It's worth noting that people often typo things like billing address or cvc code, and that the majority of these failures are not in fact fraud. At that point, it's also a usability question about what the best behavior really is. The banks do take CVC into account when deciding whether or not to approve the charge, and obviously also run their own (often aggressive) fraud prevention algorithms to deny suspicious charges.

All that being said, we're working on some tools to make this a bit easier.

Thanks Ross. I can certainly understand an address typo, but a CVC typo seems like a valid reason for denying a transaction. Glad to hear that you're aware and are working on tools to help us!

Your complaint is with the third party providers. Stripe's charge method does what it says on the tin: it charges the card. If your third party integration software doesn't expose a method to create and validate the customer data (which the Stripe API supports) prior to making the charge, ask them to fully support Stripe's API or provide you with a configurable option for what to do when the CVC/AVS checks fail.

That's certainly one way to look at it. In my opinion, Stripe should be the entity responsible for fraud management and not left up to the individual implementations, but I can certainly see your point of view as well.

The alternative is that you could end up with customers who constantly hit false positives in the fraud detection, and it becomes impossible to charge that person unless Stripe implements a way to "force charge" someone, and then you have to hope your 3rd party Stripe integration also supports and exposes that to you...