Fraud Detection Basics
Implementing fraud prevention measures using Stripe Radar rules, risk scoring, velocity checks, and behavioral signals to block fraudulent transactions before they result in chargebacks.
Description
Fraud detection prevents unauthorized or abusive use of payment systems, protecting your business from chargebacks, financial losses, and card network penalties. Stripe Radar provides machine learning-based fraud detection that evaluates every payment attempt and assigns a risk score (normal, elevated, highest) based on hundreds of signals: card country vs. IP country mismatch, velocity of attempts, known fraudulent card fingerprints, device fingerprinting via Stripe.js, and behavioral patterns from Stripe's network of millions of merchants.
Stripe Radar is enabled by default and blocks payments with the highest risk scores automatically. You can customize its behavior with Radar Rules: allow, block, or send to manual review based on specific conditions. Common rules include blocking payments where the CVC check fails (::cvc_check:: = 'fail'), blocking when card country doesn't match IP country for amounts above a threshold, rate limiting payment attempts per IP address or email, and requiring 3D Secure for elevated risk payments. Custom metadata passed in the payment can also be used in rules.
Beyond Stripe Radar, implement application-level fraud checks. Track velocity metrics per user, email, IP, and card fingerprint (number of signups, payment attempts, failed payments in a time window). Implement device fingerprinting to identify repeat offenders across accounts. Flag suspicious patterns like rapid-fire small charges (card testing), multiple failed payment attempts followed by a success, or new accounts immediately purchasing high-value items. Build a manual review queue for flagged transactions, allowing your team to approve or reject suspicious payments before fulfillment.
Prompt Snippet
Enable Stripe Radar and configure custom rules in the Dashboard: block payments where ::cvc_check:: = 'fail', request 3D Secure when ::risk_level:: = 'elevated', and block when ::ip_country:: != ::card_country:: AND ::amount_in_usd:: > 100. Pass Radar metadata with each PaymentIntent: stripe.paymentIntents.create({ ..., metadata: { account_age_days, total_orders, ip_address } }) to enrich risk scoring. Implement application-level velocity checks: query SELECT COUNT(*) FROM payment_attempts WHERE ip_address = ? AND created_at > NOW() - INTERVAL '1 hour' and reject if above threshold. Store charge.outcome.risk_level and risk_score from the Charge object in your transactions table for post-hoc fraud analysis and rule tuning.Tags
Related Terms
Dispute/Chargeback Handling
Managing the process when a customer contests a charge with their bank, including automated evidence collection, response submission, and prevention strategies to minimize dispute rates.
3D Secure Authentication
An additional authentication layer for online card payments that requires cardholders to verify their identity through their bank, mandated by regulations like PSD2/SCA in Europe.
Double-Charge Prevention
Implementing safeguards at the application, API, and database layers to prevent customers from being charged twice for the same transaction due to retries, race conditions, or user double-clicks.
Tokenization (Card Data)
Replacing sensitive card numbers with non-sensitive token identifiers that reference the card data stored securely by the payment processor, keeping your systems out of PCI scope.