What this audit checks
Authentication & access
- Secret key is live-mode (not test) for production integrations
- Restricted-key scopes cover charges, refunds, disputes, payouts, balance, radar, subscriptions
- Webhook signing secret present and signature validation enabled
- Stripe-Account ID detected; Connect platform vs standard correctly classified
Transaction health
- Authorisation success rate above 92% baseline
- Decline reason mix - no single soft-decline reason > 25% of declines
- Smart-Retry / Adaptive Acceptance is enabled and recovering > 25% of soft declines
- Top declining issuers (BIN-level) identified for recovery playbook
3DS & Radar fraud controls
- 3DS challenge abandon rate < 25% (otherwise consider Smart 3DS routing)
- Radar
highestrisk-score share < 5% of charges in the last 7 days - Radar block-rate not surging > 50% vsP (sudden tightening of rules can mask outage)
- Early Fraud Warnings being refunded proactively (not converting to disputes)
Revenue & sales volume
- Total charge volume and transaction count trending within expected band vs prior period
- Average transaction value stable (no silent drop signalling mix shift or test traffic)
- Net revenue after refunds + Stripe fees reconciles against gross charge volume
Disputes & chargebacks
- Dispute rate below 0.9% (90% of Visa 1% cap) on a 90-day window
- Avg dispute response time < 5 days
- Dispute win rate at or above 35% industry baseline
- Top dispute reason codes (fraudulent / product_not_received) flagged for prevention
Settlement & payouts
- Avg settlement time within Stripe’s expected schedule for the merchant’s country
- No payout pending > 5 days
- Payout success rate ≥ 99%
- For Connect platforms: application fees reconcile against expected platform commission
Subscription & recurring health
- Recurring charge failure rate below 12%
- Involuntary churn (failed payments) < 3% of MRR
- Dunning recovery rate ≥ 25%
- Stored-token expiring < 30d share < 5% of subscriber base
Compliance & tax
- Stripe Tax registration coverage - no country with > $10k revenue and no active registration
- EU VAT / UK VAT / US sales-tax thresholds tracked when Stripe Tax enabled
Cross-channel: revenue protection
- Decline-driven checkout-funnel drop (sibling = shopify/bigcommerce/adobe.checkout_step_completion_rate falling concurrent with stripe.decline_rate spike)
- Dispute-to-fulfilment correlation (sibling = shipbob/commerce.shipment_delayed_orders converting to product_not_received disputes)
- Recoverable revenue forecast (soft-decline value × sibling.avg_repurchase_rate × Smart-Retry success rate)
- Chargeback forecast (EFW count × historical EFW→chargeback rate × avg dispute amount)
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
decline_rate | 6 | 8 |
authorization_rate | 92 | - |
dispute_rate | 0.9 | 1.0 |
payout_age_days | 3 | 5 |
threedsecure_abandon_rate | 25 | 40 |
radar_highest_risk_share | 3 | 5 |
recurring_failure_rate | 8 | 12 |
involuntary_churn_pct_of_mrr | 2 | 3 |
Data sources
GET https://api.stripe.com/v1/account- Account capabilities, Connect classification, charges/payouts enabledGET https://api.stripe.com/v1/balance- Live pending vs available balanceGET https://api.stripe.com/v1/charges- Charge history, outcomes, risk_level, card metadataGET https://api.stripe.com/v1/disputes- Open + closed disputes with reason codes + evidence_due_byGET https://api.stripe.com/v1/payouts- Payout schedule, status, failuresGET https://api.stripe.com/v1/subscriptions- Active / past_due / canceled subscriptions for MRR + churnGET https://api.stripe.com/v1/reviews- Manual + rule-triggered Stripe Radar reviewsGET https://api.stripe.com/v1/radar/early_fraud_warnings- Network EFW signals - leading indicator of dispute riskGET https://api.stripe.com/v1/tax/registrations- Stripe Tax registration coverage