The items in this checklist apply to all Stripe accounts, regardless of how or where you signed up for Stripe. We also have checklists for taking your integration live and adhering to website payment best practices. For the safety and security of your Stripe account, follow these steps before going live:
For security purposes, enable two-factor authentication (2FA) on your Stripe account. 2FA requires that you log in with both your username and password as well as a code sent to your mobile device. This makes it much harder for someone else to access your Stripe account.
The statement descriptor appears on customer statements when you charge their card. Missing or incorrect information can result in confused customers creating disputes, so make sure to review your statement descriptor in the Dashboard. Statement descriptors are limited to between 5 and 22 characters. They must contain at least 5 letters and can’t use the following special characters:
". Stripe also recommends that you add text to your site that tells your users what they’ll see on their statements.
The card issuer can automatically include other account information—for example, business name, address, email, or phone number—to show on your customer’s statements. Check that all of this information in your Stripe account is acceptable for your customers to see.
Stripe can notify you of account activity by email. You can choose events to be notified of in your Communication preferences under Profile. If multiple team members have access to your account, each one can set their own notification preferences. At a minimum, we recommend turning on emails for successful charges and disputes.
Fraud and disputes are unfortunate realities in all commerce. While Stripe is constantly improving its tools to help reduce these incidents, we recommend that you’re set up to:
- Regularly review payments in the Dashboard.
- Report charges that appear suspicious using the Dashboard or API.
- Have evidence at the ready for disputes.
- Prevent and mitigate card testing.
Incorrect bank information is a common cause of transfer delays. Before accepting live charges, confirm your bank details are correct. If you process charges in multiple currencies and have multiple bank accounts, also confirm you’ve established the correct default currency. Multiple bank accounts for additional currencies are optional as Stripe can convert any payments into your default currency.
When reviewing your bank information, set your preferred transfer schedule. The recommended and default option is daily—as funds become available—but you can change this to best suit your business and reporting needs.
You can give your team members access to your Stripe account. Stripe even lets you give different team members different permissions depending on their roles.
Whenever you give a team member access to your Stripe account, don’t give them your login credentials. We also recommend that you ask your team members to enable 2FA.
If a team member no longer needs access to your Stripe account, remove them from your account.