I'm the OP of the Twitter thread – I've had the exact same experience: unrealistically low risk scores for most fraudulent transactions. There were plenty of red flags for each of them (400+ cards and 40+ names under one single IP, most payments got already flagged for credit card testing fraud early on before succeeding after many tries...) Even dumb heuristics would have blocked 90% of the fraudulent payments. I appreciate Stripe is fixing this quickly after making it public and refunding fees, but something is definitely wrong with their risk calculation algorithm.
No comments yet.