Fraud Prevention
Supercharge Your Stripe Radar with ATO Risk Signals
Ready to get more out of your fraud solution? Track your login events in Sumatra and start sending powerful Account-Takeover risk signals to Stripe at purchase time. Try for free
Fraud Prevention
Supercharge Your Stripe Radar with ATO Risk Signals
Ready to get more out of your fraud solution? Track your login events in Sumatra and start sending powerful Account-Takeover risk signals to Stripe at purchase time. Try for free
Fraud Prevention
Supercharge Your Stripe Radar with ATO Risk Signals
Ready to get more out of your fraud solution? Track your login events in Sumatra and start sending powerful Account-Takeover risk signals to Stripe at purchase time. Try for free
Problem
Radar can't see logins
Stripe Radar is great at identifying payment risk, but it lacks the risk signals to identify account takeover, because it can't see login behavior.
Solution
Add signals from Sumatra
Send logins to Sumatra, compute powerful ATO signals, and pass those signals to Stripe to add risk at purchase time.
Result
Able to write better rules
Fraud team can start writing better rules in minutes, stopping attackers from getting their goods out the door.
Problem
Radar can't see logins
Stripe Radar is great at identifying payment risk, but it lacks the risk signals to identify account takeover, because it can't see login behavior.
Solution
Add signals from Sumatra
Send logins to Sumatra, compute powerful ATO signals, and pass those signals to Stripe to add risk at purchase time.
Result
Able to write better rules
Fraud team can start writing better rules in minutes, stopping attackers from getting their goods out the door.
Problem
Radar can't see logins
Stripe Radar is great at identifying payment risk, but it lacks the risk signals to identify account takeover, because it can't see login behavior.
Solution
Add signals from Sumatra
Send logins to Sumatra, compute powerful ATO signals, and pass those signals to Stripe to add risk at purchase time.
Result
Able to write better rules
Fraud team can start writing better rules in minutes, stopping attackers from getting their goods out the door.
To stop Account Takeover, you need the full picture
To stop Account Takeover, you need the full picture
Implementing this recipe with Sumatra is as easy as pasting a few lines of code into the Sumatra Editor and adding a couple of API calls to your back end.
Implementing this recipe with Sumatra is as easy as pasting a few lines of code into the Sumatra Editor and adding a couple of API calls to your back end.
1. Send Login Events to Sumatra
1. Send Login Events to Sumatra
On every login attempt, call the Sumatra SDK from your back end (Node or Python) to pass attributes asynchronously to Sumatra:
On every login attempt, call the Sumatra SDK from your back end (Node or Python) to pass attributes asynchronously to Sumatra:
# server.py
import sumatra
sumatra.api_key = "7c096c2f-4023-4696-814e-a4c371517e8e"
sumatra.track("login", {
"user_id": "user@example.com",
"ip": "205.12.234.7",
"successful": True
})2. Copy-Paste Proven ATO Signals
2. Copy-Paste Proven ATO Signals
The following feature code, written in Scowl, identifies risky login activity and makes those signals available at purchase time:
The following feature code, written in Scowl, identifies risky login activity and makes those signals available at purchase time:
event login
failed_users_by_ip_15m := CountUnique(
user_id
by ip
where not successful
last 15 minutes)
event purchase
-- brute-force attack signal
failed_logins_by_user_5d := Count<login>(
by user_id
where not successful
last 5 days)
-- credential-stuffing attack signal
failed_users_by_login_ip_5d := Max<login>(
failed_users_by_ip_15m
by user_id
where successful -- attacker eventually succeeded
last 5 days)
to_stripe = {failed_logins_by_user_5d, failed_users_by_login_ip_5d}When you paste this snippet into the Sumatra Editor and click "Apply", you deploy a scalable, serverless feature service with stateful risk signals, in just a few seconds.
When you paste this snippet into the Sumatra Editor and click "Apply", you deploy a scalable, serverless feature service with stateful risk signals, in just a few seconds.
3. Fetch and Pass Signals to Stripe
3. Fetch and Pass Signals to Stripe
Call Sumatra's enrich function to fetch the features you configured and pass these signals along to Stripe as metadata:
Call Sumatra's enrich function to fetch the features you configured and pass these signals along to Stripe as metadata:
# server.py
features = sumatra.enrich("purchase", {
"user_id": "user@example.com"
})
stripe.Charge.create(
amount=2000,
currency="usd",
source="tok_amex",
# add Sumatra features to metadata
metadata=dict(order_id="12345", **features["to_stripe"]),
)That's it!
That's it!
With the integration complete, you can continue to add more and more Sumatra features without touching your backend code again.
As soon as the first purchase with new metadata is processed, you can start writing rules on the new signals!
With the integration complete, you can continue to add more and more Sumatra features without touching your backend code again.
As soon as the first purchase with new metadata is processed, you can start writing rules on the new signals!
To check out another recipe for reducing fraud and abuse with Sumatra, see: Prevent Fake Account Creation with Smart Rate Limiting.
To check out another recipe for reducing fraud and abuse with Sumatra, see: Prevent Fake Account Creation with Smart Rate Limiting.
Get started
Get AI without the gimmicks
Get started
Get AI without the gimmicks
Get started