The reality of Stripe Radar: what actually works against fraud
Fraud isn’t just a cost of doing business – it’s a moving target. As your volume grows, so does the sophistication of bad actors probing your checkout and refund flows.
Stripe Radar offers one of the best out-of-the-box fraud tools on the market – machine-learning models trained on billions of network-wide data points. But every business has its own risk tolerance, transaction mix, and customer behavior. To get meaningful protection without losing good customers, you need to customize, monitor, and evolve your rules over time.
At Yeeld, we’ve helped merchants and platforms fine-tune their fraud frameworks – balancing protection, conversion, and compliance. Below, we break down what Radar does (and doesn’t) do, and how to actually implement a smarter fraud strategy on Stripe.
1. What Stripe Radar really does
Radar uses AI models trained across the entire Stripe network to assign a risk score from 0 (least risky) to 100 (riskiest) to transactions and automatically block or flag suspicious ones. It leverages hundreds of signals – IP reputation, velocity, behavioral patterns, card metadata, issuer response codes, and more.
But it’s not a silver bullet. Stripe’s default thresholds are designed to minimize disputes across the entire ecosystem – not to reflect your specific business risk or margin profile.
Key things to know:
- Radar for Fraud Teams unlocks advanced controls – custom rules, manual review workflows, and rule simulations.
- Adaptive rules blend Stripe’s AI predictions with your own conditions (e.g. “request 3DS if CVC fails and country is high risk”).
- Model updates are continuous, but not always transparent. You’ll see shifts in risk scores or block rates as models retrain.
- Radar now protects ACH and SEPA payments, which is increasingly relevant as businesses expand beyond cards.
Radar gives you a solid base layer – but smart merchants treat it as the starting point, not the entire fraud stack.
2. Common pitfalls we see in Radar implementations
Even well-intentioned rules can end up “blocking real customers” when deployed without simulation or feedback loops.
Three patterns stand out:
| Pitfall | Description | Example |
|---|---|---|
| Over-blocking good customers | Relying on static “risk score > X → block” rules without testing first. | A luxury brand saw 12% of legitimate EU orders flagged due to VPN use. |
| Under-monitoring rule performance | Rules set months ago no longer reflect customer mix or risk signals. | A marketplace added a new region but never adjusted their AVS/CVC rules. |
| Using “allow” too freely | “Allow” rules override all others — even if risk spikes later. Allow rules aren’t available to all merchants and should be used carefully. | A partner test account got cloned and bypassed all fraud checks. |
3. How to design effective Radar rules
Rules are powerful – and risky. Here’s Yeeld’s recommended framework:
a. Start with “review,” not “block”
Use review rules to observe first. Once you have enough data to see which transactions are truly fraudulent, tighten your logic.
b. Combine business context + Radar signals
Don’t just rely on risk scores – layer in your own metadata:
- User tenure (new vs. repeat)
- Order value or SKU type
- Country, BIN, or IP patterns
- Historical refund / dispute rate per customer
c. Escalate friction gradually
Use 3D Secure (3DS) for moderate-risk cases – not every transaction, as overuse of 3DS can reduce conversion, especially for repeat or mobile customers. Using 3DS also allows some merchants to shift the liability for fraudulent disputes to the issuing bank through what’s called a ‘liability shift’ – meaning if fraud occurs on a 3DS-authenticated transaction, the bank typically bears the loss rather than the merchant. However, this benefit only applies to fraudulent disputes, and the added friction can reduce conversion, so weigh the tradeoffs carefully.
d. Backtest everything
Stripe’s “Simulate” tool lets you preview how a new rule would have affected recent transactions. Always test before you deploy.
4. Layering friction without killing conversion
Good fraud systems are layered – you use the minimum friction necessary to deter bad actors.
At Yeeld, we often recommend this “step-up” pattern:
- Passive monitoring – Let Radar score everything, but don’t block yet.
- Soft friction – Trigger 3DS or email confirmation for medium-risk users.
- Hard friction – Require ID verification, or block outright if velocity or BIN patterns suggest synthetic identity.
- Early fraud warning (EFW) response – When you receive an EFW alert, decide whether to refund proactively. Best practice: refund transactions at or below your dispute fee, but not those exceeding it by more than 35%. Note that 80% of EFWs tend to convert to disputes unless covered by liability shift protection like 3D Secure.
- Post-transaction review – Use metadata + Sigma queries to detect chargeback precursors (e.g., repeat refunds, mismatched device IDs).
The key is proportional response. Fraud defense shouldn’t feel like punishment for legitimate customers.
5. Building feedback loops and continuous improvement
A strong fraud framework isn’t static – it’s a living system. At a minimum, set up these monitoring loops:
| Metric | Why it matters |
|---|---|
| Block / review rate | Detect when a model update changes risk thresholds. |
| False positive rate | Track refunds issued to legitimate customers. |
| Dispute rate (per region) | Identify geography-specific patterns (e.g., high U.S. fraud vs. low Canadian). |
| Rule hit volume | Spot stale or over-broad rules. |
Use Stripe’s Sigma or Data Pipeline to export this data to your BI tool, then schedule monthly audits. Adjust thresholds, expire outdated rules, and retrain internal reviewers on what “high-risk” really looks like.
6. Yeeld’s take: fraud management is a business decision, not a setting
Fraud prevention isn’t just a checkbox – it’s a strategic lever. The right mix of automation, friction, and manual oversight can increase trust, reduce operational load, and protect your brand.
Yeeld helps merchants and platforms optimize payments architecture – from fraud strategy to implementation. But our biggest takeaway across all verticals is this:
The best fraud system is the one that fits your business, not the one that blocks the most transactions.
If your team is exploring how to layer Stripe Radar with business-specific logic – or wants a framework for testing rule impact – we’re happy to share examples from recent implementations.
