Managing fraudulent transactions

This guide helps you understand the basics of online fraud and how to protect your business.

Radar
Radar

Fight fraud with the strength of the Stripe network.

Learn more 
  1. Introduction
  2. Introduction to online fraud
  3. How disputes work
  4. How to protect your business
  5. Additional resources

All online businesses have to manage fraud. From fraudsters using stolen cards and card numbers to customers abusing refund policies and disputes, navigating illegitimate payments and the dispute process is part of accepting payments online.

This guide helps you understand the basics of online fraud and how to protect your business. You’ll also learn how disputes work, your responsibility as an online business, and how Stripe can help.

Introduction to online fraud

Before diving into fraud, it’s helpful to have a high-level understanding of how online payments work: how money moves from a customer to your business and how banks facilitate these payments.

There are several major players involved in each online transaction:

flow en
  1. Cardholder: The person who uses a credit or debit card

  2. Merchant: The business owner that accepts payments by card

  3. Acquirer: The financial institution that processes card payments on behalf of the merchant and routes them through the card networks to the issuing bank. Sometimes acquirers also partner with a third party to help process payments.

  4. Card networks: Visa, Mastercard, and other card networks that are the connection among all of these players. They communicate transaction information, move transaction funds, and determine the underlying costs of card transactions.

  5. Issuing bank: The financial institution that provides banking or transaction services and issues payment cards (such as credit, debit, or prepaid cards) to consumers or businesses on behalf of the card networks.

A payment is considered fraudulent when the cardholder does not authorize the charge. For example, if a fraudster makes a purchase on your website using a stolen card number that hasn't been reported, it’s possible the payment would be processed successfully. Then, when the cardholder discovers the fraudulent use of the card, he or she would question the payment with his or her bank by filing a chargeback. While you have the chance to dispute this chargeback by submitting evidence about whether the payment was valid, if it was a fraudulent transaction, the cardholder will win.

If your business loses a dispute, you would be responsible for paying more than just the original transaction amount. Fraud often leads to chargeback fees (the cost associated with the bank reversing the card payment), higher network fees from disputes, higher operational costs from reviewing charges or fighting disputes, and more customer churn.

How disputes work

When a dispute is filed, the funds are immediately returned to the cardholder—before any outcome is determined. If you don’t think the dispute is legitimate, you can submit evidence to fight it, usually within 5 to 21 days. If you don’t submit evidence before the deadline, the cardholder wins the dispute and keeps the funds.

During the dispute process, the burden is on your business to prove that the person who made the purchase owns the card and authorized the transaction, and that the cardholder understood and accepted your terms of service and cancellation or refund policy at the time of purchase.

The Dashboard guides you through the chargeback submission process step-by-step, automatically formatting the information you provide. You will be asked to provide different pieces of evidence, such as web logs, emails, shipment tracking numbers, delivery confirmation, or proof of prior refunds, and upload any necessary files, depending on the dispute type. All this can help increase the likelihood of a dispute being found in your favor.

If you receive a dispute, you may first want to get in touch with the customer and try to proactively resolve it. However, whether the customer agrees to withdraw or not, you should still submit evidence. If you don’t submit, the customer wins by default.

Stripe doesn’t decide the outcome of a dispute; the card issuers do. However, we play a role by conveying your evidence to our financial partners. Once you submit evidence, Stripe confirms whether it meets network requirements and, if so, sends it to the card issuer for evaluation. The issuer makes a final decision, which we communicate to you through the Stripe Dashboard, webhooks, and API.

For businesses outside Mexico, the dispute fee is nonrefundable. For businesses in Mexico, the dispute fee for a won or withdrawn dispute might be returned.

How to protect your business

While you can’t completely eliminate the risk of fraud when accepting online payments, the best way to manage it is to prevent it from happening in the first place.

Here are some best practices for protecting your business from fraud:

  • Leverage machine learning fraud detection: Rules-based fraud detection, operating on an “if x happens, then do y” logic, was never designed for modern internet businesses and can lead to lost revenue. Stripe Radar is powered by adaptive machine learning, with algorithms evaluating every transaction and assigning a risk score, then blocking or allowing transactions based on the risk of fraud. Radar’s algorithms adapt quickly to shifting fraud patterns and to your unique business.
  • Collect more information during checkout: Requiring customers to provide more information at checkout will help you better verify their legitimacy. For example, make sure to collect the customer’s name and email address. This additional information can be passed to Stripe Radar, resulting in better machine learning detection of fraud, and gives you more evidence to submit during a potential dispute.
  • Manually review payments: Radar for Fraud Teams includes an additional review process that allows you to flag certain payments for review (although these payments are still processed and the credit card charged). While Radar for Fraud Teams is commonly used by larger organizations, the ability to manually review payments is helpful, regardless of your company’s size. Manually reviewing suspicious payments can help you take action faster, before a potential dispute occurs. For example, if you’re unsure about a payment when you’re reviewing it, you can contact the customer by phone or email. Or if you suspect a payment is fraudulent, you can refund it.
  • Create rules to manage payments: Using Radar for Fraud Teams, you can create custom rules to manage how your business handles incoming payments, blocking any that you would consider suspicious or placing them in review. For example, you could lower the risk score required to trigger manual reviews or review large orders from first-time customers. Radar for Fraud Teams also provides risk insights into particular payments, allowing you to understand the most important factors contributing to a high risk score. You can use this information to create additional, more targeted rules.
  • Explore other payment methods: The right set of payment methods can offer flexibility to customers and reduce the risk of fraud. Digital wallets, like Apple Pay or Google Pay, require additional customer verification (such as biometrics, SMS, or a passcode) to complete a payment, resulting in lower dispute rates. Similarly, most bank debits—where you pull funds directly from a customer’s bank account—require customers to agree to a mandate or to verify account ownership, adding an extra layer of security and reducing the possibility of disputes.
  • Take additional precautions when shipping items: If you’re shipping physical goods, consider delaying the shipment by 24 to 48 hours to give cardholders a chance to spot any fraud on their accounts. In addition, ensure that you ship physical goods to a verified shipping address that passes postal code and street address checks. If you ship to an unverified address and the payment is later disputed, you wouldn’t be able to prove that the order was shipped to the legitimate cardholder.

Additional resources

Here are additional resources to help you manage fraud and protect your business:

To learn more about how Stripe can help you prevent fraud and manage disputes, contact your customer success manager or our sales team.

Ready to get started?

Create an account and start accepting payments—no contracts or banking details required. Or, contact us to design a custom package for your business.
Radar

Radar

Fight fraud with the strength of the Stripe network.

Radar docs

Use Stripe Radar to protect your business against fraud.