Send complete fraud signals

Learn about Stripe's recommendations for using Stripe Radar to send a complete set of fraud signals.

Stripe Radar’s machine learning models use many signals to distinguish between fraudulent and legitimate payments. We compute some of these signals automatically, but many of them depend on the information that your integration provides. In general, the more data your integration provides, the more successful fraud prevention can be.

If you don’t collect enough information from your customers, it can reduce the effectiveness of fraud detection. Conversely, if you collect too much information, it can negatively impact the checkout experience and result in a lower conversion rate.

Integration types

Stripe Radar uses data from the Stripe network to effectively detect and block fraudulent transactions, regardless of how you integrate with Stripe. However, the way you integrate with Stripe to process payments can significantly impact the completeness of the fraud signals you send us. The more information you send about a payment, the better Stripe Radar is at detecting and preventing fraud. Using one of our recommended payment integrations allows you to get the most out of Radar. If you can’t use a recommended integration, consider including as much additional data as possible, as explained in our recommendations below.

Integration type	Radar integration quality
Stripe Payment Links Recommended	Excellent
Stripe Checkout Recommended	Excellent
Stripe Elements with Customer signals Recommended	Excellent
Direct API integration with Radar Sessions and Customer signals	Excellent
Direct API integration with client and Customer signals	Very good
Direct API integration with client signals	Good
Direct API integration with Customer signals	Fair
Direct API integration with no additional signals	Poor

Important signals to send to Stripe

Including the following information with your payments can have a significant impact on the performance of Stripe Radar’s fraud detection models. Our recommended integrations enable you to collect this information, while direct integrations might need to explicitly include this data.

Data	Estimated fraud model improvement
Advanced fraud signals	36%
IP address	12%
Customer email	11%
Customer name	3%
Billing address	1%

Recommendations

We’ve tested the following recommendations to make sure that your conversion rate remains high while maximizing the performance of our machine learning models.

Checklist progress

As you complete each item and check it off, the state of each checkbox is stored within your browser’s cache. You can refer back to this page at any time to see what you’ve completed so far.

Collect advanced fraud signals automatically by using Payment Links, Checkout, Elements, or our mobile SDKs
The most important action you can take to guard against fraud is to collect customer payment information using one of our recommended payments integrations. Each method automatically collects important high-signal data, such as device information and IP addresses. To further improve fraud detection, collect the cardholder name, full billing address, postal code, and the card’s CVC code during checkout.
You can build a seamless checkout flow within your website or app using any of these methods, and securely pass sensitive card information directly to Stripe without passing it through your servers – greatly simplifying your PCI compliance. Determine which integration makes the most sense for your business and product goals, but any of these integration methods help optimise your integration for fraud prevention.
Note
If you’re not using one of the recommended payment integrations, consider using Radar Sessions to automatically collect advanced fraud signals to send to Stripe. You can also pass a subset of our advanced fraud signals directly using our APIs, as shown below.
Command Line
cURL
curl https://api.stripe.com/v1/payment_intents \ -u "sk_test_4eC39HqLyjWDarjtT1zdp7dc :" \ -d amount=2000 \ -d currency=usd \ -d "payment_method_data[type]"=card \ -d "payment_method_data[card][number]"=4000002500003155 \ -d "payment_method_data[card][exp_month]"=12 \ -d "payment_method_data[card][exp_year]"=29 \ -d "payment_method_data[card][cvc]"=123 \ -d "payment_method_data[ip]"="62.132.141.1" \ --data-urlencode "payment_method_data[user_agent]"="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" \ --data-urlencode "payment_method_data[referrer]"="https://example.com/payment-page"
Command Line
cURL
curl https://api.stripe.com/v1/charges \ -u "sk_test_4eC39HqLyjWDarjtT1zdp7dc :" \ -d amount=2000 \ -d currency=usd \ -d source=tok_visa \ -d ip="62.132.141.1" \ --data-urlencode user_agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" \ --data-urlencode referrer="https://example.com/payment-page"
Create payments using the Customer object, where possible
Using Customer objects when creating payments allows Stripe to track the payment patterns for each customer over time. This significantly increases our ability to identify irregularities in purchasing behaviour. To do this, you should:
- Set up Payment Methods for future use and add a billing address to Customer objects and use them to create subsequent payments.
- Provide your customer’s email address when creating a Customer object.
- Provide your customer’s name when you tokenise their card information.
- If you ship physical goods, we also recommend collecting the customer’s shipping address and saving this to their associated Customer object.
Each Customer object can also store multiple payment methods, so you can enhance your customer’s checkout experience by offering to save multiple cards. Stripe can continue to track payment patterns for each customer, regardless of which one they use.
If you’re creating a PaymentIntent manually, make sure you handle declines. If you re-use the PaymentIntent, you can track repeated attempts to help counter card testing.
Include Stripe.js on every page of your site
Include Stripe.js on every page of your site, not just the checkout page where your customer enters their payment information. By doing so, Stripe can detect anomalous behaviour that may be indicative of fraud as customers browse your website – providing additional signals that increase the effectiveness of our detection.
```
<script async src="https://js.stripe.com/v3/"></script>
```
Note
Always load Stripe.js directly from https://js.stripe.com/v3/. We don’t support using a local copy of Stripe.js-it can result in user-visible errors, and reduces the effectiveness of our fraud detection.
Update your privacy policy if necessary
Radar collects information on anomalous device or user behavior that might be indicative of fraud. Make sure that your own privacy policy tells your customers about this type of collection. Here’s a paragraph you could add to your policy if it doesn’t already include such a disclosure:
We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.
Consider enabling Radar for future use
Radar operates on a per-charge level, which means that during a PaymentIntent lifecycle, Radar might scan multiple charges if the payment has retries. By default, Radar doesn’t scan if you set up a Payment Method for future use without a charge. If you want to scan SetupIntents, go to the Radar settings and enable Use Radar on payment methods saved for future use.