What this audit checks
Authentication & access
- Credential pair valid (authenticateTestRequest probe on /xml/v1/request.api)
- Environment matches intent (api.authorize.net in production, apitest.authorize.net in sandbox)
- Signature Key present so inbound webhook signatures can be verified (SHA-512)
- Transaction Reporting API enabled on the account (read scope for getTransactionListRequest)
Transaction health
- Success rate below 90% (or a -3pp drop vs prior week)
- Decline rate above 8% (and which responseReasonCode dominates)
- A card network authorising below 85% (network-specific breakage: Visa vs MC vs Amex)
- DO_NOT_HONOR (reason 2) concentrated on a single BIN range (issuer fraud-flag wave)
- 3DS challenge abandon rate above 30% (Cardinal UX friction / abandonment risk)
- FDS hold-rate above 2% (Fraud Detection Suite rules too tight, suppressing revenue)
Refunds & disputes
- Refund rate above 8% of revenue (or a +25% spike vs the trailing baseline)
- Chargeback rate above 0.9% (Visa Acquirer Monitoring Program / Mastercard ECM threshold)
- Dispute rate above 1% (active disputes share of settled)
- Active disputes approaching respondBy deadline with no evidence submitted
- Dispute win rate below 35% (weak evidence packs or response too slow)
Settlement timing
- Average settlement time above 5 days (cash-flow risk vs acquirer T+1/T+2 cards, T+3/T+5 ACH)
- Oldest pending payout above 5 days (capture stuck on chargeback hold / FDS reserve / acquirer issue)
- A settlement batch in settlementError state
- Pending balance growing while volume is flat (settlement is slowing)
Cross-channel: payments-to-revenue (the killer area)
- Decline spike correlated with a commerce-sibling checkout-funnel completion drop in the same window (real lost revenue, not buyer remorse)
- Authorize.Net captured volume vs commerce-sibling order revenue mismatch > 2% (reconciliation gap)
- Refund spike correlated with a commerce returns spike in the same window
- Failed-payment / declined shoppers opening support conversations (sibling support_helpdesk) - friction driving support load
- Decline-rate spike during a campaign push (paying for traffic that can’t pay)
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
success_rate | 92 | - |
decline_rate | 5 | 8 |
refund_rate | 5 | 8 |
chargeback_rate | 0.5 | 0.9 |
dispute_rate | 0.5 | 1.0 |
threedsecure_abandon_rate | 15 | 30 |
avg_settlement_days | 3 | 5 |
oldest_pending_payout_days | 3 | 5 |
Data sources
POST https://{api_host}/xml/v1/request.api- getTransactionListRequest - transactions by batch/date for success / decline / refund / payment-method / 3DSPOST report:getSettledBatchListRequest- Settled batch day totals - volume trend, settlement timing, batch successPOST report:getUnsettledTransactionListRequest- Captured-not-yet-settled (pending payouts) + chargeback-flagged rowsPOST report:getTransactionDetailsRequest- Single-transaction detail incl. reason codes, AVS/CVV, 3DS status