Monitoring for Fraud
You've set up your fraud protections. Now you need to know what to watch and when to worry. Fraud monitoring doesn't need to be a full-time job. A weekly check takes 10 minutes and catches problems before they become crises.
- Check your chargeback ratio weekly. The one number that matters most
- Watch for pattern changes, like sudden spikes in orders, declines, or chargebacks
- Know your escalation triggers: the numbers that mean "act now"
- Don't over-monitor. Weekly is enough for most small businesses
On this page
The One Number That Matters: Your Chargeback Ratio
Your chargeback ratio is the percentage of transactions that become disputes. Card networks use this number to decide whether to fine you or shut you down.
How to calculate it:
Chargeback ratio = Chargebacks this month ÷ Transactions this month × 100
Example: 5 chargebacks out of 1,000 transactions = 0.5%
The thresholds to know:
| Ratio | Status | What Happens |
|---|---|---|
| Below 0.5% | Healthy | Nothing. Keep doing what you're doing. |
| 0.5% - 0.9% | Watch carefully | You're getting close to processor-enforced thresholds. Review your recent chargebacks. |
| 0.9% - 1.5% | Danger zone | Your processor will likely flag you. Acquirers often act well below network thresholds. See Network programs. Take action now. |
| Above 1.5% | Crisis | Visa VAMP merchant excessive threshold (currently 2.2%, tightening to 1.5% April 2026). Mastercard ECM triggers at 1.5% + 100 chargebacks. Fees and account freezes likely. See the 0.9% Panic Guide. |
- Stripe: Dashboard > Radar > Overview (dispute rate shown at top)
- Square: Dashboard > Balance > Disputes (calculate manually: disputes / transactions)
- Shopify Payments: Settings > Payments > View payouts > Disputes tab
- PayPal: Resolution Center > Open cases
If your processor doesn't show the ratio directly, divide your dispute count by your transaction count for the month. Confirm they're using count-based calculation - that's what Visa and Mastercard use.
Your Weekly 10-Minute Check
Every Monday (or whatever day works), spend 10 minutes on these:
1. Check your chargeback ratio (2 minutes)
- Log into your processor dashboard
- Look at chargebacks received this month vs. transaction count
- If the ratio is above 0.5%, dig into the individual disputes
2. Scan for unusual patterns (3 minutes)
- Any spike in decline rates? (Could mean card testing)
- Any orders from new locations or new customer segments?
- Any repeat disputes from the same customer?
3. Review new chargebacks (5 minutes)
- Read the reason code for each new chargeback
- Is it fraud, "not received," or "not recognized"?
- If "not recognized," check if your billing descriptor is the problem
Patterns That Mean "Act Now"
These signals mean something has changed and you need to investigate immediately:
| Signal | What It Might Mean | First Action |
|---|---|---|
| Decline rate jumps 5%+ in a day | Card testing attack | Check velocity rules, look for burst patterns from single IPs |
| 3+ chargebacks from same reason code in a week | Systemic problem | Fix the root cause (descriptor, shipping, product description) |
| New orders to unfamiliar region spike | Fraud ring testing your site | Review orders manually, tighten geographic rules if needed |
| Customer complaints about unrecognized charges | Billing descriptor issue | Fix your descriptor immediately |
| Processor sends you an email about chargebacks | You're on their radar | Reply immediately with your remediation plan |
If your processor sends you an email about chargebacks, elevated risk, or account review, reply within 24 hours even if you don't have a complete answer. Silence makes processors nervous. A response like "We've seen this and are investigating. Here's what we've done so far" buys you time and goodwill.
What to Do When You Catch Something
If it's a card testing attack (burst of small transactions, high decline rate):
- Check your velocity rules. Are they active?
- Block the offending IP addresses or devices
- Add CAPTCHA to your checkout if you don't have one
- The attack usually stops within hours
If it's a friendly fraud spike (real customers disputing real orders):
- Check your billing descriptor. Is it recognizable?
- Review your confirmation emails. Do they clearly explain the charge?
- Make your refund process easier to find
- Consider adding pre-dispute alerts (Verifi/Ethoca) if volume justifies the cost
If it's a stolen card pattern (orders to unusual addresses, high-value items):
- Enable manual review for orders matching the pattern
- Consider adding 3D Secure for the risky segment
- Contact your processor if the pattern is aggressive
When to Get Professional Help
Most small businesses can handle fraud monitoring themselves. But consider getting help if:
- Your chargeback ratio is above 0.65% and you can't bring it down
- You're seeing organized fraud (same device, multiple cards, coordinated timing)
- Your processor has sent you a formal warning letter
- You need to implement 3D Secure or advanced rules and aren't sure how
Where to get help:
- Your processor's risk team (free, and they want to help you stay below thresholds)
- A payments consultant (for strategy, not tool sales)
- Chargeback alert services like Verifi or Ethoca (if your volume justifies the per-alert cost)
You've Completed the Fraud Protection Pathway
You now understand:
- What fraud looks like for small businesses
- How to set up basic protections using free tools
- What to monitor and when to escalate