This is absolutely on the mark. When I worked at IBM, we would do community outreach in area schools. None of the kids we were mentoring had even a clue about IBM. Only the older teachers even remembered IBM. This was a bracing experience. The brand had been destroyed by not having any customer facing products.
I'm concerned that we might hire someone who worked for a company that got blocked by Google. Would they block us if that person signed in from the same IP they used previously? Should we expect prospective hires to a) know about these blocks and b) disclose them to us?
This is almost my exact experience trying to run ads on Facebook. I created a Facebook ad campaign that was immediately suspended. The reason was I selected ads to be shown on Instagram, but the Facebook entity I was advertising from didn't have a Instagram account.
Okay, problem with their tool in my opinion. It shouldn't let you select running ads on Instagram if you don't have an Instagram account... But anyway I get the account unlocked via customer service and try to edit the ad to remove Instagram integration.
Account immediately locked again. Contact customer support again and they can't tell me why it's locked but they're able to unlock it for me.
This time I delete the old ad campaign and try to start a new one. Account immediately locked again. Third time I contact customer service and they won't tell me why the account was locked.
Since it's the third time, my account is permanently locked out and I'm no longer allowed to run ads on Facebook.
Afaik I did nothing wrong and didn't break any of their rules.
created fb account to use for ads, created a business page per their instructions, used an ad creative generated by their system from my website, few days later whole deal gets shut down for unspecified policy violation
nuts part is they don't know or can't say which policy
as best I can tell my business page was shut down for bad ads, and my ad was taken down for a bad business page
wondering if fb implicitly has the same policy twitter used to have explicitly, where you need to have an established presence w/ real activity before they'll let you advertise
If you are big enough to matter to Google, you will have a legal department. Your legal department will resolve this stuff by contacting Google's legal department. Even as a small customer, detailing the issue and contacting the general counsel may get you some mileage. Getting stuck in the automated appeal denial loops for these companies is unlikely to ever get you anywhere. But legal > tech when it comes to ultimate authority to resolve disputes.
I also wonder if discrimination plays into this. As in, I don't know if it's legal to exclude certain payment methods. For example, in the US there's a law that businesses can't charge a premium for credit over cash, but there was an exception for gas stations to offer a cash discount.
Brex itself might want to confront Google about the legalities of discriminating against their customers.
This has become a rampant enough problem that a startup could make a lot of money acting on behalf of businesses which have experienced losses due to large corporate behemoths selectively denying them service for dubious reasons.
Also if Google really does control 90% of the ad market, then this sort of situation is just exactly the ammo needed for an antitrust case. Google should be paying more attention to this for its own sake. Of course, with the US Supreme Court how it is, Google's probably confident that absolutely nothing will happen to it. If someone can read all of this and not understand what a great tragedy that is, then I just don't know what else to say. It's probably over and we may never see ourselves free of monopoly abuses like this.
> in the US there's a law that businesses can't charge a premium for credit over cash
This was actually typically just part of the contract merchants signed with credit card providers and was abandoned around 2013 after a law suit, AFAIK. There were about a dozen state laws that prohibited it, but most were thrown out after Expressions Hair Design v. Schneiderman said it might violate the First Amendment.
It's obviously legal to exclude certain payment methods. Costco only takes Visa payments. Lots of places refuse checks or high-value bills. Some places don't take Discover or Amex, especially in the EU. Essentially nobody takes cryptocurrencies or payments in kind. A few states have laws that say businesses must take cash, but otherwise you have the freedom to require payment as you like. I can't walk into your store and force you to accept Iraqi dinars as payment.
I wonder if reporting them to the FTC for fraud would have any effect? They're telling people that there is suspicious payment activity when no payments were made or even tried. That's simply a lie.
Readit News
The solution here is to never use a hidden or “privacy” card number with Google, although of course Google will never tell you that or confirm or deny this. I only know this due to working with clients in this area.
You can try removing that card and adding a regular hard card number and asking for a reinstatement again, but it may be too late for this account.
Hopefully this helps folks reading this to not make the same mistake (although it’s incredibly frustrating that stuff like this has to be learned by trial and error or knowledge from those of us who have dealt with this previously.)
This is my problem with de facto utilities that are not regulated like utilities. Google can have enormous impact on your business and personal life but you cannot get proper communications with them. If something goes wrong you can't fix it, even if it's your fault because often you don't know what you did wrong. If it's their mistake, you might get a chance if your issue gets attention by a large audience.
It feels like there should be a legal recourse where you get compensated for damages due to service design choices of the utility. I'm sure in many places you can get compensated if the energy company cuts your electricity and doesn't clearly say the reason and what you can do about it.
You can lose your business, you can loose access to your digital assets that you built all your life and for what? So that some employees at Google can have easier time managing an issue(not disclosing the reason for account restrictions probably makes the scammers life harder too and you are just a collateral damage that doesn't even show up in the analytics).
Can you imagine E.ON cutting off the energy of the English futbol fans because it's easier for them to internally manage the surges during the games due to the tea kettles and not give them any explanation whatsoever?
Edit: Interestingly, UK GDPR seems to have some protections agains automated decision making[0].
[0] https://ico.org.uk/for-organisations/guide-to-data-protectio...
Yet, while this is often the cited reason, it is simply not true.
There is no way on Earth, that scammers don't find out about such restrictions trivially, easily. So all this really does, is inconvenience the honest, and do zip, zero, nada to hassle the miscreants.
edit: more thought here, likely this is just an excuse, to not properly train reps, or to not deal with the issue at all.
It is the equiv of "think of the children!", but corp speak instead of politi speak. "Sorry for the bad service, security issue!"
No, this is your problem with monopolies. The fix is anti-trust enforcement, not slapping the word "utility" around.
The first time I tried using Microsoft Ads, I used a debit card in which foreign payments wasn't enabled and as soon as I clicked make payment my account was banned, No recourse through support just like how OP faced with Google. But that was in my past life, I don't want to see Ads, So I don't show Ads now.
I've been unable to close my Facebook Account, Because I couldn't take backup of my business page and there's no way to reach to them.
I totally see that. But on the flip side we see utilities like phone companies unable to block abusive robocalls and scammers.
(My thoughts are my own, and they are rarely well-formed)
Only if you let them. Life without a Google account doesn’t require meaningful sacrifice.
Perhaps Brex is miscategorized as a privacy card.
There is absolutely nothing that Google offers that you can’t get from somewhere else.
You're just left guessing as to what the problem may have been, not that you can do anything even if you did know. I've had the same problem with eBay.
Problem is it encourages the very behaviour they want to stop. If you're going to have an account thats central to your business, but can get shut down at any time, it just encourages burner accounts so you aren't left high and dry when the inevitable happens.
Dead Comment
As soon as it's illegal to make design mistakes, there will be no more innovation or updates, everything stays exactly as it is. The Department of Design Friendliness will audit you quarterly. Improvements get designed and approved by government committees. It's like a scene out of the movie Brazil.
There seems to be this mindset of a certain class of folks that feel these companies [Google, Apple, Microsoft, Amazon, Twitter, Facebook, Netflix, etc.] are somehow entrenched for centuries and the only option . They're not. They're barely 20 years old in most cases. That's nothing historically speaking. A third of them will be failing into niches over the next decade. Capitalism sucks in many ways, but it is really good at "creative destruction". True monopoly power is rare.
Many are extremely vulnerable to disruptive competition as most of their revenue is from a single source: ads. Take that away, and they crumble. As Facebook and Twitter are discovering now that Apple/iOS default to blocked app tracking. Google search quality has plummeted and people are turning to alternatives like Reddit.
Microsoft, Apple, Amazon are less vulnerable to ads, but they too have vulnerabilities.
Google isn't a utility: you don't need to use it, nor do most people. Google search is dying in favour of alternatives like Reddit. Google mail is only one of many options. Android phones are only one of many options.
The solution for a better service is to build (if you're an entrepreneur) and use (if you're a consumer) better services!
As a teen (back in '09), I ran a domain parking network that was used by a modest number of users (about 50 users with ~300 domains total). At the time the Google AdSense TOS allowed any site that had "content" (there was no stipulation about it being original), so my network worked by displaying random wikipedia articles that are relevant (using a very simple algorithm) to the domain in question, along with several adsense blocks and a few other features. Each domain was also a fully functional wikipedia mirror, and content was properly attributed etc.. Anyway, most months I would get a payout of around $800 that I would then distribute to my users (I took a 20% cut). At 11:30 PM the night of payouts one month, they decided to change the TOS, revoke all of my earnings, and suspend my AdSense account. I sent an email to my users explaining the situation and I actually paid them all out-of-pocket for the missed earnings because I had the money to do so from doing random web design for local businesses and I felt quite bad -- some of my users were in dire rent situations, etc., and I was in regular contact with them so I wanted to make them whole even if it meant I would lose a good bit of money since I was a teenager without these sorts of problems.
Anyway, one of my friends ran his own online service (a network of web proxies) and he actually specifically advertised on my network because for some reason the traffic converted well for his particular service. I had him check his AdWords spend several weeks later and we discovered that he was never refunded for the ads that ran on my network, even though those earnings were taken away from me. In other words, at least back then Google probably didn't refund advertisers in cases of clickfraud, etc., unless the advertister specifically knew they were being defrauded. At least that's what appeared to happen based on the info I had access to haha. They are super shady.
I'm currently having an issue because I used the same amex card on multiple Google accounts (within a corp gsuite instance), and I must have triggered something because now that card won't work anywhere with Google. And it fails with a useless "try again later error".
Same then happened with a standard visa card. These corporate cards haven't worked for over a year.
I wish they would just do some extra bit of verification rather than blacklist the cards without explanation.
Corporate cards have some of extra handling to deal with them. I know I tried to buy a WASD keyboard using a corp card, and their payment processor didn't let me use it either.
Looking around, it looks like when a Corp Card is issues (Capital one example[0]), they can lock the card to only be allowed with certain MCC (merchant category code). These are the codes that say what kind of product is being purchased. So it's possible the issuer of your corp card locked your card to certain MCCs. If your card in MCC locked, the merchant and processor likely won't know this until the payment has been tried, and there is a good chance the network/bank didn't send back a useful error code.
[0] PDF: https://www.capitalone.com/commercial/decomm/media/doc/treas...
Deleted Comment
Okay. I get the why, but not put that in your TOS or just block it by default then? Should save a huge amount of time/trouble on both sides.
Google likely uses privacy cards as one signal of whether an account is spammy. If you’re a customer who spends $1M a month with Google and you add a Brex card, it’s going to be far less likely to trigger an account suspension.
If, on the other hand, you’re this guy, with a brand new account and you start off with a privacy card, that puts their internal systems over the threshold for what they consider “spam” - bam, instant suspension.
I don’t think this is personally fair to new customers. Unfortunately, Google is always going to be geared to large customers and not to smaller ones. Most smaller companies will never encounter this situation anyway since they will use hard cards.
The underlying logic seems to be to lay traps and pitfalls for bad actors to fall into rather than having a transparent and evenly-enforced set of rules. i.e. if we tell scammers they can't use privacy cards, instead of just silently banning anyone who uses them, then how can we tell scams apart from real users?
The author regularly uses the same CC with many other google services
> The same credit card on the account, a corporate Mastercard from Brex, is attached to Google Cloud, Google Workspace, and Google Domains. Collectively, Google services have successfully charged that same card over $2,000 since that email.
Aren't bans from Google services always eternal in the sense that trying to circumvent them by e.g. creating different accounts just gets you in even hotter water? Plus, it is very easy to detect when someone reinstates an ad (or Play Store app / YouTube channel) for something that was already banned under a different account.
If you make a new account just make sure the recovery phone number and email address aren't ones which have a bad history.
If you want to make a new ads account make sure in addition the postal address doesn't match a bad one.
If you want to make a new payments account, make sure none of the credit card numbers in the account match a bad one.
Note that because different teams within Google don't talk to one another, you don't for example need a new postal address if the issue is on the payments side.
Like say you walked into Wal*Mart and selected some merchandise from the shelf, then walked to the register and paid using a Vanilla Visa card, as you noted there was a Visa sticker on the door when you entered. While you are picking up your bag from the bagging area a security guard roughly picks you up and throws you out the door and tells you to never come back. You ask why but their only response is "You were being suspicious."
The customer is left bewildered, angry, and hurt.
This is mostly irrelevant in countries that use chip and pin.
What they likely do is have several flags that push an account closer to being autobanned, so it's not just one thing, but a combination that gets you knocked out. I'd imagine a list like:
Get enough demerits and your account is toast, and since people are expensive once a bot flags the account you don't really have a recourse. Ironically if you want your ad to continue to run the best people to talk to probably isn't Google's tech support but black market scammers who have built and industry around understanding and circumventing these protections.Google does indeed discriminate on your payment method.
Most likely due to them having too much data to process they analyze the data from abusers and these kind of cards seem to stick out like a sore thumb.
That's not true, it's their choice not to process the data manually.
Google loves to leverage developers and code to fix every problem, including (especially?) customer service. In particular, they hate manual labor and seek to automate everything -- which is a horrible approach when it's applied unilaterally to all aspects of business relationships and customer service.
At some point, Google needs to grow up and learn that being clever only takes you so far. As it is, Google leaders seem to love computers and money, not people. I'd wager 20:1 that anyone at Google reading this thread takes action by tweaking algorithms, not by restructuring the company to help customers in person.
I wasn't using that feature here, but it might be the case that the information that arrives at Google is just the issuer so they classify all Brex cards as “privacy” cards?
If you know someone who write's merchant software they should be able to get you the ranges from their payment processor's specs.
And people try to sort it out. I mean what's wrong with people? :DDDD
Just give your money to someone else.
So, I've started using LibreFox recently. Signed up for IBM Cloud after verifying my credit card and lo and behold, an account suspension letter was delivered after an hour. I guess it has something to do with their algorithm triggering accounts signed up using privacy focused browsers.
What's the user agent for LibreFox?
Deleted Comment
this sounds like security by obscurity. Why are people ok with this?
Deleted Comment
A sudden ads suspension arrived, with no explanation beyond "suspicious payments". This from the same billing account used with GSuite, Domains, GCP; and from a business that was having no trouble running ads on FB, Twitter, and Reddit. "How silly, but I'm sure we can get it fixed".. I thought.
Like OP I'm also a Xoogler, so after two rounds of unsuccessful appeals through the front door (including updating my payment account to a hard card, providing articles of incorporation, and so on, to no avail), I figured it was time to call in my first ever favor. Surely one of my old-timer engineer buddies could thunk a ticket somewhere and maybe we'd help them fix a bug in some automated system in the process.
But the Google of 2022 is far different than the earlier days. It seems individual employees, even well-placed engineers, have incredibly and increasingly limited agency to fix things outside their immediate purview; a wiki about internal escalations for ads suspension stated they were no longer accepted, vaguely for reasons of "compliance".
On the bright side, the whole episode made me rethink and ultimately diversify our technology dependency on Google. I was naive not to do so more seriously and earlier.
Anyone who has read the comments of a few of these types of articles on HN over the years might recall that in the past, there was almost invariably would be a comment starting with "Hi, Googler here!" offering some help. I don't recall seeing any comments like that in the past 6 months or longer.
What I sought was someone to escalate the details in a ticket & get eyes on a likely false positive -- from a very friendly/technical customer (me). The buddies I asked, admittedly not on Ads risk engineering, looked around, hit walls, and gave up.
I mean, 4 months ago, I posted this: https://news.ycombinator.com/item?id=30401241#30402432
Ads fraud is generally a no-op from internal escalations though, something that personally I won't touch unless I know the person.
As I see it, Ads generally won't ban an account that has historical spend even if they see something lightly suspicious, and that's where the business is. With smaller spenders, new accounts, and various other flags, your risk of cancellation is _significantly_ higher, but Google's risk is lower since they didn't have the spend already.
There are reasons that accounts get suspended and whether or not those reasons are perfect, having humans reach in and jerk around with the system is much less perfect.
They say to submit an appeal at https://play.google.com/console/appealsForm?ts=BMS but if your account is banned you are also unable to access the appeal form.
I really wish there was a time limit on these things instead of a ban for life situation.
Clearly Google doesn't want to do support, but this seems like an opportunity to me. If they offer in-house (US based) support that can actually resolve the issue for a fee, they would improve countless users' lives. Actual support would be infinitely better than the current black hole of oblivion any time an automated processes flags something.
( I realize paying for support isn't popular, but it seems like the only way 1.) Google would care about helping you and 2.) reduce support ticket volume. )
It is devastating and there is nothing you can do about it.
What did you do about ads?
Ads is probably the hardest Google product/service to replace.
But I could imagine how distressing this would be for a business more dependent on search. And you can find lots of small business owners and indie hackers with such stories if you start looking..
Combine this with their propensity to randomly shut down services and also jack up the prices of things by some wild amount overnight with no warning or justification. (Google Maps API and Kubernetes control plane.)
I would never consider risking all of my work on Google's reputation which is a shame because I'm sure the services themselves work relatively well. It feels like everyone outside of google is widely aware of these issues but everyone inside is completely blind to them.
Side Note: has anyone ever "won" an appeal with Google or does the system deny 100% of appeals?
What I understood from people who work there it's impossible to even know how's responsible for what, so chaotic organizational structure and lake of accountability / ownership / freedom to take something to the finish line.
Just go against Google’s warning by creating new accounts hoping they don’t “get caught”?
"The other issue with Google is there is no button I can push to send an email to complain to Google about my terrible user experience or to get support with improving it. Larry Page should be reading such an inbox, because this is a huge weakness for Google and they probably don't even realize how bad it stinks. "
Deleted Comment
However, I would be willing to believe that it's just laziness in how they are trying to protect themselves from something that has a similar look to known existing behaviors to malicious users. If an account shows any behavior that matches the same activity patterns that has been used by malicious users in the past, just shut down that account. The laziness comes from how they handle those accounts once flagged in that they just shut them down. The non-lazy method would probably not scale well, so they again chose the lazy way to not do anything else.
I understand that this is a cat and mouse game of abuse by these companies - I no longer care.
I'm utterly disgusted when the company in question is a monopoly (and to be clear: Google is a monopoly in search, and it should have been addressed years ago - except the US government is crippled and dysfunctional)
I don't mind some sanity checks around the process (the most obvious and foolproof: Make a representative show up in person at a company location) but this whole "Appeal and get auto-denied with no explanation" bullshit needs to stop.
Here's my best analogy: If you run a jewelry store, yes, you can have hidden cameras and silent alarms and lots of things so the bad guys don't know what your defenses are. But also, sometimes a big person with a big weapon standing at the doorway is fine too. It very clearly tells people what your defenses are, and that's OK.
To build on that in Google's case: If they just said "Sorry, your payment via Brex triggered some of our security policies because lots of bad actors use Brex", then yes, bad actors would stop using Brex and look for other methods to defraud. Is that a....bad thing?
It's the kind of situation where the correct decision for Google is to not reveal anything, as it just adds risk on their end for not much gain, but at the same time, we're all losing because everyone is subject to random acts of overzealous algorithms with no clear understanding of what happened, candidates don't get interview feedback if they fail the interview, executives never apologize for anything because that would be admitting guilt, and so on. But hey, we minimized liability!
The bad actors will figure it out anyway because that is their day job. So the people who get harmed are the innocents who don't want to fight in some information war just to run an ad.
After literally months of trying to convince them I was the owner of the account and the payment methods, I succeeded by finally sending pictures of credit cards on the accounts (not secure, I gave up) and also just deleting every campaign. I'm not sure which one had an effect -- it was just me throwing pasta against a wall.
I was relieved, BUT! my account is still suspended. Why? It says I have an unpaid balance.
https://ibb.co/NYgz95H
What do my balances read? 0.00
https://ibb.co/FWKxfVZ
I thought this would be an easy suspension to appeal. Well, I submitted it on July 7, and still no action. Here's there message of responding within 5 business days:
https://ibb.co/r2Sx6ht
I once tried to call the company, but they refused to talk to me because my account was suspended. There's no way out but to somehow convince them to unsuspend, and in my case, that didn't even work.
It's truly the worst customer experiences I've ever had.
This last paragraph should really give pause for thought to anyone at Google whose OKRs involve revenue from non-Enterprise business customers.
Anecdotally speaking - I've considered running Google ads for my company more than a few times, and every single time the thought of a spurious "account violation" for those ads spreading and knocking out our Workspace and Cloud accounts has stopped me doing so - and I've spoken to a fair few other business owners who have reasoned likewise.
However, IBM pulled out of the consumer market. Watson on Jeopardy (c 2011) was their last public stunt. Their TV commercials became more and more abstract and eventually they were out of mind for the average person. So as one day, people no longer thought of IBM when they thought about who can solve big technology problems.
Of course, IBM suffers from many other problems, but I think you're on to something about the importance of doing consumer well to support your enterprise business when you're a large tech company.
1. https://brandirectory.com/rankings/global/2007/table
Deleted Comment
Okay, problem with their tool in my opinion. It shouldn't let you select running ads on Instagram if you don't have an Instagram account... But anyway I get the account unlocked via customer service and try to edit the ad to remove Instagram integration.
Account immediately locked again. Contact customer support again and they can't tell me why it's locked but they're able to unlock it for me.
This time I delete the old ad campaign and try to start a new one. Account immediately locked again. Third time I contact customer service and they won't tell me why the account was locked.
Since it's the third time, my account is permanently locked out and I'm no longer allowed to run ads on Facebook.
Afaik I did nothing wrong and didn't break any of their rules.
At least you were able to talk to customer service a few times.
My experience with Google is that you’ll only get automated replies, no way whatsoever to communicate with a person.
created fb account to use for ads, created a business page per their instructions, used an ad creative generated by their system from my website, few days later whole deal gets shut down for unspecified policy violation
nuts part is they don't know or can't say which policy
as best I can tell my business page was shut down for bad ads, and my ad was taken down for a bad business page
wondering if fb implicitly has the same policy twitter used to have explicitly, where you need to have an established presence w/ real activity before they'll let you advertise
Brex itself might want to confront Google about the legalities of discriminating against their customers.
This has become a rampant enough problem that a startup could make a lot of money acting on behalf of businesses which have experienced losses due to large corporate behemoths selectively denying them service for dubious reasons.
Also if Google really does control 90% of the ad market, then this sort of situation is just exactly the ammo needed for an antitrust case. Google should be paying more attention to this for its own sake. Of course, with the US Supreme Court how it is, Google's probably confident that absolutely nothing will happen to it. If someone can read all of this and not understand what a great tragedy that is, then I just don't know what else to say. It's probably over and we may never see ourselves free of monopoly abuses like this.
This was actually typically just part of the contract merchants signed with credit card providers and was abandoned around 2013 after a law suit, AFAIK. There were about a dozen state laws that prohibited it, but most were thrown out after Expressions Hair Design v. Schneiderman said it might violate the First Amendment.
It's obviously legal to exclude certain payment methods. Costco only takes Visa payments. Lots of places refuse checks or high-value bills. Some places don't take Discover or Amex, especially in the EU. Essentially nobody takes cryptocurrencies or payments in kind. A few states have laws that say businesses must take cash, but otherwise you have the freedom to require payment as you like. I can't walk into your store and force you to accept Iraqi dinars as payment.
Additionally, write your congressional and local state representatives, and give them the facts.