What this audit checks
Authentication & access
- Basic-auth credential valid (cheap GET on /payments/reports)
- Environment (try vs live) matches the merchant’s intended account
- Entity reference resolves and scopes reports + queries correctly
Authorisation & checkout health
- Success rate below 90%
- Decline rate above 8% (and which response codes dominate)
- 3DS abandonment rate above 30% (added friction / lost conversions)
- Soft-decline share recoverable via retry / dunning
Refunds, disputes & settlement
- Refund rate above 8% of volume
- Chargeback rate above 0.9% (approaching the 1% scheme threshold)
- Dispute rate above 1% (retrievals + chargebacks)
- Oldest pending payout older than 5 days (cash-flow risk)
- Average settlement time above 5 days
Cross-channel: payments-to-revenue (the killer area)
- Decline spike correlated with a commerce-sibling checkout-completion drop in the same window (declines causing real revenue loss)
- Worldpay processed volume vs commerce-sibling order revenue mismatch > 2% (reconciliation gap)
- Refund spike correlated with a commerce-sibling returns spike
- Decline-rate drop during a paid-campaign push (paying for traffic that can’t pay)
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
success_rate | 92 | - |
decline_rate | 5 | 8 |
threedsecure_abandon_rate | 15 | 30 |
refund_rate | 3 | 8 |
chargeback_rate | 0.5 | 0.9 |
dispute_rate | 0.5 | 1 |
payout_age_days | 2 | 5 |
Data sources
GET https://{api_host}/payments/reports- Transaction report - volume, outcome, decline reason, 3DS outcomePOST https://{api_host}/payments/queries- Payment query / search across timeframesGET https://{api_host}/refunds- Refund volume + valueGET https://{api_host}/disputes- Dispute / chargeback inventory + response deadlinesGET https://{api_host}/payouts- Settlement / payout timing