Best practices for platforms with Express or Custom accounts

Provide the smoothest experience for your Express or Custom Connect accounts by following these best practices when it comes to compliance, verification, and fraud prevention.

Connect is a flexible and powerful tool that facilitates performing transactions for your users through Stripe. Although Stripe greatly simplifies the technical components of payment processing, there are a few obligations that must be fulfilled by you (the platform), the connected accounts, and Stripe. You must prepare to meet these requirements when defining and developing your platform.

Steps to take before going live

Platforms with Express or Custom accounts are expected to take all of the following steps before going live and onboarding users. Meeting these requirements helps prevent losses and ensures that payouts to your users are not delayed.

  • Use webhooks to watch for and respond to account activity
  • Manage fraud on your platform to limit risks to you and your users

Platforms with Express accounts are expected to additionally take these steps:

Platforms with Custom accounts are expected to additionally take these steps:

Establish webhooks

Sometimes we’ll need more information about connected accounts. Should Stripe require information for one of your Custom accounts, we’ll reach out to you via a webhook (not via email). It’s vital that you establish a webhook endpoint that responds to our requests and other account activity. Failure to watch for, and promptly respond to, these notifications will lead to delays in money being transferred.

Sometimes Stripe will ask for additional information because the provided information failed verification: for example, a user’s date of birth or last name appears to be incorrect. In such cases, you should also take the opportunity to re-verify the previously submitted information, as the cause of verification failure may be a simple misspelling or data entry error.

When a connected account updates their account information (e.g., bank account), Stripe notifies you of this change through a webhook. Your platform must verify the updated account information.

If Stripe requires information for one of your Express or Standard accounts, we’ll contact your user directly by email, but webhooks may still be useful in order to update state on your server.

Prevent fraud

The platform is ultimately responsible for any losses incurred by Express and Custom accounts through its Connect application. Stripe helps by monitoring the accounts that you onboard, preemptively shutting down accounts that we believe are fraudulent, and contacting you should we notice anything suspicious.

There’s no magic formula for detecting bad actors on your platform, but generally the better you understand your user and their business, the better you—and Stripe—can assess their risk profile. To do this and reduce the opportunity for fraud, we recommend you:

  • Establish a time period in which you verify your users before they can do business through your platform
  • Examine a user’s online presence through social or professional profiles like Facebook, Twitter, or LinkedIn
  • Closely review the user’s website (should they reasonably have one)
  • Collect appropriate licenses, if warranted for a user’s business
  • Confirm your user’s email address if it is linked to their business domain (e.g., send an email to an address at that domain and require a response from it)
  • Collect and verify platform-appropriate information, such as a physical address, inventory list, or selling history
  • Monitor activity on your platform to get a sense of typical behavior, which can be used to look for suspicious behavior

If you suspect a user may be fraudulent, we recommend rejecting the account. This prevents the account from receiving further funds and improves Stripe’s fraud detection systems.

Additionally, you can use Stripe’s built-in fraud tools to identify and prevent fraud on individual charge attempts. You should also familiarize yourself with the most common fraud types.

Managing credit risk

Platforms are responsible for losses incurred by their Express and Custom accounts. While you can’t prevent all chargebacks and losses, here are a few ways you can manage your exposure, protect your platform, and support your accounts.

Understand and monitor the health (and risk) of your connected accounts

The more you understand your connected accounts and their business models, the better you can assess their risk profiles and keep your platform safe on an ongoing basis.

  • Connected account balance information is available through the API and the Dashboard. Use the filters in the accounts overview page of the Dashboard to investigate connected accounts that may require action (e.g., merchants with negative balances).
  • When viewing a specific connected account in the Dashboard, you can click View financial reports in the Activity card to see financial activity on the account.
  • Riskier accounts will have elevated dispute rates (dispute activity above 0.75% is generally considered excessive), sharply reduced volume, or negative balances. Consider creating alerts to monitor these changes to adjust your strategies in real time.

Defer or slow payouts for riskier connected accounts

Consider delaying payouts for newer sellers or service providers, or holding payouts until goods or services are delivered. 

  • For platforms on manual payouts, you can update your payout creation logic to defer or slow down payouts to riskier accounts.
  • For platforms on automatic payouts, you can slow down the payout timing on an account-by-account basis by changing the payout schedule interval. When viewing the connected account in the Dashboard, click Edit payout schedule in the Balance card’s overflow menu.

Reduce the impact of chargebacks and negative balances to your platform

Providing refunds may be a better customer experience and generally less expensive than handling chargebacks or having a negative balance. 

  • You may want to add steps to your refund process to understand and mitigate against any balance concerns on your connected accounts. You can check the connected account’s balance through the dashboard or API to see if the refund can be covered immediately. If the connected account will not cover the refund, you can reverse the transfer without issuing the refund, which will result in a negative balance on the account.
  • You can choose when to refund your customer based on the connected account’s balance and how any potential negative balances will be covered. For example, you could wait to issue the refund until the connected account has a positive balance or you could issue the refund immediately with the expectation that the connected account will cover the amount in the future.
  • In cases where you’re concerned about chargebacks, consider proactively canceling and refunding charges that are likely to be disputed. While you would take a loss on the transaction, that may be better than getting a chargeback and your buyer having a bad user experience, plus the potential card network scrutiny and costs that come with chargebacks.
  • You may also want to empower more of your team to handle refunds by adding them to your Stripe account
  • You can pause recurring charges or subscriptions that are at high risk for chargebacks. This gives you more control over when to reinstate the subscription. For example, if your marketplace offers classes that have been cancelled for the next few months, you could pause the recurring fee for your customers.
  • Protect your platform from having a negative balance by adding funds to your Stripe balance.
  • You can use Sigma to create a report of each account’s negative balance over time.

Recover negative balances on connected accounts

If your connected accounts are in Australia, Canada, or the U.S., Stripe could automatically debit their external accounts to cover the negative balance. Otherwise, the negative balance can be covered by future payment volume.

  • In the connected accounts list, use the Debit negative balances filter to view all accounts with the setting turned off.

Sanctions concerns

As a U.S. company, Stripe complies with all sanctions programs administered by the U.S. Office of Foreign Assets Control (OFAC), along with a number of other national and international sanctions regimes. This includes both prohibitions against interactions with certain individuals and entities as well as comprehensive bans on business dealings involving certain countries or regions that are targeted by sanctions regimes.

Stripe screens all accounts, including connected accounts, in compliance with our own obligations under these sanctions regimes. If a connected account is flagged as a possible sanctions concern, Stripe will pause payouts from the connected account and reach out to the platform via email to request additional information. If there is a particular email address you would like sanctions-related requests to be sent to, please let your Stripe contact or our customer support team know. You can also set up webhooks to listen for sanctions-related events, which will appear as account.updated, disabled_reason: listed.

Payouts from the connected account will remain paused until the review has been cleared. Disregarding or violating sanctions can lead to fines, regulatory action, and loss of licensing for both Stripe and our users.

Customize the onboarding flow and Dashboard (Express only)

Express displays your icon and brand color throughout the onboarding process and on the Express Dashboard, so it’s important to provide recognizable branding. Within the Express section of your Connect settings you can customize the logo, platform name, and color scheme your users see.

Position Express in your onboarding flow (Express only)

To ensure the best possible conversion rate, position the Express onboarding process carefully within your application’s flow. Users are more likely to complete the process and provide the necessary information when Express onboarding is positioned after your application’s own initial sign-up and onboarding steps.

Before sending users into the Express onboarding flow, briefly introduce Stripe and convey the role that Stripe plays in your application. Consider adapting this sample text and including it in your user interface:

[Your Company Name] uses Stripe to get you paid quickly and keep your personal and payment information secure. Thousands of companies around the world trust Stripe to process payments for their users. Set up a Stripe account to get paid with [your platform name.]

Direct users to get support (Express only)

As you control much of the payments experience, we recommend your Express users reach out to you first with any questions. However, they may have questions that only Stripe can answer. To provide the most efficient support possible, platforms should first work with the user and potentially refer them to Stripe for these subjects:

  • Verification questions (e.g., what information do I need to give Stripe and why?)
  • Problems accessing the Express Dashboard (e.g., why doesn’t the two-factor authentication work?)

We expect platforms can handle all other questions, but if one comes up you’re unable to answer, reach out to us for help.

Agree to Stripe’s Services Agreement (Custom only)

All Stripe accounts must accept Stripe’s Services Agreement, and Custom accounts in particular must accept the Stripe Connected Account Agreement (which includes the Stripe Services Agreement). Acceptance must occur before you begin processing payments on a connected user’s behalf.

We’ve provided a recommend interface and sample text in multiple languages in our Services Agreement Acceptance documentation. There you’ll also find the code you’ll use to notify Stripe of a user’s acceptance.

Know your users (Custom only)

As your users are also Stripe’s users (albeit discreetly), you’ll need to work with Stripe to meet all “Know Your Customer” (KYC) obligations. We’ve designed Connect to accept KYC information directly through the API. When the information provided is incomplete or incorrect, it may result in delayed payouts for your users, or financial losses of your own.

Stripe requires that certain information about your users is provided as part of onboarding in order to comply with local KYC requirements. A platform with Custom accounts is responsible for all communications with its users, including collection of this required information. Because Stripe will not have direct communications with your users, it is your obligation to communicate the importance of compliance and identity verification.

We recommend conveying to your users the relationships involved as such:

  1. Stripe is processing charges on a connected user’s behalf. Although the platform is initiating and managing the transactions, funds are not flowing through the platform itself.
  2. The connected user has a Stripe account but relies on you to help them manage it, and Stripe has a legal obligation to know who they are.

Properly explaining the relationship in terms of banking regulations should suffice. You and your users also benefit from having a clear privacy policy that explicitly states what will and will not be done with the user’s information. (See Stripe’s Privacy Policy to know how we use provided information.)

Further reading

Learn more about Connect:

Was this page helpful?
Questions? Contact us.
Developer tutorials on YouTube.
You can unsubscribe at any time. Read our privacy policy.