Radar Rules Fresh
Create automated rules to block, allow, review, or request 3D Secure on payments based on attributes.
Rule types
| Action | Description |
|---|---|
| Block | Decline the payment immediately |
| Allow | Override block/review rules — payment proceeds (use sparingly) |
| Review | Payment processes, but is flagged for manual review |
| Request 3DS | Require 3D Secure authentication before charge |
Evaluated in this order: Block → Allow → Review → Request 3DS.
Built-in AI rules
All Stripe accounts include:
| Rule | Behavior |
|---|---|
if :risk_level: = 'highest' | Block payment |
if :risk_level: = 'elevated' | Review payment (Radar for Fraud Teams) |
Radar for Platforms also evaluates account-level risk:
if :account_risk_level: = 'highest'— blockif :account_risk_level: = 'elevated'— review
Built-in CVC and AVS rules
| Rule | When to enable |
|---|---|
if CVC verification fails based on risk score | Block failed-CVC payments unless low risk |
if Postal code verification fails based on risk score | Block failed-postal-code payments unless low risk |
These don't block wallet payments (Apple Pay, Google Pay) or cards where the issuer doesn't support verification.
Rule syntax
{action} if {attribute} {operator} {value}- Attributes start with
:(e.g.,:card_country:) - Metadata uses double colons:
::product_sku::or::customer:trusted:: - Reference lists with
@list_name
Example:
Block if :card_country: != 'US' and :risk_level: = 'elevated'Useful attributes
| Attribute | Description |
|---|---|
:risk_level: | 'normal', 'elevated', 'highest' |
:amount_in_usd: | Payment amount in USD |
:card_country: | 2-letter country code of card issuer |
:ip_country: | 2-letter country code of customer IP |
:card_funding: | 'credit', 'debit', 'prepaid' |
:is_new_card_on_customer: | True if card is newly attached to this customer |
:is_disposable_email: | True if email is a throwaway address |
:is_3d_secure: | True if 3DS attempted and not failed |
:is_3d_secure_authenticated: | True if customer completed full 3DS authentication |
:has_liability_shift: | True if Stripe expects fraud liability to shift to issuer |
:payment_method_type: | 'card', 'us_bank_account', 'sepa_debit', etc. |
:is_off_session: | True for recurring/off-session payments |
:digital_wallet: | 'apple_pay', 'android_pay', 'link', etc. |
3DS rule examples
Request 3DS for elevated-risk payments above $25
Request 3D Secure if :risk_level: != 'normal' and :amount_in_usd: > 25Block elevated-risk payments that didn't complete 3DS
Request 3D Secure if :risk_level: != 'normal' and :amount_in_usd: > 25
Block if not :is_3d_secure:
and :risk_level: != 'normal'
and :amount_in_usd: > 25
and not :is_off_session:
and :digital_wallet: != 'apple_pay'
and not (:digital_wallet: = 'android_pay' and :has_cryptogram:)This accepts off-session payments and wallets (which don't go through 3DS) while blocking elevated-risk non-authenticated payments.
Request 3DS for all new cards
Request 3D Secure if is_missing(:seconds_since_card_first_seen:)Or for newly attached cards on a customer:
Request 3D Secure if :is_new_card_on_customer:Block based on custom list
Block if :card_country: in @high_risk_countriesBlock rule best practices
- Test rules against the last 6 months before activating
- Aim for high fraudulent-to-legitimate ratio — minimizing false positives is critical
- Never use overly broad rules like
if :card_country: != 'US'alone — always combine with risk signals - If unsure, use a review rule first; convert to block after patterns are confirmed
Allow rule best practices
Allow rules override ALL other rules including Stripe's AI. Use extremely cautiously:
Allow if :ip_country: = 'GB' and :risk_level: != 'highest'Always add and :risk_level: != 'highest' to any allow rule.
Review rule guidance
Review rules flag payments for your team without blocking them:
Review if :card_funding: = 'prepaid' and :is_disposable_email:Keep review queues manageable:
- If most reviewed payments turn out legitimate → narrow the rule or create an allow rule
- If most reviewed payments are fraudulent → convert to a block rule
Rule limits
- Maximum 200 transaction rules
- Maximum 100 account rules (Radar for Platforms)
Creating rules in the Dashboard
Dashboard → Radar → Rules → + Add rule
Use Radar Assistant (built-in LLM) to describe your rule in plain English and have it constructed automatically.
After creating: test the rule against 6 months of historical payments to see impact before activating.
Account rules (Radar for Platforms)
Create rules that evaluate connected accounts rather than individual payments:
- Review account — flag the account for manual review
- Payout pause — raise a review AND pause automatic payouts
Rule attributes evaluate account-level signals: dispute rate, KYC status, geographic risk.
Monitoring rule performance
View metrics per rule in Dashboard → Radar → Rules:
- Blocked payments count and volume
- Estimated false positive rate
- Estimated fraudulent payments prevented (for block rules)
- Disputes from approved reviews (for review/allow rules)
Regularly review rules and remove any that no longer match payments or no longer improve outcomes.