Stripe Fraud Prevention Guide 2025: Radar R...

Payment fraud costs businesses globally over $32 billion annually, with online fraud rates increasing 20% year-over-year according to Juniper Research. For subscription businesses, fraud creates a triple threat: direct financial loss from fraudulent transactions, chargeback fees ($15-100 per dispute), and potential account termination if fraud rates exceed card network thresholds (typically 0.9% for Visa, 1% for Mastercard). Stripe provides powerful fraud prevention through Radar, their ML-based system that evaluates every transaction against billions of data points. However, Radar's default settings are optimized for broad applicability, not your specific business. Companies that customize Radar rules and implement layered fraud prevention reduce fraudulent transactions by 40-60% while maintaining low false positive rates that don't block legitimate customers. This comprehensive guide covers everything from Radar configuration to advanced fraud detection techniques, helping you build a fraud prevention system that protects revenue without creating friction for genuine customers.

Understanding Stripe Radar

Stripe Radar is an ML-powered fraud detection system that comes standard with Stripe. Understanding how it works helps you configure it effectively.

How Radar Scores Work

Every payment processed through Stripe receives a Radar risk score from 0-100, with higher scores indicating higher fraud probability. Scores under 20 are typically safe, 20-65 warrant review for some businesses, and above 65 indicate significant risk. Radar calculates scores using: card testing patterns, velocity checks, device fingerprinting, behavioral analysis, and signals from Stripe's network of millions of merchants. The score is available in the charge object as risk_level and risk_score, enabling programmatic decisions.

Default Radar Behavior

Out of the box, Radar blocks payments with very high risk scores (typically 75+) and allows everything else. This conservative approach minimizes false positives but may allow moderate-risk fraud through. Radar also blocks payments from sanctioned countries and known fraudulent cards. Default settings work reasonably well for most businesses, but customization significantly improves performance—especially for businesses with unusual patterns or high fraud exposure.

Radar for Fraud Teams

Stripe offers Radar for Fraud Teams as an add-on ($0.07/screened transaction) that provides advanced features: custom rules with additional attributes, manual review queues, lists for blocking/allowing specific cards or emails, and detailed analytics. For businesses processing significant volume or experiencing fraud challenges, the ROI on Fraud Teams is typically positive—a few prevented chargebacks per month justify the cost.

Understanding Risk Attributes

Radar provides dozens of risk attributes for rule creation: card country, IP country, email domain, device fingerprint, velocity (transactions per hour/day), CVC check results, address verification, and behavioral signals. Understanding which attributes correlate with fraud in your business is key to effective rule creation. Analyze your historical chargebacks to identify patterns—most businesses find 3-5 attributes that predict 80% of their fraud.

Radar Limitations

Radar excels at detecting payment fraud but has blind spots: friendly fraud (legitimate customers disputing valid charges), account takeover that happens before payment, and sophisticated fraud rings that evolve to evade ML detection. Layered defenses address these gaps.

Configuring Radar Rules

Custom Radar rules let you define business-specific fraud policies. Effective rules balance fraud prevention against legitimate customer friction.

Rule Types and Actions

Radar supports three rule actions: Block (reject payment), Review (allow but flag for manual review), and Allow (bypass other rules). Rules can request 3D Secure authentication as an additional option. Create rules for specific scenarios: "Block if risk_score > 80 AND is_disposable_email" targets high-risk transactions with temporary emails. Start with Review actions while testing to understand impact before implementing blocks.

High-Impact Rule Patterns

Common effective rules include: Block transactions where card country doesn't match IP country (catches card testing from abroad), Block disposable email domains (fraud often uses temporary emails), Review first-time customers with high-value orders (reduces exposure), Block excessive velocity (more than 3 attempts in 1 hour from same card or email). Customize thresholds based on your business—what's suspicious for a $10 subscription differs from a $10,000 enterprise purchase.

Allowlist and Blocklist Management

Radar for Fraud Teams enables lists for granular control. Blocklists prevent known bad actors: specific emails, card fingerprints, or IP addresses from previous fraud. Allowlists prevent false positives for trusted customers: verified enterprise accounts, repeat purchasers, or customers who've passed enhanced verification. Maintain lists programmatically via Stripe API—automatically add to blocklist when chargebacks occur, add to allowlist when customers verify identity.

Testing and Iteration

Never deploy blocking rules without testing. Start with Review rules to see what would be blocked without actually blocking. Analyze review queue for false positives—legitimate customers who would have been blocked. Calculate the cost of false positives versus fraud prevented. Iterate rules weekly initially, then monthly once stable. Document rule changes and outcomes for institutional learning.

False Positive Cost

Blocking legitimate customers costs more than their transaction—you lose lifetime value and create negative word-of-mouth. Most businesses we analyze should tolerate some fraud rather than aggressive blocking. The optimal balance depends on your margins and customer economics.

Layered Fraud Prevention

Radar is powerful but shouldn't be your only defense. Implement multiple layers that catch fraud Radar misses and reduce overall risk.

3D Secure Implementation

3D Secure (3DS) adds an authentication step where the cardholder verifies identity with their bank. This shifts fraud liability to the issuer for authenticated transactions—you're protected from chargebacks even if the transaction is fraudulent. Implement 3DS selectively: require for high-risk scores, new customers, high-value transactions, or international payments. Stripe supports 3DS2 which is less friction than original 3DS. Balance authentication friction against liability protection.

Address and CVC Verification

AVS (Address Verification) and CVC checks provide additional fraud signals. Require CVC for all transactions—legitimate customers have their cards handy. Use AVS results in Radar rules: mismatched addresses or unavailable AVS increase risk. Note that AVS is US-focused and less reliable internationally. For high-risk transactions, consider requiring full address match. Stripe provides these results in the charge object for programmatic use.

Device Fingerprinting and Behavioral Analysis

Stripe.js collects device fingerprints automatically. Implement additional behavioral analysis: track mouse movements, typing patterns, and session behavior. Fraudsters often exhibit distinct patterns: rapid form completion (copy-pasting stolen card data), unusual device configurations, or scripted behavior. Third-party services like Sift, Signifyd, or Kount provide advanced behavioral analysis that complements Radar. Evaluate ROI based on fraud volume.

Velocity and Pattern Detection

Implement custom velocity limits beyond Radar's defaults. Track: transactions per customer email/hour, card BIN patterns (fraudsters often have multiple cards from same issuer batch), failed transaction sequences (card testing before successful fraud), and account creation velocity. Store signals in your database and check before payment creation. Real-time velocity detection catches organized fraud that's too fast for periodic Radar updates.

Defense in Depth

No single fraud prevention measure is perfect. The goal is creating enough layers that sophisticated fraudsters target easier victims while legitimate customers barely notice the protection.

Preventing Card Testing Attacks

Card testing—where fraudsters validate stolen card numbers by attempting small charges—can generate thousands of transactions in hours, incurring fees and risking account stability.

Recognizing Card Testing

Card testing attacks exhibit distinct patterns: high volume of small transactions ($0.50-$5.00), many different cards in short periods, sequential card numbers from same BIN range, high decline rates, and often originating from single IP addresses or automated scripts. Stripe may alert you to potential card testing, but proactive detection prevents damage before alerts arrive.

Rate Limiting Strategies

Implement aggressive rate limits on payment endpoints. Limit transactions per IP address (10/hour typical), per email domain (especially disposable email providers), and per device fingerprint. For card testing specifically, limit failed transactions—legitimate customers rarely fail 3+ times in a row. Use CAPTCHA or similar challenges when limits approach. Block IPs that exceed limits for escalating durations.

Minimum Transaction Amounts

Consider minimum transaction amounts that exceed card testing economics. Fraudsters test with small amounts to minimize cost of failed tests. A $5 or $10 minimum makes testing expensive and reveals your product isn't worth the fraud overhead. If your business requires small transactions, require additional verification (phone number, email confirmation) for amounts under threshold.

Automated Response Systems

Build systems that detect and respond to card testing automatically. Monitor for: sudden spikes in transaction volume, unusual decline rates, multiple transactions from same IP or device, and BIN clustering. When patterns emerge, automatically: increase Radar rule sensitivity, enable CAPTCHA, block suspicious IPs, and alert your team. Fast response limits damage—card testing attacks often last minutes to hours before moving to other targets.

Card Testing Cost

Even declined transactions incur Stripe fees ($0.00-0.15 depending on your plan) and count toward your authorization rate. High-volume card testing can cost thousands in fees while damaging your relationship with card networks.

Managing Fraud in Subscription Businesses

Subscription fraud has unique characteristics: fraudsters often want free trials or first-month access, and fraud may not be detected until chargebacks months later.

Trial Abuse Prevention

Free trials attract abuse: fraudsters create multiple accounts with stolen cards to perpetually access free periods. Prevent through: device fingerprinting (block devices that have previously trialed), email verification requirements, phone number verification for premium trials, and requiring valid payment method that gets $1 hold (not charge). Track trial-to-paid conversion by cohort—sudden drops may indicate trial abuse inflating trial counts.

First Payment Risk Assessment

First subscription payments carry highest fraud risk. Implement enhanced verification: require 3DS for all first payments, apply stricter Radar rules for new customers, delay access until payment confirms (24-48 hours for high-risk), and verify email/phone before activation. The friction is acceptable for first purchase; existing customers expect smoother renewals.

Renewal Fraud Detection

While less common, renewal fraud occurs when accounts are compromised or cards are added fraudulently to existing accounts. Monitor for: payment method changes followed by high-value renewals, login from new devices/locations before payment changes, and account sharing indicators (simultaneous sessions from different locations). Flag accounts with suspicious patterns for manual review before renewal.

Chargeback Correlation Analysis

Analyze chargebacks to improve prevention. Track: which acquisition channels produce most fraud, time from signup to chargeback (quick chargebacks suggest fraud, delayed suggest service issues), common customer attributes in fraud cases, and geographic patterns. Use insights to tighten rules for high-risk segments. Some channels or offers may have negative ROI when fraud is included—data reveals these patterns.

Friendly Fraud Reality

In subscription businesses, 50-70% of chargebacks are "friendly fraud"—legitimate customers who forget they subscribed or dispute rather than cancel. This requires different prevention: clear billing descriptors, easy cancellation, proactive communication before charges.

Fraud Monitoring and Response

Proactive monitoring catches fraud patterns before they become major losses. Build dashboards and alerts that surface problems quickly.

Key Fraud Metrics

Track these metrics daily: fraud rate (fraudulent transactions / total transactions), chargeback rate (chargebacks / total charges), decline rate (declines / attempts), Radar block rate (Radar blocks / total attempts), and average risk score trends. Set thresholds for alerts: chargeback rate above 0.5% warrants investigation, above 0.75% requires immediate action (network thresholds typically 0.9-1.0%).

Real-Time Alert Systems

Configure alerts for: chargeback rate spikes, sudden increases in Radar blocks (may indicate attack), high-risk score volume increases, velocity threshold breaches, and large individual transactions (fraud often targets highest-value purchases possible). Use Stripe webhooks (charge.dispute.created, radar.early_fraud_warning.created) to trigger immediate notifications. Faster response reduces fraud window.

Dispute Response Workflow

When chargebacks occur, respond quickly with compelling evidence. Required elements: proof of customer authentication, delivery confirmation or service access logs, communication history, and terms acceptance evidence. Stripe provides templates and guidance in the Dashboard. Win rates vary by evidence quality: well-documented responses win 30-40%, poor documentation wins under 10%. Track win rates to improve evidence collection.

Fraud Pattern Documentation

Document every significant fraud incident: what happened, how it was detected, damage incurred, and prevention measures implemented. Build a fraud pattern library that informs rule development and team training. Share patterns (anonymized) with your Stripe account team—they may have network-wide insights or suggest relevant rules. Institutional knowledge prevents repeating costly mistakes.

Network Thresholds

Card networks monitor merchant fraud rates. Exceeding thresholds triggers monitoring programs with fines ($5,000-100,000+/month) and potential termination. The threshold is typically 0.9% for Visa and 1% for Mastercard. Stay well below with proactive prevention.

Frequently Asked Questions

What is a good fraud rate to target?

Industry benchmarks vary: e-commerce averages 1.5-2% fraud attempts (not all successful), while subscription businesses typically see 0.5-1%. Your target should be well below card network thresholds (0.9% for Visa) with margin for spikes. Most well-protected businesses achieve 0.1-0.3% actual fraud loss. Focus on keeping chargeback rates under 0.5% to avoid monitoring programs. The "right" rate balances fraud prevention against customer friction—some fraud is acceptable if blocking it would lose more legitimate customers.

Should I enable 3D Secure for all transactions?

Generally no—3DS adds friction that reduces conversion. Enable 3DS selectively: for high-risk scores (risk_level: elevated or highest), new customers, high-value transactions, or regions with high fraud rates. The conversion impact varies: 3DS2 is lower friction than original 3DS, and authentication rates vary by issuer. Test 3DS on segments and measure conversion impact versus chargeback reduction. For some high-risk businesses, mandatory 3DS is appropriate despite conversion cost.

How do I handle a sudden spike in chargebacks?

Immediate actions: review recent chargebacks for common patterns (same acquisition channel, time period, transaction characteristics), temporarily tighten Radar rules, and investigate potential data breaches or compromised payment forms. If fraud attack: implement emergency rate limiting, consider pausing affected payment flows. Contact Stripe support for assistance with significant spikes. Long-term: implement preventive measures identified in pattern analysis, consider third-party fraud detection, and review your security practices for vulnerabilities.

What evidence should I collect to win dispute responses?

Collect preemptively for every transaction: IP address and device fingerprint, email/phone verification records, terms of service acceptance timestamp, login and usage logs, delivery confirmation or access logs, and customer service communications. When disputing: write clear narrative explaining why the charge is legitimate, include all relevant documentation, highlight any verification the customer completed, and provide refund policy (if customer didn't follow it). Strong evidence wins 30-40% of disputes; weak evidence wins under 10%.

Is Radar for Fraud Teams worth the additional cost?

Calculate ROI based on your fraud volume. Radar for Fraud Teams costs $0.07/screened transaction. If you process 10,000 transactions monthly, that's $700/month. If Fraud Teams helps you prevent 3-4 additional fraudulent transactions (averaging $100+ value plus $25 chargeback fees), it's ROI positive. Larger benefits: custom rules, lists, and review queues enable precision that default Radar can't achieve. For businesses under 1,000 monthly transactions or with minimal fraud, default Radar may suffice.

How do I balance fraud prevention with customer experience?

The key is risk-appropriate friction. Low-risk transactions (repeat customers, low scores, small amounts) should have zero additional friction. High-risk transactions warrant verification (3DS, email confirmation, manual review). Analyze your false positive rate: if legitimate customers frequently fail verification or get blocked, your rules are too aggressive. Target less than 1% false positive rate. When you do add friction, make it clear and fast—a 10-second SMS verification is acceptable; a multi-day manual review is not for most businesses.

Key Takeaways

Effective fraud prevention requires layered defenses, continuous monitoring, and business-specific optimization. Stripe Radar provides excellent baseline protection, but customization based on your fraud patterns significantly improves results—most businesses can reduce fraud 40-60% through rule optimization while maintaining low false positive rates. Start with the highest-impact actions: enable Radar for Fraud Teams if your volume justifies it, implement 3DS for high-risk transactions, and create rules targeting your specific fraud patterns (analyze historical chargebacks to identify them). Build monitoring dashboards that surface problems quickly and establish response playbooks for when incidents occur. Remember that some fraud is acceptable—the goal isn't zero fraud but optimal balance between fraud loss and legitimate customer friction. A 0.2% fraud rate with 99%+ legitimate customer approval is better than 0.1% fraud with frustrated customers abandoning checkout. Measure continuously, iterate based on results, and stay well below card network thresholds to protect your payment processing relationship.

Ben Callahan