Fraud Prevention

Overview

Fraud prevention webhooks notify your application when a fraud detection rule is triggered. These events are fired when the system's activity monitoring detects suspicious behavior and a Notify action is configured for the matching rule.

ðŸ“˜ Premium Feature

Fraud Prevention is a premium add-on. Contact [email protected] to activate it for your account. Additional fees may apply.

Use Cases

Alert your security team when suspicious activity is detected
Log fraud events to an external SIEM or monitoring system
Trigger manual review workflows for flagged customers
Track fraud patterns across payment method creation events

Events

Event	Description
`fraud_prevention.triggered`	A fraud prevention rule was triggered

fraud_prevention.triggered

Triggered When

A fraud prevention rule with a Notify action is matched during activity monitoring (e.g., excessive payment method creation attempts).
The event is dispatched from the NotifyAction pipeline action after creating the fraud prevention record.

Payload

{
  "type": "fraud_prevention.triggered",
  "id": "evt_a1b2C3d4E5f6g7H8i9J0k1L2",
  "created": 1704067200,
  "data": {
    "object": {
      "object": "fraud_prevention",
      "id": 12345,
      "customer": {
        "object": "customer",
        "id": 67890,
        "balance": 0,
        "created": "2024-01-01T00:00:00.000000Z",
        "currency": "usd",
        "delinquent": false,
        "display_name": null,
        "email": "[email protected]",
        "email_confirm": true,
        "email_hardbounce": false,
        "first_name": "John",
        "has_password": 1,
        "language": "en",
        "last_login_method": "email",
        "last_name": "Doe",
        "mail_marketing": null,
        "metadata": null,
        "object_id": "cus_1a2B3c4D5e6F7g",
        "password_last_updated_at": null,
        "phone": "5551234567",
        "phone_confirm": null,
        "salutation": null,
        "tele_marketing": null,
        "title": null,
        "username": null
      },
      "site_id": 1,
      "source": {
        "object": "source",
        "id": 99999,
        "brand": "visa",
        "country": "US",
        "exp_month": 12,
        "exp_year": 2027,
        "last_four": "4242",
        "object_id": "pm_1a2B3c4D5e6F7g",
        "type": "card"
      }
    }
  }
}

ðŸš§ Minimal publishable fields

The fraud prevention object only exposes id and site_id from its own model. Sensitive fields like flow, event, action, data, and marked_safe are not included in the webhook payload. The nested customer and source objects provide the relevant context.

Payload Reference

Fraud Prevention Object Fields

Field	Type	Description
`object`	string	Always `"fraud_prevention"`
`id`	integer	Fraud prevention record ID
`customer`	object \| null	The customer associated with the fraud event (see Customer webhook fields)
`site_id`	integer	Site ID where the fraud event occurred
`source`	object \| null	The payment source involved, if applicable (see Payment Methods webhook fields). Present when a `source_id` exists in the fraud event data.