Stripe Risk Score Explained: How Stripe Evaluates Your Business

Quick Answer

Stripe applies risk and compliance controls when automated systems detect unusual payment behavior, verification gaps, or elevated dispute and fraud signals.

Stripe Radar and its internal risk scoring system are the primary engines behind automated account restrictions. Every transaction and account attribute contributes to a cumulative risk score that determines your "trust" level within the Stripe ecosystem.

Why This Happens

Stripe enforcement is usually triggered by internal risk signals such as: - Refund velocity changes - Chargeback ratio thresholds - Business model inconsistencies - Linked account detection - Compliance document mismatch

How the Risk Score is Calculated

Stripe uses machine learning models (Radar) that evaluate hundreds of signals in real-time. These signals fall into three main categories:

1. Transactional Signals (Runtime Data)

• Velocity: Sudden spikes in transaction frequency or total volume within short windows (e.g., 1 hour or 24 hours).
• Consistency: Transactions that deviate from your historical average ticket size or product categories.
• Source: High concentration of payments from high-risk regions or specific card types (e.g., anonymous prepaid cards or virtual cards).
• Network Attributes: The distance between the card issuing country, the IP address location, and the shipping address.

2. Behavioral Signals (Operational History)

• Refund Patterns: High refund rates, especially "pre-emptive" refunds initiated shortly after payment to avoid potential chargebacks. While proactive, extreme velocity here signals high-risk traffic sources.
• Dispute History: The frequency of initiated disputes, regardless of whether you win them. Stripe prioritizes the occurrence of customer dissatisfaction over the outcome of the dispute.
• Customer Lifetime Value (LTV): Accounts with many first-time buyers and few returning customers are often scored higher for risk than established subscription models.

3. Structural Signals (Identity & Infrastructure)

• Identity Integrity: Consistency between legal entity names, bank account holders, and website ownership. Use of "Nominee" directors often triggers structural risk flags.
• Digital Footprint: IP addresses, device IDs, browser fingerprints, and email domain reputation used to manage the dashboard. Accessing the dashboard via common VPNs or high-risk proxies can degrade your score.
• Business Model Risk: Proximity to high-risk industries (e.g., crypto, gambling, adult, or multi-level marketing) based on your website's content and keywords.

The "Radar" Machine Learning Ecosystem

Stripe Radar doesn't just score you; it learns from millions of merchants. - Collective Intelligence: If a cardholder has a high fraud probability on a Shopify store, their attempt to purchase on your site will automatically carry a higher risk score. - Device Fingerprinting: Radar uses advanced fingerprinting to detect if the same device is attempting multiple transactions across different accounts, identifying "Card Testing" attacks. - Metadata Context: Passing additional metadata like order_id, customer_email, and shipping_address allows the model to find patterns that simple transaction data misses. Accounts that fail to pass rich metadata often receive higher default risk scores.

Risk Levels & Enforcement Action

• 0 - 10 (Safe): Standard processing with minimal manual review. Lowest fees and fastest payout cycles (T+2 in many regions).
• 11 - 60 (Elevated): Increased likelihood of Radar blocking transactions. Payouts may be moved to a longer cycle (e.g., T+7) to provide a "Risk Buffer."
• 61 - 90 (High Risk): Triggers an active "Review" state. Stripe may request additional KYC, proof of inventory, or business model evidence. Rolling reserves (e.g., 25% held for 90 days) are common at this level.
• 91 - 100 (Terminal): High probability of immediate account restriction. Ability to process new charges is often disabled while the "Risk & Compliance" team prepares a termination or offboarding notice.

Strategy to Improve Your Risk Score

If you have been flagged for high risk, follow these steps to stabilize your score: 1. Reduce Friction: Proactively refund any suspicious transactions before they become chargebacks. Use the "Refund as Fraud" option in the dashboard to help train the Radar model. 2. Enable Dynamic 3D Secure: Force 3DS authentication for transactions that Radar flags as "Elevated Risk." This shifts the liability for fraud disputes back to the card issuer. 3. Verify Identity & KYB: Ensure all "Eventually Due" requirements in your Stripe Dashboard are completed with high-resolution, government-issued documents. Mismatched addresses are a common "hidden" score killer. 4. Optimize Descriptors: Ensure your billing descriptor is recognizable. "MYCOMPANY-HELP-URL" is better than just "MYCOMPANY" for reducing "Unrecognized Charge" disputes. 5. Slow Down Scaling: If you are launching a new high-volume marketing campaign, notify Stripe support in advance or scale volume gradually over 14–30 days to avoid velocity triggers.

Related Checks

Use these pages to determine whether the issue is still a signal-level problem or has already become a visible enforcement state:

• Stripe hub
• Stripe risk score triggered
• Stripe risk review guide
• Stripe chargeback threshold guide
• Stripe account under review
• Stripe account terminated

FAQ

1. Can I see my actual numerical risk score?

No. Stripe does not expose the raw internal score to merchants. You can only see the "Risk Level" (Normal, Elevated, High) for individual transactions in Radar.

2. Does a high risk score mean I'm a fraudster?

Not necessarily. It means your business profile matches patterns often associated with fraud or financial instability.

3. How quickly can a risk score be "fixed"?

Scores are calculated over rolling windows (30/60/90 days). Meaningful improvements usually take at least one full billing cycle of "clean" processing.

What to Check Next

• Check Stripe risk score triggered if Stripe surfaced a concrete risk signal or blocked a payment.
• Check Stripe chargeback threshold guide if elevated risk appears alongside rising disputes.
• Check Stripe account under review if capabilities or requirements changed at the account level.
• Check Stripe account terminated if the issue has already crossed into a terminal state.

---

Structured Summary

Stripe enforcement decisions typically fall into three categories: 1. Reversible review states: Often caused by sudden behavioral shifts. 2. Conditional reinstatement cases: Requires proof of improved risk controls. 3. Irreversible policy terminations: Reserved for confirmed fraud or extreme risk.

Correct classification determines recovery probability. Before submitting appeals or operational changes, ensure you understand which category applies.

---

Back to: Stripe Risk Hub