Customer abuse evaluationPrivate preview
Get risk evaluations for customer account registration and login events.
The Customer Account Evaluation API provides risk intelligence for your registration and login flows to detect multi-accounting patterns and suspicious account sharing:
- No payment collection required: Evaluate risk during registration and at login, before collecting any payment information.
- Get risk scores upfunnel: Apply decision signals earlier in your workflow to get risk scores sooner (login or registration) than traditional Stripe PaymentIntents. This can help you make informed decisions about allowing or blocking account access where service abuse is suspected.
Account evaluation lifecycle
To request an account evaluation for to detect abuse:
- On the client side, use Stripe.js to create a Radar Session that captures device metadata, then send the session token to your server.
- Create a customer or prepare end user data for inline customer creation.
- Request an
AccountEvaluationwhen customers register or log in. - After the customer registers or logs in, report the outcome to Stripe to improve future evaluations.
The following diagram shows the high-level interactions between you (the business), Stripe and your end customer at registration time.
Create a Radar Session
Before requesting an account evaluation, you need to capture device metadata from the client using Stripe.js. Pass the Radar Session token from the response to your server to use it in the Account Evaluation request. Learn more about Radar Sessions.
Create an AccountEvaluation
After you create a Radar Session to capture device metadata, request an AccountEvaluation to get risk signals from Stripe. The evaluation uses type-based polymorphism to support different event types.
Registration flow
Use the registration_initiated type to evaluate new user registrations. You can reference an existing Customer or create one inline. Preserve the customer ID for use in future payment requests to ensure accurate fraud detection.
Using an existing Customer
Using inline customer creation
If you don’t provide an existing customer ID, Stripe creates a new Customer object using customer_.
Login flow
Use the login_initiated type to evaluate user login attempts and detect account sharing patterns. Use the same customer ID that you created during registration.
Risk signals
Stripe returns risk signals in the response based on the evaluation type. Use these signals to make informed decisions about allowing or blocking the action.
| Evaluation type | Signal returned | Description |
|---|---|---|
registration_ | multi_ | Risk that the same end customer is registering multiple times |
login_ | account_ | Risk that the same account is being used from multiple locations simultaneously |
Each signal includes a score.
Report outcome
After you evaluate an account, report the final outcome to Stripe. This feedback improves our accuracy in abuse detection over time.
Call report_event and pass the type of event you’re reporting. Supported event types include:
registration_: Report when a registration completes successfullysucceeded registration_: Report when a registration attempt failsfailed login_: Report when a login completes successfullysucceeded login_: Report when a login attempt failsfailed
The following example shows a successful registration:
Retrieve an AccountEvaluation
You can retrieve a previously created AccountEvaluation by ID at any time:
Use with Payment Intents
When creating payments, you must use the same customer ID that you used for the account evaluation. This ensures that we can provide accurate risk assessments by connecting registration, login, and payment activity for the same customer.
Note
The customer parameter at payment time must match the customer ID used when creating the AccountEvaluation.