An Important Update on Our Legal Action and Findings

Since pausing our service on December 23rd, 2024, the FilmPass team has been investigating systemic issues within our supply chain. Our concerns were met with months of obstruction, forcing us to take legal action against our global payment processor, Stripe Payments UK LTD.

On August 20th, 2025, the County Court entered a Default Judgment in our favour against Stripe Payments UK Ltd (Claim No. 696MC733). This was a strategic legal action focused on two of our eighty disputed transactions. It was filed to address two interconnected issues: first, the use of misleading merchant names and 'brochure' websites that concealed where our transactions were actually taking place ; and second, to compel the disclosure of the true end beneficiary, whose identity Stripe was actively concealing.

This court judgment substantiates our position. Our investigation, supported by evidence we compiled, has uncovered a business model that we believe is unethical, non-compliant, and deeply damaging to consumer trust.

What Our Investigation Has Proven

One of our initial concerns involved misleading merchant names on transactions. We later received written confirmation from Stripe that the consumer-facing brands we paid did not match the legal entities on record. The transactions were routed through unrelated "brochure" websites that appear designed to act as liability shields, completely obscuring the true merchant from the consumer at the point of sale.

When we tried to resolve this, we were subjected to a strategy of "technical tennis." We were instructed to resolve the issue with an "end beneficiary" whose identity Stripe, the "sole orchestrator of the payment routing" , actively refused to disclose, creating an accountability vacuum.

Covert Behavioural Surveillance

A formal data request (SAR) to Stripe revealed the immense scale of behavioural data being collected from every website visitor under the banner of "fraud prevention". This was a stunning discovery because for months, Stripe insisted they were "merely a processor" and deflected all responsibility. However, after we submitted a formal data request, they were forced to change their story. The timeline of our complaint shows that on May 20th, 2025, Stripe finally provided the "first clear, written confirmation of their data controller status" — a critical admission that came after five months of deflections.

A key part of this system was enabled in February 2023, when Stripe updated its 3DS2 security integration. This marked a fundamental shift from transaction-centric security (3DS1) to device-centric security (3DS2). Under the broad justification of "fraud prevention," this change opened the door for collecting a vast array of data from a user's device on every single website visit, regardless of whether a purchase is made.

While merchants often claim that profiling data is "anonymised," the evidence shows this system is designed to be re-identifiable. The purpose is not to anonymise, but to create a unique digital fingerprint of your device to track your behaviour over time.

For just one of our business cards, Stripe's own data confirmed the harvesting of:

47 unique merchant-specific device identifiers (muid)
Data from 323 separate browsing sessions (session_id)
427 instances of mouse movement tracking (beacon_data)

This data is far from anonymous. The system captures globally and merchant-specific unique identifiers (guid, muid) , your IP address , and a detailed device fingerprint composed of your screen dimensions, browser plugins, and fonts. This combination of over 150 data points makes a mockery of any claim of anonymity and confirms the goal is to profile, not protect, your identity.

Systematic Misrepresentation and Its Impact on Our Members

Stripe's official disclosure contained a stunning contradiction. In their formal letter, they claimed the behavioural data "is not shared with Merchants". However, their own technical data proves the derived outputs are shared. These outputs—including risk scores, behavioural signals, and unique tracking IDs—are made available to merchants through their dashboards.

This confirms their "fraud prevention" tool is an insight-as-a-service system, and the impact on our members was immediate and unacceptable:

Secret Customer Scoring: Without their knowledge or consent, every member's website activity was used to generate a profile and risk score. This data was then used to segment users into categories like "high trust" or "low trust".
Real-World Consequences: This secret profile could be used by merchants to make real-time decisions that directly affected our members. The system enables merchants to approve or block transactions, flag users for manual review, and enforce voucher restrictions based on their perceived behaviour.
Denial of Rights: Because this entire profiling system was operating without transparency, our members were denied their fundamental right to know who was collecting their data, for what purpose, and how it was being used to make decisions about them.

FilmPass could not continue operating in good conscience while our members were being subjected to this undisclosed system. We paused our service because we refuse to be complicit in a supply chain that profiles customers without their informed consent.

The Business Model

This is not a system failure; it is a system design. Stripe's fraud prevention architecture has been repurposed into a covert behavioural profiling engine. The "fraud prevention signals" are the same data points used to generate valuable marketing insights, which are then made available to merchants and business partners through the Stripe Radar dashboard. This creates a business model where "security" becomes the justification for building a powerful commercial intelligence engine. This model is protected by a structural shield, which explains why the end beneficiary is kept hidden behind layered "brochure" websites and vague partnership agreements.

The payment provider acts as the central part of this shield. By refusing to disclose the identity of the ultimate merchant, they create an accountability vacuum designed to obstruct resolution. The devastating impacts of this model are:

It makes fair resolution impossible. Consumers and businesses like FilmPass are left in a "catch-22," unable to resolve disputes because the true merchant is actively concealed by the very payment processor that enables them.
It creates an anti-competitive arena. This hidden infrastructure can allow direct competitors to access behavioural data from your customers, which can then be used to interfere with business and sabotage commercial opportunities. It harms other businesses by enabling selective blocking and discriminatory pricing based on observed behaviour.
This entire model is flawed by design, undermining consumer protection and creating an unfair competitive landscape for SMEs.

The Impact on Consumers

Your Secret "Fraud Risk Score" Repurposed into Granular Marketing Insights

One of our most serious concerns, which we have been consistently stonewalled on, is how this repurposed data directly impacts consumers. The evidence shows that a consumer's behavioural profile is used to generate a secret "risk score" that can lead to direct financial harm.

This score is then shared with the merchant, who can use it to make automated, real-time decisions about you. The direct consequences of this undisclosed profiling include:

Your transaction being algorithmically blocked or declined.
Being prevented from using discounts or voucher codes.
Being subjected to discriminatory pricing based on your perceived behaviour.
Being segmented into categories like "high trust" or "low trust" without your knowledge.

Because this happens without transparency, a consumer has no idea why their purchase failed or why they were quoted a different price, and no clear way to appeal. This is a key area where we have demanded clarity and been met with obstruction.

The Impact on SMEs: An Unfair Competitive Arena

This business model is not only damaging to consumers; it is fundamentally anti-competitive and harmful to SMEs like FilmPass. We chose our payment processor to handle payments, but the evidence shows their infrastructure was used to undermine our business without our knowledge or consent.

Your Customers Are Not Your Own: This system turns an SME's website into a data source. Every visitor—every potential customer—is profiled. This behavioural data can then be made available to larger, more sophisticated entities within the same ecosystem.
Competing with an Invisible Hand: As an SME, it is impossible to compete with a hidden data operation you cannot see. Our investigation found that this opaque infrastructure enabled our direct competitors to access behavioural data that was then used to unlawfully interfere with our business and sabotage commercial opportunities.
A Two-Tiered System: This creates a system where SMEs who believe they are simply buying a payment service are unknowingly having their customer data harvested and used. This provides a massive, unfair advantage to specialised marketing agencies and enterprise-level companies who understand how to repurpose these "fraud prevention" signals for commercial gain, while leaving SMEs vulnerable and exposed.

Our Unwavering Commitment

The court judgment is not the end of this fight; it is the beginning. To our members, we thank you for your incredible patience. We took this stand because protecting you from these opaque practices is our absolute priority. All member benefits remain preserved, and we will not challenge any member who chooses to raise a dispute with their card provider.

We sought debate and disclosure; instead, we were met with attempts to silence and disgrace us.

The resolution for our members starts when Stripe discloses the identity of the end beneficiary of the two merchants they are shielding. Until they do, they remain the central and willing enabler of this entire system.

The FilmPass Team