Been there.

* If your payables and debts are all in the company's name, nobody is coming for your house. The likelihood that your business was going to die before you could pay all your debts was priced into your contracts. If you have employees, pay them and get them off your books first; employee wages are, depending on the state you're in, the one likely exception to that rule.

* If they were in your name, well, that sucks, but still nobody is coming for your house. Your credit rating will probably absorb all the damage. I've had shitty credit all my life, so much so that it used to make it hard to get checking accounts (I'm not a deadbeat, I just don't have revolving credit, and do have billing disputes that I don't have time to resolve). Shitty credit is not that big of a deal. Just don't use credit.

* It sounds like your wife is right. The existence of startups isn't a guarantee that you'll never need to work for someone else again. The normal life cycle of a startup founder is, (1) work for someone else, (2) start company, (3) run company into ground, (4) goto 1. Think of it this way: had your company been successful, it almost certainly would have left you in a state where you'd be working for someone else for a couple years during your earnout. "Not working for someone else" was never really on the table.

* Getting a company funded and then running it is a resume plus. You won't have more trouble getting another job than you did getting the one you left to start this company.

* Your investors expected you to fail. The odds were always overwhelmingly that you would. The whole startup investment model is, put money into 10 companies, hope 1 succeeds. Your investors are professionals. Let their problems remain their problems.

* Are you going to get ridiculed for failing? Obviously, you're not an HN reader. You'd have gotten ridiculed for succeeding. Ridicule is the air we breathe. Why do you care?

* Most small companies start from nothing. That's good news, because "nothing" is an easy state to achieve. Give yourself a couple years, and then try again.

(Disclaimer: I write fraud detection algorithms for Eventbrite, and work closely with the team that built the fraud systems at PayPal.)

I'm sorry this happened to you. I personally believe the burden of proof should be on the company. However, that some choose to err on the side of caution is perfectly understandable.

The thing is that companies that handle credit card payments are very vulnerable to fraud because they are liable for consumer chargebacks [1], at least in the US. This is particularly unfortunate since US cards also happen to have pretty poor security (which also has probably something to do with the fact the merchants are liable, and not the banks). Stolen credit card numbers are extremely easy to obtain (cf. Target breach) [2], and once this is done fraudsters have basically two main ways to extract money out of it:

1) Use the card number to make purchases online, or better yet, find a self-service platform that lets you become a merchant then purchase your own offerings (eBay/PayPal, Eventbrite, etc.).

2) Duplicate the card (made much easier by the US' slowness in adopting chip-and-pin), and use it to pay for goods or to load the money on some account. Square is perfect for this since you own the card-reading device, which makes it much less risky than attempting to use a duplicated card at an ATM or at a retailer.

Now, the problem is that you potentially need a lot of cushioning to withstand fraud attacks: while the processor only makes profit from the transaction fee, they are liable for the entirety of the charge, so one single fraudulent transaction can wipe out the profit of thousands of good ones. Being attacked by a fraud ring for hundreds of thousands or even millions of dollars in a single day is not impossible (in fact we've seen this happen, and Eventbrite's transaction volume is much smaller than PayPal's or even Square's), so this is a lot of risk to take on for a company, especially a startup.

Regarding the bad customer service you've received, there is a specific reason why companies often decline to comment on fraud security checks: by allowing you a way of recourse, they would be disclosing information about how their system works, which makes it potentially vulnerable to attackers. For example, if they said "sure, just send us a copy of your driver's license and we'll lift the ban", this would be a signal for fraudsters to try to fake such documentation.

Overall, it's a complex issue and unfortunately frustration is part of the game (trust me, if PayPal could have found a way to make operations smoother and less frustrating, they'd have done it). At Eventbrite we've chosen to assume this risk and be more liberal with verification because we decided that providing a good user experience is worth losing some money over (and because we have faith in our ability to keep up with the fraudsters), but this is a decision every company that handles money has to make and it's not an easy one.

[1] http://en.wikipedia.org/wiki/Credit_card_fraud#Merchants

[2] fun fact: you'd be surprised to see how big this underground economy is; it's so well-oiled that some sellers even provide customer service on the credit card numbers they sold, and offer money back guarantees if the card has already been deactivated

I have intimate personal experience with the FCRA. Sadly I don't have an hour to talk about it at the moment, but ping me any time. Short version: it's one of the most absurdly customer-friendly pieces of legislation in the US, assuming you know how to work it. There exist Internet communities where they basically do nothing but assist each other with using the FCRA to get legitimate debts removed from their credit report, which, when combined with the Fair Debt Collection Practices Act, means you can essentially unilaterally absolve yourself of many debts if the party currently owning it is not on the ball for compliance.

The brief version, with the exact search queries you'll want bracketed: you send a [debt validation letter] under the FCRA to the CRAs. This starts a 30 day clock, during which time they have to get to the reporter and receive evidence from the reporter that you actually own the debt. If that clock expires, the CRAs must remove that tradeline from your report and never reinstate it. Roughly simultaneously with that letter, you send the collection agency a [FDCPA dispute letter], and allege specifically that you have "No recollection of the particulars of the debt" (this stops short of saying "It isn't mine"), request documentation of it, and -- this is the magic part -- remind them that the FDCPA means they have to stop collection activities until they've produced docs for you. Collection activities include responding to inquiries from the CRAs. If the CRA comes back to you with a "We validated the debt with the reporter." prior to you hearing from the reporter directly, you've got documentary evidence of a per-se violation of the FDCPA, which you can use to get the debt discharged and statutory damages (if you sue) or just threaten to do that in return for the reporter agreeing to tell the CRA to delete the tradeline.

No response from the CRA? You watch your mail box like a hawk for the next 30 days. Odds are, you'll get nothing back from the reporter in that timeframe, because most debt collection agencies are poorly organized and can't find the original documentation for the debt in their files quickly enough. Many simply won't have original documentation -- they just have a CSV file from the original lender listing people and amounts.

If you get nothing back from the reporter in 30 days, game over, you win. The CRA is now legally required to delete the tradeline and never put it back. Sometimes you have to send a few pieces of mail to get this to stick. You will probably follow-up on this with a second letter to the reporter, asserting the FDCPA right to not receive any communication from them which is inconvenient, and you'll tell them that all communication is inconvenient. (This letter is sometimes referred to as a [FOAD letter], for eff-off-and-die.) The reporter's only possible choices at that point are to abandon collection attempts entirely or sue you. If they sue you prior to sending validation, that was a very bad move, because that is a per-se FDCPA violation and means your debt will be voided. (That assumes you owe it in the first place. Lots of the people doing these mechanics actually did owe the debt at one point, but are betting that it can't be conveniently demonstrated that they owe the debt.)

If the reporter sends a letter: "Uh, we have you in a CSV file." you wait patiently until day 31 then say "You've failed to produce documentary evidence of this debt under the FDCPA. Accordingly, you're barred from attempting to collect on it. If you dispute that this is how the FDCPA works, meet me in any court of competent jurisdiction because I have the certified mail return receipt from the letter I sent you and every judge in the United States can count to 30." and then you file that with the CRA alleging "This debt on my credit report is invalid." The CRA will get in touch with the debt collection company, have their attempt timeout, and nuke the trade line. You now still technically speaking owe money but you owe it to someone who can't collect on the debt, (licitly [+]) sell it, or report it against your credit.

I just outlined the semi-abusive use of those two laws, but the perfectly legitimate use (for resolving situations like mine, where my credit report was alleging that I owed $X00,000 in debts dating to before I was born) is structurally similar. My dropbox still has 30 PDFs for letters I sent to the 3 CRAs, several banks, and a few debt collection companies disputing the information on my report and taking polite professional notice that there was an easy way out of this predicament for them but that if they weren't willing to play ball on that I was well aware of the mechanics of the hard way.

[+] Owing more to disorganization and incompetence than malice, many debt collection companies will in fact sell debts which they're not longer legally entitled to. This happened to me twice. I sent out two "intent to sue" letters and they fixed the problem within a week.

[Edit: I last did this in 2006 and my recollection on some of the steps I took was faulty, so I've corrected them above and made it a little more flow-charty.]

I think Vinod's kinda being a douche here. All of the positive street cred he is getting for his promotion of green energy is being lost to this fight. I mean, is it worth having the private beach? Why not keep it open to the public, upgrade the access, and actually reap some positive PR from this?

This is the kind of stuff protesters hate about rich techies. Apparently, this beach was historically used for a long time to teach surfing by local surf schools. A guy swoops in, who probably will rarely use this beach/vacation home, buys up the land, and closes off access. Attempts to "hack" the legal system through a loophole to achieve an exception to the state wide public beach system.

If he had been appreciative of the history of the beach and local surfers, he could have actually got some benefit out of it, maybe built some local facilities people would pay to use, add some exhibits on Khosla investments, etc. It would have generated positive press and positive externalities instead of negative press and negative externalities.

I like Vinod, but this just comes off as being a rich jerk.

Oh thank god! Before this, I had nowhere to post all my brilliant thoughts except medium, blogger, wordpress, posthaven, quora, facebook, google+, livejournal and myspace.

Dustin is a little too late on this one. Medium came along and scooped up whatever chance Svbtle had of becoming accepted by the masses. It should have been open from the start, Dustin's elitist attitude got in the way and I think it's only a matter of time before Svbtle dies.

In addition to Thomas being right about employee wages being able to "pierce the veil" in many states, they're the people most at risk in this situation, so you owe it to them to make sure they're taken care of. It's the one circumstance where I would backstop a company problem with personal funds. (If your company was also behind on e.g. rent or hosting, on the other hand, that risk was priced into contractual terms, like Thomas said. I'd generally prefer to make vendors whole where possible but I wouldn't lose sleep over it.)

With regards to your own situation: you're in the best hiring market in the history of ever. Reach out to your incubator's network and you'll have attractive job offers starting as early as you can accept them. That isn't the whole of the solution set: Big Daddy G and the rest of the tech industry are hiring like mad, too, and they are also throwing around signing bonuses large enough to cover your last few months of salary nonpayment.

P.S. to other HNers: "And then we didn't pay ourselves salary" strikes me as something I hear from a lot of failed funded startups which magnifies the personal financial risk of doing them significantly without meaningfully increasing the chance you'll pull things through. I'd strongly consider not doing that, again, unless the alternative is missing payroll for your other employees.