What this audit checks
Authentication & access
- Credential pair (merchant_id + public_key + private_key) valid against the GraphQL endpoint
- Environment (sandbox vs production) matches the merchant’s live account
- Currency / merchant-account coverage matches the merchant’s selling markets
Transaction health
- Success rate below 90% (authorise + settle share)
- Decline rate above 8% (processor-declined + gateway-rejected share)
- Top decline-reason mix shifting (new dominant processorResponseCode)
- 3DS abandonment rate above 30% (challenge friction)
Refunds, disputes & settlement
- Refund rate above 5% of processed volume
- Chargeback rate above 0.9% (approaching the card-scheme cap)
- Dispute reply-by dates approaching with no evidence submitted
- Average settlement time above 5 days (cash-flow risk)
- Oldest pending payout batch older than 5 days
Cross-channel: payments-to-revenue (the killer area)
- Decline spike correlated with a commerce-sibling checkout-funnel drop in the same window (sibling = shopify / bigcommerce / adobe_commerce)
- Soft-decline value recoverable via retry / dunning (recoverable revenue estimate)
- Dispute reason product_not_received correlated with a commerce-sibling fulfilment delay
- Refund spike correlated with a commerce-sibling returns spike
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
success_rate | 92 | - |
decline_rate | 8 | 12 |
chargeback_rate | 0.9 | 1 |
refund_rate | 5 | 8 |
avg_settlement_days | 3 | 5 |
threedsecure_abandon_rate | 25 | 30 |
Data sources
POST https://{api_host}/graphql- Transaction + dispute search, refund/charge detail (GraphQL)POST https://{api_host}/merchants/{merchant_id}/transactions/advanced_search- Transaction search - volume, status, decline reasons, 3DSPOST https://{api_host}/merchants/{merchant_id}/disputes/advanced_search- Dispute / chargeback search - rate, reason mix, reply-byPOST https://{api_host}/merchants/{merchant_id}/settlement_batch_summary- Settlement timing - settled amount/count per day