What this audit checks
Authentication & configuration
- Basic credential valid (auth on GET /v2/configuration) - Merchant ID + Secret Key accepted
- Region host correct (global api.us.afterpay.com / anz api.afterpay.com) and environment matches (sandbox vs production)
- BNPL minimum/maximum order limits returned by /v2/configuration cover the merchant’s basket range
Approval & checkout health
- Success (approval + capture) rate below 90%
- Decline rate above 8% (and which decline reasons dominate)
- 3DS challenge abandonment above 30% (added friction / lost conversion)
- Approval-rate drop during a campaign push (paying for traffic Afterpay won’t approve)
Refunds, disputes & settlement
- Refund rate above 8% of captured volume, or a refund spike > 50% vs 7-day baseline
- Chargeback rate above 1% (Visa/Mastercard programme threshold)
- Dispute response overdue (respondBy passed with status OPEN / UNDER_REVIEW)
- Oldest pending payout aging above 5 days vs the typical 1-3 day schedule (cash-flow risk)
Cross-channel: payments-to-revenue (the killer area)
- Afterpay captured volume vs commerce-sibling Afterpay-paid order revenue mismatch > 2% (reconciliation gap; sibling = shopify / bigcommerce / adobe_commerce)
- Afterpay refund spike correlated with a commerce-sibling returns / cancellation spike (product / fulfilment issue, not a payments glitch)
- Declined-Afterpay shoppers re-attempting on a card gateway sibling (recoverable basket signal)
- Afterpay AOV-lift erosion vs commerce-sibling card AOV (BNPL value proposition weakening)
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
success_rate_pct | 95 | 90 |
decline_rate_pct | 5 | 8 |
threedsecure_abandon_pct | 15 | 30 |
refund_rate_pct | 3 | 8 |
chargeback_rate_pct | 0.5 | 0.9 |
dispute_rate_pct | 0.5 | 1 |
payout_age_days | 2 | 5 |
reconciliation_gap_pct | 1 | 2 |
Data sources
GET https://api.us.afterpay.com/v2/configuration- Auth probe + BNPL config / order limitsGET https://api.us.afterpay.com/v2/payments- Volume / approval / decline / 3DS / payment-method mixGET https://api.us.afterpay.com/v2/payments/{id}/refund- Refund value + reasons per payment (refund rate / volume)GET https://api.us.afterpay.com/v2/settlements- Payout status + age (pending payouts, settlement timing)GET https://api.us.afterpay.com/v2/disputes- Chargeback / dispute inventory + response deadlines