# Send complete fraud signals Learn about Stripe's recommendations for using Stripe Radar to send a complete set of fraud signals. Stripe *Radar* (Stripe Radar helps detect and block fraud for any type of business using machine learning that trains on data across millions of global companies. It’s built into Stripe and requires no additional setup to get started)’s AI models use many signals to distinguish between fraudulent and legitimate payments. We compute some of these signals automatically, but many of them depend on the information that your integration provides. In general, the more data your integration provides, the more successful fraud prevention can be. If you don’t collect enough information from your customers, it can reduce the effectiveness of fraud detection. Conversely, if you collect too much information, it can negatively impact the checkout experience and result in a lower conversion rate. ## Integration types Stripe Radar uses data from the Stripe network to effectively detect and block fraudulent transactions, regardless of how you integrate with Stripe. However, the way you integrate with Stripe to process payments can significantly impact the completeness of the fraud signals you send us. The more information you send about a payment, the better Stripe Radar is at detecting and preventing fraud. Using one of our recommended payment integrations allows you to get the most out of Radar. If you can’t use a recommended integration, consider including as much additional data as possible, as explained in our [recommendations](https://docs.stripe.com/radar/integration.md#recommendations) below. | Integration type | Radar integration quality | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | | [Stripe Payment Links](https://docs.stripe.com/payment-links.md) (Recommended) | | | [Stripe Checkout](https://docs.stripe.com/payments/checkout.md) (Recommended) | | | [Stripe Elements](https://docs.stripe.com/payments/elements.md) with *Customer signals* (Customer signals refer to information such as user email, name, and billing address that are passed through the customer object in the API) (Recommended) | | | Direct [API](https://docs.stripe.com/api.md) integration with [Radar Sessions](https://docs.stripe.com/radar/radar-session.md) and *Customer signals* (Customer signals refer to information such as user email, name, and billing address that are passed through the customer object in the API) | | | Direct [API](https://docs.stripe.com/api.md) integration with *client* (Client signals refer to information such as IP address, User-Agent, and checkout URL that are used to help enhance fraud prevention) and *Customer signals* (Customer signals refer to information such as user email, name, and billing address that are passed through the customer object in the API) | | | Direct [API](https://docs.stripe.com/api.md) integration with *client signals* (Client signals refer to information such as IP address, User-Agent, and checkout URL that are used to help enhance fraud prevention) | | | Direct [API](https://docs.stripe.com/api.md) integration with *Customer signals* (Customer signals refer to information such as user email, name, and billing address that are passed through the customer object in the API) | | | Direct [API](https://docs.stripe.com/api.md) integration with no additional signals | | ## Important signals to send to Stripe Including the following information with your payments can have a significant impact on the performance of Stripe Radar’s fraud detection models. Our recommended integrations enable you to collect this information, while direct integrations might need to explicitly include this data. | Data | Estimated fraud model improvement | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------- | | *Advanced fraud signals* (Advanced fraud signals refer to device characteristics and activity indicators that are automatically captured by Stripe.js and our SDKs. You can also capture advanced fraud signals with Radar Sessions) | 36% | | IP address | 12% | | Customer email | 11% | | Customer name | 3% | | Billing address | 1% | ## Recommendations We’ve tested the following recommendations to make sure that your conversion rate remains high while maximizing the performance of our AI models. > #### Checklist progress > > As you complete each item and check it off, the state of each checkbox is stored within your browser’s cache. You can refer back to this page at any time to see what you’ve completed so far. - [ ] Collect advanced fraud signals automatically by using Payment Links, Checkout, Elements, or our mobile SDKs The most important action you can take to guard against fraud is to collect customer payment information using one of our [online payments integrations](https://docs.stripe.com/payments/online-payments.md). Each method automatically collects important high-signal data, such as device information and IP addresses. To further improve fraud detection, collect the cardholder name, full billing address, postal code, and the card’s CVC code during checkout. You can build a seamless checkout flow within your website or app using any of these methods, and securely pass sensitive card information directly to Stripe without passing it through your servers—greatly simplifying your [PCI compliance](https://docs.stripe.com/security/guide.md). Determine which integration makes the most sense for your business and product goals, but any of these integration methods help optimize your integration for fraud prevention. > If you’re not using one of the recommended payment integrations, consider using [Radar Sessions](https://docs.stripe.com/radar/radar-session.md) to automatically collect [advanced fraud signals](https://docs.stripe.com/disputes/prevention/advanced-fraud-detection.md) to send to Stripe. You can also pass a subset of our advanced fraud signals directly using our APIs, as shown below. ```curl curl https://api.stripe.com/v1/payment_intents \ -u "<>:" \ -d amount=2000 \ -d currency=usd \ -d "payment_method_data[type]"=card \ -d "payment_method_data[card][number]"=4000002500003155 \ -d "payment_method_data[card][exp_month]"=12 \ -d "payment_method_data[card][exp_year]"=29 \ -d "payment_method_data[card][cvc]"=123 \ -d "payment_method_data[ip]"="62.132.141.1" \ --data-urlencode "payment_method_data[user_agent]"="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" \ --data-urlencode "payment_method_data[referrer]"="https://example.com/payment-page" ``` ```curl curl https://api.stripe.com/v1/charges \ -u "<>:" \ -d amount=2000 \ -d currency=usd \ -d source=tok_visa \ -d ip="62.132.141.1" \ --data-urlencode user_agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" \ --data-urlencode referrer="https://example.com/payment-page" ``` ```cli stripe charges create \ --amount=2000 \ --currency=usd \ --source=tok_visa \ --ip="62.132.141.1" \ --user-agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" \ --referrer="https://example.com/payment-page" ``` ```ruby # Set your secret key. Remember to switch to your live secret key in production. # See your keys here: https://dashboard.stripe.com/apikeys Stripe.api_key = '<>' charge = Stripe::Charge.create({ amount: 2000, currency: 'usd', source: 'tok_visa', ip: '62.132.141.1', user_agent: 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)', referrer: 'https://example.com/payment-page', }) ``` ```ruby # Set your secret key. Remember to switch to your live secret key in production. # See your keys here: https://dashboard.stripe.com/apikeys client = Stripe::StripeClient.new("<>") charge = client.v1.charges.create({ amount: 2000, currency: 'usd', source: 'tok_visa', ip: '62.132.141.1', user_agent: 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)', referrer: 'https://example.com/payment-page', }) ``` ```python # Set your secret key. Remember to switch to your live secret key in production. # See your keys here: https://dashboard.stripe.com/apikeys import stripe stripe.api_key = "<>" charge = stripe.Charge.create( amount=2000, currency="usd", source="tok_visa", ip="62.132.141.1", user_agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)", referrer="https://example.com/payment-page", ) ``` ```python # Set your secret key. Remember to switch to your live secret key in production. # See your keys here: https://dashboard.stripe.com/apikeys client = StripeClient("<>") # For SDK versions 12.4.0 or lower, remove '.v1' from the following line. charge = client.v1.charges.create({ "amount": 2000, "currency": "usd", "source": "tok_visa", "ip": "62.132.141.1", "user_agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)", "referrer": "https://example.com/payment-page", }) ``` ```php // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys $stripe = new \Stripe\StripeClient('<>'); $charge = $stripe->charges->create([ 'amount' => 2000, 'currency' => 'usd', 'source' => 'tok_visa', 'ip' => '62.132.141.1', 'user_agent' => 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)', 'referrer' => 'https://example.com/payment-page', ]); ``` ```java // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys Stripe.apiKey = "<>"; ChargeCreateParams params = ChargeCreateParams.builder() .setAmount(2000L) .setCurrency("usd") .setSource("tok_visa") .putExtraParam("ip", "62.132.141.1") .putExtraParam( "user_agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" ) .putExtraParam("referrer", "https://example.com/payment-page") .build(); Charge charge = Charge.create(params); ``` ```java // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys StripeClient client = new StripeClient("<>"); ChargeCreateParams params = ChargeCreateParams.builder() .setAmount(2000L) .setCurrency("usd") .setSource("tok_visa") .putExtraParam("ip", "62.132.141.1") .putExtraParam( "user_agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" ) .putExtraParam("referrer", "https://example.com/payment-page") .build(); // For SDK versions 29.4.0 or lower, remove '.v1()' from the following line. Charge charge = client.v1().charges().create(params); ``` ```node // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys const stripe = require('stripe')('<>'); const charge = await stripe.charges.create({ amount: 2000, currency: 'usd', source: 'tok_visa', ip: '62.132.141.1', user_agent: 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)', referrer: 'https://example.com/payment-page', }); ``` ```go // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys stripe.Key = "<>" params := &stripe.ChargeParams{ Amount: stripe.Int64(2000), Currency: stripe.String(stripe.CurrencyUSD), Source: &stripe.PaymentSourceSourceParams{Token: stripe.String("tok_visa")}, } params.AddExtra("ip", "62.132.141.1") params.AddExtra( "user_agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)") params.AddExtra("referrer", "https://example.com/payment-page") result, err := charge.New(params) ``` ```go // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys sc := stripe.NewClient("<>") params := &stripe.ChargeCreateParams{ Amount: stripe.Int64(2000), Currency: stripe.String(stripe.CurrencyUSD), Source: &stripe.PaymentSourceSourceParams{Token: stripe.String("tok_visa")}, } params.AddExtra("ip", "62.132.141.1") params.AddExtra( "user_agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)") params.AddExtra("referrer", "https://example.com/payment-page") result, err := sc.V1Charges.Create(context.TODO(), params) ``` ```dotnet // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys StripeConfiguration.ApiKey = "<>"; var options = new ChargeCreateOptions { Amount = 2000, Currency = "usd", Source = "tok_visa", }; options.AddExtraParam("ip", "62.132.141.1"); options.AddExtraParam( "user_agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"); options.AddExtraParam("referrer", "https://example.com/payment-page"); var service = new ChargeService(); Charge charge = service.Create(options); ``` ```dotnet // Set your secret key. Remember to switch to your live secret key in production. // See your keys here: https://dashboard.stripe.com/apikeys var options = new ChargeCreateOptions { Amount = 2000, Currency = "usd", Source = "tok_visa", }; options.AddExtraParam("ip", "62.132.141.1"); options.AddExtraParam( "user_agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"); options.AddExtraParam("referrer", "https://example.com/payment-page"); var client = new StripeClient("<>"); var service = client.V1.Charges; Charge charge = service.Create(options); ``` - [ ] Create payments using the Customer object, where possible Using [Customer](https://docs.stripe.com/api.md#customers) objects when creating payments allows Stripe to track the payment patterns for each customer over time. This significantly increases our ability to identify irregularities in purchasing behavior. To do this, you should: - [Set up Payment Methods for future use](https://docs.stripe.com/payments/save-and-reuse.md) and add a [billing address](https://docs.stripe.com/api/customers/object.md#customer_object-address) to `Customer` objects and use them to create subsequent payments. - Provide your customer’s [email address](https://docs.stripe.com/api.md#customer_object-email) when creating a `Customer` object. - Provide your customer’s [name](https://docs.stripe.com/api/.md#customer_object-name) when you tokenize their card information. - If you ship physical goods, we also recommend collecting the customer’s [shipping address](https://docs.stripe.com/api.md#customer_object-shipping) and saving this to their associated `Customer` object. Each `Customer` object can also store multiple payment methods, so you can enhance checkout by offering to save multiple cards. Stripe can continue to track payment patterns for each customer, regardless of which one they use. If you’re creating a [PaymentIntent](https://docs.stripe.com/api/payment_intents.md) manually, make sure to handle [declines](https://docs.stripe.com/declines.md). If you reuse the PaymentIntent, you can track repeated attempts to help counter [card testing](https://docs.stripe.com/disputes/prevention/card-testing.md). - [ ] Include Stripe.js on every page of your site Include [Stripe.js](https://docs.stripe.com/payments/elements.md) on every page of your site, not just the checkout page where your customer enters their payment information. By doing so, Stripe can detect anomalous behavior that may be indicative of fraud as customers browse your website—[providing additional signals](https://docs.stripe.com/disputes/prevention/advanced-fraud-detection.md) that increase the effectiveness of our detection. ```html ``` > Always load Stripe.js directly from **https://js.stripe.com/basil/stripe.js**. We don’t support using a local copy of Stripe.js-it can result in user-visible errors, and reduces the effectiveness of our fraud detection. - [ ] Update your privacy policy if necessary Radar collects information on anomalous device or user behavior that might be indicative of fraud. Make sure that your own privacy policy tells your customers about this type of collection. Here’s a paragraph you could add to your policy if it doesn’t already include such a disclosure: > We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy. - [ ] Consider enabling Radar for future use Radar operates on a per-charge level, which means that during a [PaymentIntent lifecycle](https://docs.stripe.com/payments/paymentintents/lifecycle.md), Radar might scan multiple charges if the payment has retries. By default, Radar doesn’t scan if you [set up a Payment Method for future use](https://docs.stripe.com/payments/save-and-reuse.md) *without* a charge. If you want to scan [SetupIntents](https://docs.stripe.com/api/setup_intents.md), go to the [Radar settings](https://dashboard.stripe.com/settings/radar) and enable **Use Radar on payment methods saved for future use**.