Dev Team Portal

Appearance

Payment Card Security Checks

Stripe Radar

  • all payments on our US Stripe account are now subject to 3D Secure. Most should pass as a frictionless authentication while still providing us with liability shift. However, we may now see a higher number of 3D Secure challenges occurring, and a proportionately higher number of transactions being abandoned at the payment stage as a result of customers being unable to complete the challenge.
  • payments on our US Stripe account are blocked if:
    • payment by the same card is attempted more than 5x in a day
    • Stripe Radar deems the payment to have the highest risk
    • the payment matches Stripe's default block lists
    • an anonymous IP and disposable email is being used
    • a disposable email is being used and the transaction amount > 100 USD
    • an anonymous IP is being used and the transaction amount > 500 USD
    • CVC verification fails
  • payments on our UK + EU Stripe accounts are subject to 3D Secure if:
    • it is a new event organiser account, less than 7 days old
    • the event organiser account is flagged to waive any chargebacks against the event organiser
    • the event organiser account is flagged as suspicious
    • the transaction amount > 150 GBP/EUR (reduced from 200 GBP/EUR)
    • an anonymous IP is being used and the transaction amount > 50 GBP/EUR
    • Stripe Radar deems the payment to have an elevated risk
    • Stripe Radar detects the use of a disposable email
    • payment by the same card is attempted more than 2x in an hour
    • payment using the same email is attempted more than 5x in an hour
  • payments on our UK + EU Stripe accounts are blocked if:
    • payment by the same card is attempted more than 10x in a day
    • Stripe Radar deems the payment to have the highest risk
    • the payment matches Stripe's default block lists
    • an anonymous IP and disposable email is being used
    • a disposable email is being used and the transaction amount > 100 GBP/EUR
    • CVC verification fails

TicketSource processes

  • during booking, a transaction totalling more than 100 USD or 150 GBP/EUR for an "online" event will trigger a Slack alert for review, create a file note and mark an account as suspicious
  • during booking, a customer who has made more than 10 bookings for a single performance will trigger a Slack alert for review, create a file note and mark an account as suspicious
  • as a reminder, we have the capability to add known suspicious customer emails to a watchlist during the booking process
  • when adding or modifying bank details in the dashboard, a check will be undertaken for any current short-dated events on the account (i.e. events that have a performance date which is less than 7 days from the point of event creation), which will trigger a Slack alert for review, create a file note and mark an account as suspicious
  • when activating an event in the event designer, a check will be undertaken to determine if it is a short-dated event and whether the account has any bank details that have been added or modified in the past 3 days, which will trigger a Slack alert for review, create a file note and mark an account as suspicious
  • when settling an event, a check will be performed to determine if it is a short-dated event and whether the pay out details associated with the event have been added/modified since it was created (or up to 3 days prior to creation), which will trigger the creation of a file note and mark an account as suspicious
  • finance: the event settlement summary email will visually flag (warning symbol) any events connected to an account that is marked as suspicious

Checks and thresholds are subject to review and might be adjusted (i.e. if they're creating too much "noise" or too many false positives)