software

How I discovered 16.7% of my Stripe revenue was bypassing fraud checks (and built a fix)

Published: (December 28, 2025 at 05:21 AM EST)
2 min read
Source: Dev.to

Source: Dev.to

Background

Last week a friend’s SaaS business (about $50 k ARR) was suddenly banned by Stripe due to a card‑testing attack.
Stripe Radar was already enabled, so we assumed we were safe.

The Issue

While digging into the transaction logs I discovered a default‑configuration “blind spot” that likely affects many Indie Hackers.

Fraudulent payload pattern

All of the fraudulent transactions shared this JSON structure:

{
  "billing_details": {
    "address": {
      "city": null,
      "country": null,
      "line1": null
    }
  },
  "payment_method_details": {
    "card": {
      "checks": {
        "address_line1_check": null,
        "address_postal_code_check": null
      }
    }
  }
}
  • No address collected – When using Stripe’s default Checkout (especially with Apple Pay or Link), the billing address is often omitted to maximize conversion rates.
  • No AVS – Without a billing address Stripe cannot run an Address Verification Service (AVS) check.
  • Radar blindness – Most default Radar rules rely on location mismatches (e.g., “IP address doesn’t match billing address”). If there is no billing address, those rules are skipped.

I call these “Ghost Transactions.” They are invisible to your primary defense layer.

Impact

Running a quick audit on my own Stripe history revealed that 16.7 % of my transactions were Ghost Transactions. In other words, a quarter of my revenue was flying blind. If a card tester targeted me, Radar wouldn’t stop them until disputes started rolling in.

Auditing Options

Option 1 – Manual Check

  1. Open the Stripe Dashboard → Payments.
  2. Hover over the card details.
  3. If you see “No address provided” and the AVS checks show “Unavailable” or “Unchecked,” you are exposed.

Option 2 – Automated Audit Tool

I didn’t want to perform the manual check every week, so I built a terminal‑style tool that scans for this vulnerability automatically.

GhostAudit

  • Audit – Scans your last 100 transactions via a restricted read‑only key.
  • Visualize – Shows your exact “Ghost Rate” (risk exposure).

👉 Check your risk exposure here:
First 100 scans are free. Don’t wait for the ban hammer to verify your settings.

Back to Blog

Related posts

Read more »