https://stripe.com/docs/fraud/guide/case-studies Menu
Fraud Prevention Case Studies
Real-life cases of businesses using Stripe that have experienced and overcome fraud. This is part five of our Understanding and Preventing Online Fraud guide. Case A: Small e-commerce company Company A designs and manufactures beautifully designed and crafted products that they sell worldwide from their online store. They launched their first product after a successful Kickstarter campaign with thousands of backers. Over the following couple of years, they added new products to their line, built out their own e-commerce store to sell worldwide, and signed distribution deals with select retailers. It was around this time that they noticed a sharp uptick in fraudulent orders. The company is a small team mainly focused on designing and manufacturing physical products. They use Wordpress for their store and the popular WooCommerce plugin to handle the checkout process. This setup has enabled them to get started quickly, producing a modern and elegant web presence with minimal initial and ongoing investment, enabling the team to concentrate on their core work of designing beautiful products. Anti-fraud tactics A while after launching their own site, the company started seeing an unusual number of disputed charges. Their dispute rate began to increase and they were worried about the impact on their ability to do business. This was a textbook case of credit card fraud—the fraudsters were using stolen credit card details to make unauthorized purchases and resell the merchandise for profit. Hoping to stem the tide, the company enabled address verification for all payments, declining all attempted charges that failed AVS checks. Although their dispute rate dropped, their decline rate increased to over 20%. This was far higher than the dispute rate they were trying to quell, which indicated that legitimate charges were also being declined. The company wasn’t willing to take that big a hit on their conversion rate. Since the company was just starting out and their order volume was relatively low, it was important to prevent fraud without turning away genuine orders. They felt that they were able to delay shipment of orders and spend time manually reviewing payments, while also inserting a five-digit code into their statement descriptors. This code appears on the card statement of their customer. When they suspect an order to be fraudulent, they contacted the customer and asked them to send in this code from their bank statement. This strategy was very successful for the company, effectively solving the fraud problem at hand. Case B: Mid-sized Software-as-a-Service (SaaS) company Company B sells software-as-a-service direct to consumers, targeting a niche yet global market. They have a custom-built Ruby on Rails website that uses Elements for securely accepting credit card payments. Anti-fraud tactics Company B accidentally disabled the option to automatically reject charges that fail address verification (AVS), causing their decline rate to drop to zero. While this may seem beneficial from a revenue perspective, it’s only half of the story. The company’s dispute rate, which had previously been close to 0%, increased significantly. The reason for this was that fraudsters had discovered the company’s lack of address verification and began exploiting this to gain access to the service at no charge. Seeing these elevated dispute rates, the company reviewed their security settings. At this point, they re-implemented address verification, and the disputes disappeared overnight. The decline rate normalized to the same level prior to AVS being turned off. Company B’s story over this period of time serves as a good reminder that a non- zero decline rate is often a necessary cost of doing business. Having AVS in place kept fraudsters at bay for Company B—they may well have had fraudsters attempt to defraud them in the past, only to be met with a decline. Fraudsters in this situation will move on to the next victim. But once they find a weakness, they will exploit it quickly and to potentially devastating effect. Case C: Large marketplace Company C is an online marketplace where sellers can quickly and easily list their goods to be sold. Customers browse these storefronts via the website and mobile apps, and purchase through Company C’s checkout system. Company C runs a substantial engineering organization to produce and maintain their marketplace product, using Stripe to take payments from customers on their website and in their mobile apps and to get the sellers of the items purchased paid. Anti-fraud tactics Company C passes all of their Stripe charges through Riskified, a third-party vendor that specializes in identifying fraudulent charges. Riskified reverses approximately 2% of their charges, which then go into an internal queue. The charges in this queue are run through Company C’s in-house fraud rules system, which incorporates knowledge specific to their business. Finally, a subset of these are manually reviewed by members of the team. StripedocsHomeQuickstartCheckoutReferenceElementsReferenceExamplesMigrationiOSAndro idCreating ChargesDeclines & Failed PaymentsDisputesSubmitting EvidenceTypesFAQOrdersGuideTax IntegrationsShipping IntegrationsGetting StartedPayment MethodsCards3D SecureBancontactGiropayiDEALSEPA Direct DebitSOFORTACHApple PayApple Pay in AppsApple Pay on the WebAlipayBitcoinStripe.js ReferenceTestingQuickstartCreating SubscriptionsUsing Multiple PlansApplying DiscountsUsing Trial PeriodsSetting QuantitiesAdding TaxesMultiple SubscriptionsLifecycle & EventsUsing WebhooksChanging SubscriptionsUpgrading & DowngradingBilling CycleCanceling & PausingWorking with InvoicesManaging PlansTestingOverviewConnecting to AccountsAuthenticationStandalone AccountsOAuth ReferenceManaged AccountsUpdating AccountsIdentity VerificationVerification FieldsTesting VerificationBank TransfersMigrating RecipientsBest PracticesCreating ChargesDirect ChargesDestination ChargesSeparate Charges & TransfersDebiting Managed AccountsUsing SubscriptionsMultiple CurrenciesTestingSelling in Other AppsAccepting Orders in Your AppError HandlingOverviewRisk EvaluationReviewUncaptured PaymentsRulesReferenceTestingYour AccountGoing Live ChecklistGetting PaidReportingAPI LibrariesAPI UpgradesWebhooksIntegrationsRecipesSecurityAPI Reference Support➝Sign in