How to Block and Blacklist Fraudulent Customers on Stripe

The thing about fraudulent transactions is they occur through several attack vectors. For example, a scammer might test a stolen credit card with a small purchase before attempting more significant transactions. In another scenario, a legitimate customer could dispute a valid transaction to obtain an unmerited refund. There are also instances where fraudsters fabricate issues to secure refunds without returning goods or request refunds to other payment methods after making purchases with stolen cards.

Payment providers like Stripe treat fraud cases seriously. Merchants unable to control fraudulent activity risk losing their Stripe accounts. Thus, if you're dealing with fraudulent customers on Stripe, you can block and blacklist them. That’ll help you protect your business and maintain compliance.

Here's how to block and blacklist fraudulent customers on Stripe.

Use Stripe’s Anti-Fraud Tools

Stripe reported last month that card testing (also called carding) is “one of the most significant fraud threats to Stripe, its users, and the broader financial ecosystem.” The report also said that card testing is “one of the most challenging to detect and block, both because it blends in easily with legitimate traffic and because bad actors are constantly changing their tactics."

If you’re dealing with carding, don’t despair. The following tools can help you block and blacklist fraudulent customers on Stripe and prevent carding with ease.

1. Switch to Stripe Checkout

Using Stripe checkout, a prebuilt and secure payment flow from Stripe, disrupts card testing activities in your store. Stripe checkout has built-in measures (like rate reviews and CAPTCHA triggers) to block bot-driven attacks. It also has improved customer authentication systems like 3DS. Declined suspicious payments will be marked as “Blocked by Stripe.”

To switch to Stripe checkout, you can either create a Checkout Session and redirect customers to a Stripe-hosted payment page or embed a checkout form directly into your website. Watch this video to learn how to set up your Stripe checkout page:

Assuming you’re already using Stripe checkout and still face fraudulent transactions like carding. In that case this next step might help.

2. Turn on Stripe Radar

Radar is a proprietary anti-fraud system from Stripe. It leverages machine learning and big data to help merchants block fraudulent customers. Stripe's machine learning algorithms assess high-risk transactions, while standard card reviews verify CVC or Postal Code details.

Here's how to turn on Stripe Radar:

1. Go to your Stripe Dashboard.
2. Navigate to the "Radar Settings" tab.
3. Allow Block Rules for scenarios like:

• CVC mismatch
• Postal address mismatch
• Risk level
• Value matching

When card information is stolen, the CVC and postal address are often not included, making it quite tricky for bad actors to charge cards successfully, if you enable items #1 and #2 above.

Stripe Radar assigns each charge a risk score from 0 (lowest) to 99 (highest). They block payments with a score of 75 or higher automatically. You can adjust this rule from the Radar Risk Controls page. Lowering the threshold blocks more payments.

For instance, applying the manual review threshold of 65 means transactions with fraud scores of 65 and above will be flagged for review.

Stripe will show you metrics like estimated fraud volume blocked, good payments blocked, and fraud rate when adjusting your threshold.

If fraud rates are high, lowering the threshold can help you block and blacklist fraudulent customers on Stripe more effectively. Increasing it allows more payments, though, which could mean letting some fraud slide in.

Stripe reported earlier this week that although global fraud rates have risen by 11%, successful card testing attacks on the platform have dropped by 80%, as Stripe Radar combines manual data input, monitoring, and machine learning models to stop fraud.

Block and Blacklist Fraudulent Customers on Stripe Manually

You can block specific customers from transacting with your business, much like blacklisting an email to keep it out of your inbox. This involves including the perp's specific payment details, such as card numbers, email addresses, or IP addresses, to your blocklist to prevent future transactions.

Here's how to blacklist fraudulent customers on Stripe manually:

Step 1: Track the fraudulent transaction

• Log in to your Stripe Dashboard.
• Navigate to the Payments section and locate the charge you believe is fraudulent.
• Review the order details, including the buyer's email, card information, and IP address, to confirm suspicious activity.

Step 2: Refund the fraudulent transaction

• Click on the charge you wish to refund.
• Select Refund and choose Fraudulent as the reason.
• Stripe will then add the card and accompanying email address to your blacklist.

Step 3: Create custom rules

Apart from Stripe automatically adding customers you refunded as fraudulent to your blocklist, you can equally manually add customers to the blacklist. This gives you control over specific fraud risks. Here's how to manually add fraudulent customers to a blacklist:

• Go to Radar > Rules in your Stripe Dashboard
• Create a custom rule to block specific customer attributes, such as:

1. Email address: block: email = "fraudulent@user.com”
2. Customer number: block: card_fingerprint = "unique_card_fingerprint"
3. IP address: block: ip_address = "123.456.789.0"

You can create custom rules on Radar to:

• Restrict the number of cards that can be linked to an account.
• Cap the number of customers that can be created from a single IP address.
• Set limits on the number of purchases allowed for the same product.
• Restrict the creation of multiple customers of the same type.
• Exclude requests based on specific user agents or other parameters.

Below are commonly used Radar rules for various goals.

Explore this guide for various Radar rule aspects, including over 100 rule options, best practices for backtesting, rules creation, and more details.

Roll Your API Keys

The next option to block and blacklist fraudulent customers on Stripe is to roll your API keys. Rolling or refreshing your API key generates a new key for your Stripe account, which helps protect your system from unauthorized access when your previous key was compromised.

Refreshing your API credentials alone may not directly prevent fraudulent transactions. However, it's a crucial component of the security strategies mentioned above, particularly when fraud cases continue. To roll your Stripe API key:

1. Navigate to the API keys page.
2. In the row for the key you want to roll, click the overflow menu, then select Roll key…
3. Choose an expiry date from the Expiry dropdown.
4. Click “Roll API key.”
5. The window displays the new key value. Copy it by clicking it.
6. Save the key value. You can’t retrieve it later.
7. In the Add a note field, enter the location where you saved the key and click Done or Save.

Another best practice to block and blacklist fraudulent customers on Stripe is to add networking rate limits. For this, you must customize rate limits to target specific types of card testing you're encountering. For example, if fraudsters are using your integration to validate cards by attaching them to new accounts, an effective measure could be to limit the number of new customers created from a single IP address within 24 hours.

The question then is, what if you’re experiencing a spike in chargeback fraud also, how do you deal with such cases? Here’s how:

Automate Your Chargebacks

Chargeback fraud cases are rising, even on Stripe. Chargeback fraud is one prominent financial loss driver for eCommerce retailers. Last year our research found that up to 80% of all chargebacks are fraudulent. The trend appears to be quite similar this year. That’s why chargeback automation has become increasingly vital for online businesses.

Automating chargebacks streamlines the process, saves dispute mediation time, and reduces human error. It ensures quicker, more consistent responses; improving accuracy. You won't ever run out of time to respond.

Stripe acknowledges that fact and has selected Chargeflow as one of the top apps in its marketplace. Stripe prominently showcases Chargeflow…they even published a case study on Chargeflow’s exceptional success.

How to automate chargebacks to block chargeback fraud attempts in three steps:

1. Install the Chargeflow App from the Stripe Marketplace.
2. Once you’ve established a connection, Chargeflow will begin analyzing and automating your chargeback processes.
3. Voila! After the custom AI agents have successfully analyzed and synced your data, Chargeflow will immediately begin to thwart fraudulent chargeback attempts with automated dispute prevention and recovery.

Block and Blacklist Fraudulent Customers on Stripe

If fraudsters are using card testing and chargebacks to steal from your business, you can block and blacklist them. Failing to do that could lead to disputes, higher decline rates, excessive fees, and infrastructure strain. It damages your reputation with card issuers, disrupts legitimate activity, and distorts business data. It harms ecosystem health. That is why Stripe and its partners take these cases seriously to mitigate the impacts. Prolonged fraud triggers monitoring programs and even merchant business closures.

Leverage Stripe's built-in anti-fraud tools to reduce risk, manually block and blacklist fraudulent customers on Stripe, roll your API keys if compromised, and automate chargeback management for seamless, hands-free case handling. Contact our sales team if you need further assistance.

RECOMMENDED READING:

• How to Block and Blacklist Fraudulent Customers on Shopify
• Stripe vs Shopify Payments: Deep Dive Comparison for eCommerce Business
• Stripe vs Adyen: The Most Reliable Comparison You'll See Online
• Chargeflow’s Top 6 Stripe Apps of 2025
• Best Shopify Payments Alternatives
• Verified Stripe Statistics