Skip to main content

Manage Transactions Marked as High Fraud Risk by Stripe

Use this guide to understand why Stripe may block transactions as fraudulent and how to reduce the risk of card-testing attacks on your online donation pages.

Cristina Gruita avatar
Written by Cristina Gruita
Updated over a month ago

You may see blocked transactions in your Stripe dashboard flagged as high fraud risk. This typically indicates card-testing activity, where fraudsters use stolen card details to attempt small-value payments (usually under £20) to check if cards are still active. Stripe blocks most of these attempts, but some may succeed. When they do, the constituent and transaction are added to Donorfy.

⚠️ Important: Take prompt action if you notice a sudden increase in low-value blocked transactions, as this may indicate a coordinated attack.

Reduce Fraud Risk When Using Web Widgets

If fraud attempts occur on a widget-based donation page, you can reduce risk by generating a new WidgetId.

Change Your WidgetId

  1. Go to Online Donations, then open your existing widget and create a new version.

  2. Configure the new widget using the same settings as your current one.

  3. View the generated HTML and scroll to the bottom to locate the WidgetId field.

  4. Copy the new WidgetId.

  5. Edit your website’s donation page HTML, locate the old WidgetId, and replace it with the new value.

  6. Return to Online Donations and delete the original widget from the list.

📌 Note: The WidgetId field appears similar to:
<input type="hidden" id="WidgetId" value="b1234fb5-111e-1f11-b333-ff00002220b4" />

Reduce Fraud Risk on Campaign Donation Pages

Donorfy has introduced improvements to help block fraudulent activity on Campaign Donation Pages.

Reset a Campaign Donation Page

  1. Contact Donorfy Support and request a page reset.

  2. Once reset, monitor Stripe for reduced fraudulent activity.

Reduce Fraud Risk on Donorfy Forms

Donorfy Forms include enhanced controls to detect and block high-risk traffic. Blocked IP addresses appear in Forms, then Security.

Create and Replace a Form

If fraudulent attempts continue:

  1. Create a copy of the affected form.

  2. Update the form URL suffix so it is unique.

  3. Replace the form embedded on your website with the new version.

  4. Open the original form in Donorfy and set it to Inactive to prevent it from displaying online.

  5. If the issue persists, delete the original form.

Enhance Stripe Fraud Controls Using Radar

Stripe Radar offers optional rules that can strengthen your fraud-prevention setup.

Check Standard Radar Rules

  1. Log in to your Stripe Dashboard.

  2. Navigate to Radar, then Rules.

  3. Ensure that standard verification rules for CVC and ZIP/postcode checks are enabled.

Block Transactions with Missing CVC Codes

  1. In Radar, go to Rules.

  2. Add a new rule that blocks any transaction where CVC is not provided.

  3. Save the rule to activate the block.

📌 Note:

  • To add custom Radar rules, Stripe Support must enable the feature.

  • Additional Stripe fees may apply. Check Stripe pricing for up-to-date costs.

Related Articles
Creating a Stripe Payment Card Donations Web Widget
Strong Customer Authentication (SCA): Update and Ways to Reduce Declined Transactions
Protect Your Donation Pages from Card Testing Fraud
Use reCAPTCHA with Stripe Web Widgets
Increase in Card Testing - Online Fraud
Did this answer your question?