ⓘ Optimized 3 hours agoView Original

https://stripe.com/docs/fraud/guide/case-studies
Menu

Fraud Prevention Case Studies

Real-life cases of businesses using Stripe that have experienced and overcome
fraud. This is part five of our Understanding and Preventing Online Fraud guide.
Case A: Small e-commerce company
Company A designs and manufactures beautifully designed and crafted products that
they sell worldwide from their online store. They launched their first product
after a successful Kickstarter campaign with thousands of backers. Over the
following couple of years, they added new products to their line, built out their
own e-commerce store to sell worldwide, and signed distribution deals with select
retailers. It was around this time that they noticed a sharp uptick in fraudulent
orders.
The company is a small team mainly focused on designing and manufacturing physical
products. They use Wordpress for their store and the popular WooCommerce plugin to
handle the checkout process. This setup has enabled them to get started quickly,
producing a modern and elegant web presence with minimal initial and ongoing
investment, enabling the team to concentrate on their core work of designing
beautiful products.
Anti-fraud tactics
A while after launching their own site, the company started seeing an unusual
number of disputed charges. Their dispute rate began to increase and they were
worried about the impact on their ability to do business. This was a textbook case
of credit card fraud—the fraudsters were using stolen credit card details to make
unauthorized purchases and resell the merchandise for profit.
Hoping to stem the tide, the company enabled address verification for all payments,
declining all attempted charges that failed AVS checks. Although their dispute rate
dropped, their decline rate increased to over 20%. This was far higher than the
dispute rate they were trying to quell, which indicated that legitimate charges
were also being declined.
The company wasn’t willing to take that big a hit on their conversion rate. Since
the company was just starting out and their order volume was relatively low, it was
important to prevent fraud without turning away genuine orders. They felt that they
were able to delay shipment of orders and spend time manually reviewing payments,
while also inserting a five-digit code into their statement descriptors. This code
appears on the card statement of their customer. When they suspect an order to be
fraudulent, they contacted the customer and asked them to send in this code from
their bank statement. This strategy was very successful for the company,
effectively solving the fraud problem at hand.
Case B: Mid-sized Software-as-a-Service (SaaS) company
Company B sells software-as-a-service direct to consumers, targeting a niche yet
global market. They have a custom-built Ruby on Rails website that uses Elements
for securely accepting credit card payments.
Anti-fraud tactics
Company B accidentally disabled the option to automatically reject charges that
fail address verification (AVS), causing their decline rate to drop to zero. While
this may seem beneficial from a revenue perspective, it’s only half of the story.
The company’s dispute rate, which had previously been close to 0%, increased
significantly. The reason for this was that fraudsters had discovered the company’s
lack of address verification and began exploiting this to gain access to the
service at no charge.
Seeing these elevated dispute rates, the company reviewed their security settings.
At this point, they re-implemented address verification, and the disputes
disappeared overnight. The decline rate normalized to the same level prior to AVS
being turned off.
Company B’s story over this period of time serves as a good reminder that a non-
zero decline rate is often a necessary cost of doing business. Having AVS in place
kept fraudsters at bay for Company B—they may well have had fraudsters attempt to
defraud them in the past, only to be met with a decline. Fraudsters in this
situation will move on to the next victim. But once they find a weakness, they will
exploit it quickly and to potentially devastating effect.
Case C: Large marketplace
Company C is an online marketplace where sellers can quickly and easily list their
goods to be sold. Customers browse these storefronts via the website and mobile
apps, and purchase through Company C’s checkout system.
Company C runs a substantial engineering organization to produce and maintain their
marketplace product, using Stripe to take payments from customers on their website
and in their mobile apps and to get the sellers of the items purchased paid.
Anti-fraud tactics
Company C passes all of their Stripe charges through Riskified, a third-party
vendor that specializes in identifying fraudulent charges. Riskified reverses
approximately 2% of their charges, which then go into an internal queue. The
charges in this queue are run through Company C’s in-house fraud rules system,
which incorporates knowledge specific to their business. Finally, a subset of these
are manually reviewed by members of the team.
StripedocsHomeQuickstartCheckoutReferenceElementsReferenceExamplesMigrationiOSAndro
idCreating ChargesDeclines & Failed PaymentsDisputesSubmitting
EvidenceTypesFAQOrdersGuideTax IntegrationsShipping IntegrationsGetting
StartedPayment MethodsCards3D SecureBancontactGiropayiDEALSEPA Direct
DebitSOFORTACHApple PayApple Pay in AppsApple Pay on the WebAlipayBitcoinStripe.js
ReferenceTestingQuickstartCreating SubscriptionsUsing Multiple PlansApplying
DiscountsUsing Trial PeriodsSetting QuantitiesAdding TaxesMultiple
SubscriptionsLifecycle & EventsUsing WebhooksChanging SubscriptionsUpgrading &
DowngradingBilling CycleCanceling & PausingWorking with InvoicesManaging
PlansTestingOverviewConnecting to AccountsAuthenticationStandalone AccountsOAuth
ReferenceManaged AccountsUpdating AccountsIdentity VerificationVerification
FieldsTesting VerificationBank TransfersMigrating RecipientsBest PracticesCreating
ChargesDirect ChargesDestination ChargesSeparate Charges & TransfersDebiting
Managed AccountsUsing SubscriptionsMultiple CurrenciesTestingSelling in Other
AppsAccepting Orders in Your AppError HandlingOverviewRisk
EvaluationReviewUncaptured PaymentsRulesReferenceTestingYour AccountGoing Live
ChecklistGetting PaidReportingAPI LibrariesAPI
UpgradesWebhooksIntegrationsRecipesSecurityAPI Reference
Support➝Sign in