Send complete fraud signals
Learn about Stripe's recommendations for using Stripe Radar to send a complete set of fraud signals.
Stripe Radar’s machine learning models use many signals to distinguish between fraudulent and legitimate payments. We compute some of these signals automatically, but many of them depend on the information that your integration provides. In general, the more data your integration provides, the more successful fraud prevention can be.
If you don’t collect enough information from your customers, it can reduce the effectiveness of fraud detection. Conversely, if you collect too much information, it can negatively impact the checkout experience and result in a lower conversion rate.
Integration types
Stripe Radar uses data from the Stripe network to effectively detect and block fraudulent transactions, regardless of how you integrate with Stripe. However, the way you integrate with Stripe to process payments can significantly impact the completeness of the fraud signals you send us. The more information you send about a payment, the better Stripe Radar is at detecting and preventing fraud. Using one of our recommended payment integrations allows you to get the most out of Radar. If you can’t use a recommended integration, consider including as much additional data as possible, as explained in our recommendations below.
Integration type | Radar integration quality |
---|---|
Stripe Payment Links Recommended | |
Stripe Checkout Recommended | |
Stripe Elements with Customer signals Recommended | |
Direct API integration with Radar Sessions and Customer signals | |
Direct API integration with client and Customer signals | |
Direct API integration with client signals | |
Direct API integration with Customer signals | |
Direct API integration with no additional signals |
Important signals to send to Stripe
Including the following information with your payments can have a significant impact on the performance of Stripe Radar’s fraud detection models. Our recommended integrations enable you to collect this information, while direct integrations might need to explicitly include this data.
Data | Estimated fraud model improvement |
---|---|
Advanced fraud signals | 36% |
IP address | 12% |
Customer email | 11% |
Customer name | 3% |
Billing address | 1% |
Recommendations
We’ve tested the following recommendations to make sure that your conversion rate remains high while maximizing the performance of our machine learning models.
Checklist progress
As you complete each item and check it off, the state of each checkbox is stored within your browser’s cache. You can refer back to this page at any time to see what you’ve completed so far.
The most important action you can take to guard against fraud is to collect customer payment information using one of our online payments integrations. Each method automatically collects important high-signal data, such as device information and IP addresses. To further improve fraud detection, collect the cardholder name, full billing address, postal code, and the card’s CVC code during checkout.
You can build a seamless checkout flow within your website or app using any of these methods, and securely pass sensitive card information directly to Stripe without passing it through your servers—greatly simplifying your PCI compliance. Determine which integration makes the most sense for your business and product goals, but any of these integration methods help optimize your integration for fraud prevention.
Note
If you’re not using one of the recommended payment integrations, consider using Radar Sessions to automatically collect advanced fraud signals to send to Stripe. You can also pass a subset of our advanced fraud signals directly using our APIs, as shown below.
Using Customer objects when creating payments allows Stripe to track the payment patterns for each customer over time. This significantly increases our ability to identify irregularities in purchasing behavior. To do this, you should:
- Set up Payment Methods for future use and add a billing address to
Customer
objects and use them to create subsequent payments. - Provide your customer’s email address when creating a
Customer
object. - Provide your customer’s name when you tokenize their card information.
- If you ship physical goods, we also recommend collecting the customer’s shipping address and saving this to their associated
Customer
object.
Each
Customer
object can also store multiple payment methods, so you can enhance your customer’s checkout experience by offering to save multiple cards. Stripe can continue to track payment patterns for each customer, regardless of which one they use.If you’re creating a PaymentIntent manually, make sure to handle declines. If you reuse the PaymentIntent, you can track repeated attempts to help counter card testing.
- Set up Payment Methods for future use and add a billing address to
Include Stripe.js on every page of your site, not just the checkout page where your customer enters their payment information. By doing so, Stripe can detect anomalous behavior that may be indicative of fraud as customers browse your website—providing additional signals that increase the effectiveness of our detection.
<script async src="https://js.stripe.com/v3/"></script>
Note
Always load Stripe.js directly from https://js.stripe.com/v3/. We don’t support using a local copy of Stripe.js-it can result in user-visible errors, and reduces the effectiveness of our fraud detection.
Radar collects information on anomalous device or user behavior that might be indicative of fraud. Make sure that your own privacy policy tells your customers about this type of collection. Here’s a paragraph you could add to your policy if it doesn’t already include such a disclosure:
We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.
Radar operates on a per-charge level, which means that during a PaymentIntent lifecycle, Radar might scan multiple charges if the payment has retries. By default, Radar doesn’t scan if you set up a Payment Method for future use without a charge. If you want to scan SetupIntents, go to the Radar settings and enable Use Radar on payment methods saved for future use.