You need to comply with onboarding and Know Your Customer (KYC) requirements when you start onboarding users. Meeting these requirements can help prevent losses and avoid payout delays for your users.
Stripe has gathered what it’s learned from thousands of platforms, extensions, and plug-ins that can help you go live more effectively. Join the Stripe Partner Program to learn more.
Stripe uses webhooks to notify you of account activities. Establish a webhook endpoint so you can promptly respond to Stripe requests and avoid delays in fund transfers.
Stripe requests additional information if the provided user information fails verification. An incorrect date of birth or last name may be the result of a data entry error so review the information to see if this is the cause.
When a user updates their account information (for example, bank account), Stripe sends you a notification of the change. You must verify the updated account information.
There’s no foolproof method to detect bad actors so it’s good practice to assess an account’s holistic risk profile to help mitigate your fraud risk. The more you understand your user and their business, the better this assessment will be. Stripe recommends that you:
- Verify your users (within a certain amount of time) before they can do business through your platform.
- Examine a user’s online presence through social or professional profiles like Facebook, Twitter, or LinkedIn.
- Closely review the user’s website (for example, should they reasonably have one).
- Collect appropriate licenses if appropriate for their business.
- Confirm their email address if it’s linked to their business domain (for example, send an email to an address at that domain and require a response from it).
- Collect and verify platform-appropriate information such as a physical address, inventory list, or selling history.
- Monitor activity on your platform to get a sense of typical behavior, which you can use to look for suspicious behavior.
- Use the built-in fraud tools to identify and prevent fraud on individual charge attempts.
- Add additional verifications to connect onboarding and disable payouts or payments until the checks pass.
On rare occasions, Stripe might shut down specific accounts. You’ll receive a webhook if this occurs.
If you suspect someone is committing fraud, Stripe recommends rejecting the account. This prevents the account from receiving more funds (reducing losses) and helps improve Stripe’s fraud detection systems.
Bad actors could potentially target your connected accounts and compromise them, an attack known as account takeover (ATO). Attackers commonly obtain account credentials (for example, through phishing, data breaches, and guessable passwords) and use them to create unauthorized transactions and other fraudulent activities on the account. To help prevent account takeovers from happening, it’s good practice to:
- Require two-factor authentication when your users log in
- Educate your users on phishing
- Enforce unique password policies
- Monitor anomalous login activity, specifically with regard to new device identifiers and IP addresses
- Be aware of account changes originating from new devices (for example, password resets, email changes, and bank account changes)
- Use identity checks to assist in two-factor authentication recovery or in response to suspicious activity
Credit risk management
Managing disputes and chargebacks are a normal part of doing business when accepting card payments. It’s good practice to employ a number of different methods to build an effective strategy for preventing disputes. The following subsections contain some recommendations to help you manage your exposure, protect your business, and support your accounts.
Monitor your accounts. The more you understand your user and their business, the better you can assess their risk.
- Examine user account balances through the API or the Dashboard. In the Dashboard’s accounts overview, use filters to investigate accounts that might require you to take action (for example, accounts with negative balances).
- Review financial activity on an account. When viewing the account in the Dashboard, click View financial reports in the Activity card.
- Create alerts to monitor riskier accounts so you can quickly adjust your strategies. Riskier accounts have higher dispute rates (dispute activity above 0.75% is generally considered excessive), sharply reduced volume, or negative balances.
For platforms with users on manual payouts, you can update your payout creation logic to defer or slow down payouts for riskier accounts.
For platforms with users on automatic payouts, you can change the payout schedule to be longer (for slower payouts) on an account-by-account basis in the Dashboard or with settings.payouts.schedule in the API. When viewing the account in the Dashboard, click Edit payout schedule in the Balance card’s overflow menu (…):
Impact from chargebacks and negative balances
Consider product or service refunds instead of having to manage chargebacks and negative balances. It might be a better customer experience and also less expensive for you. You could:
- Issue refunds. You can check the connected account’s balance to see if the refund can be covered using the Dashboard or with retrieve in the API. If their balance can’t cover the refund, you can reverse the transfer without issuing the refund (which will result in a negative balance on the account).
- Issue refunds based on certain parameters. For example, you can wait until the account’s balance is no longer negative to issue refunds or immediately issue the refund knowing the amount will be covered by future payments.
- Proactively cancel and refund charges that are likely to be disputed if you have chargeback concerns. The loss on the transaction might be better than getting a chargeback and a bad customer experience. In addition, there are costs that come with chargebacks and the potential scrutiny from card networks.
- Permit your team to handle refunds by adding them to your platform account.
- Pause billing subscriptions (recurring payments) that are at high risk for chargebacks. This gives you more control over when to resume the subscription. For example, if your platform offers classes that have been canceled for the next few months, you can pause payment collection from your customers.
- Protect your platform from negative balances by adding funds to your platform balance.
- Use Stripe Sigma to generate a report of each account’s negative balance over time.
Negative balances on accounts Australia Canada U.S. New Zealand
If your connected accounts are in Australia, Canada, New Zealand, or the U.S., you can allow Stripe to automatically debit their external accounts to cover negative balances. (Connect only supports auto debits for Standard and Express accounts in New Zealand.) Otherwise, the negative balance could be covered by future payment volume. By default, automatic debiting is set to
true for Express accounts, and
false for Custom accounts.
You can toggle the automatic debits setting on an account using the Dashboard or with debit_negative_balances in the API. From the Dashboard, select an account and open the overflow menu (…) on the Balance card:
To view all connected accounts from the Dashboard that have the automatic debits setting turned off, use the Debit negative balances filter:
Concerns about sanctions
As a U.S. company, Stripe complies with all sanctions programs administered by the U.S. Office of Foreign Assets Control (OFAC), along with a number of other national and international sanctions regimes. This includes both prohibitions against interactions with certain individuals and entities as well as comprehensive bans on business dealings involving certain countries or regions that are targeted by sanctions regimes.
Stripe screens all accounts, including connected accounts, in compliance with our own obligations under these sanctions regimes. If a connected account is flagged as a possible sanctions concern, Stripe will pause payouts from the connected account and contact the platform by email to request additional information. If you have a preferred email address for sending sanctions-related requests to, contact Stripe. You can also set up webhooks to listen for sanctions-related events, which will appear as account.updated,
Payouts from the connected account will remain paused until the review has been cleared. Disregarding or violating sanctions can lead to fines, regulatory action, and loss of licensing for both Stripe and our users.
More best practices for Express accounts
The following are additional best practices to consider if you’re using Express accounts.
More best practices for Custom accounts
The following are additional best practices to consider if you’re using Custom accounts.