Use Stripe's Fraud Detection with NetSuite


Stripe's fraud tools provide insight into why a charge was declined or flags payments for review if they are considered risky. You can customize the rules that Stripe uses to make these determinations on your account.

If a charge is considered risky but is not declined (aka blocked, failed, etc), SuiteSync marks the corresponding NetSuite transaction (SalesOrder, Invoice, CashSale) as fraudulent. This enables automated or manual workflows to be developed in NetSuite to handle risky charges based on fraud rules in Stripe.

For instance, you could prevent a SalesOrder from being automatically approved if your Stripe fraud systems mark the order as possibly fraudulent, preventing the order from being shipped before your team has manually reviewed it.

Here’s how it works:

  1. A charge is created in Stripe. Stripe marks it as having elevated fraud risk, or it is placed in manual review by a rule you create in Stripe.
  2. The charge is associated with a SalesOrder, CashSale, or Invoice. In most cases, SuiteSync does this automatically.
  3. SuiteSync pulls the fraud summary to a field on the associated SalesOrder, CashSale, etc.
  4. SuiteSync marks the transaction as being tagged with fraud information so you can quickly build automated workflows around the fraud status of a transaction.

The real magic of the system is the ability to very quickly change fraud rules in Stripe and have them instantly reflected in NetSuite. For instance, let's say you want to put all payments initiated from an IP address originating from a particular country in review. You can implement this rule in Stripe in a couple of minutes and instantly block those orders from automatically being fulfilled in NetSuite without having to adjust any custom SuiteScript code in NetSuite.

Here's a diagram outlining how the fraud system works:

Fraud Prevention Outline

Technical Details

Integrating Stripe’s fraud system into NetSuite does not require additional effort from your team. It is a turnkey integration that is enabled on your account.

You can build NetSuite automation on top of the fraud information that is passed into NetSuite. This transaction fraud information can be used to adjust your fulfillment workflow.

Here are the technical details of how this works:

  • A summary of the fraud information is stored in a custom field created on your transaction records with an ID of custbody_suitesync_fraud_message
  • When a NetSuite transaction has been checked for fraud, the custbody_suitesync_fraud_processed is checked. This is the trigger you should use to build automated workflows.
  • NetSuite transactions are checked for fraud in a separate process (asyncrounously). This means that you can't rely on fraud being checked before the payment appears in NetSuite. Use the custbody_suitesync_fraud_processed to check if a order (or invoice, cash sale, etc) has been checked for fraud.
  • If the risk level of a charge is "normal" fraud information is not added to the order. In this case, the custbody_suitesync_fraud_message custom field is blank and the custbody_suitesync_fraud_processed checkbox is checked.
  • By default, Stripe payments with a "high" fraud level are declined. In most cases, a charge is declined during the checkout process, and the user is notified immediately about the issue. In other words, if a Stripe payment is declined the corresponding NetSuite transaction is not affected. You can customize your fraud rules to allow high risk payments; in this case the payment is not declined and fraud information is added to the NetSuite transaction.
  • Fraud information is added to the SalesOrder, CashSale, or Invoice records. There is also support for CustomerDeposit or CustomerPayment records in some cases.
  • Only card payments are currently processed for risk by Stripe. Other payment methods (such as bank transfers) will never be marked as fraudulent.
  • A clickable link can be added to NetSuite linking directly to the Stripe Dashboard. This enables your team to quickly jump to Stripe to review the possibly fraudulent charge associated with an order.

Here's what a NetSuite transaction looks like when it is marked as fraudulent:

Fraud Prevention Outline

How can I use authorized payments with this fraud integration?

If you are authorizing payments and capturing later on (using the auth-fulfill-capture workflow), fraud information can optionally be pulled onto the associated SalesOrder. This enables you to review possibly fraudulent orders before capturing the charge.

If you are using auth-capture, the recommended workflow is to automatically place SalesOrders in the "Pending Approval" state if Stripe considers those orders to be fraudulent.

How can I block or put payments in review if they fail CVC, zip, or address verification?

All rules to block or review payments are managed through Stripe Radar. There is not a separate area in Stripe, separate NetSuite fields, etc to manage blocking or reviewing payments based on these verifications.

Check out this Stripe documentation for more information on the various fraud review options available. Contact Stripe support for more information on configuring Stripe's fraud rules for your business.

Building Automated NetSuite Fraud Review Workflows

Adjusting your NetSuite fulfillment workflow based on Stripe's fraud system requires custom SuiteScripts to be developed on your end. To help you in this process, we've developed an example SuiteScript that serves as a great starting point for implementing this automation in your NetSuite account.

Here's the logic you should use when building automation around the Stripe fraud system:

  • If custbody_suitesync_fraud_processed is true and custbody_suitesync_fraud_message is empty, the transaction has been checked for fraud and does not need any manual review.
  • If custbody_suitesync_fraud_processed is true and custbody_suitesync_fraud_message is not empty, the transaction is possibly fraudulent. In most cases, the fraud message field contains one of these two messages:
    • One of your rules placed this charge in manual review. This message indicates that a rule in Stripe set up by your team triggered this fraud message.
    • Marked as risky by Stripe. This message means that Stripe's machine learning fraud system determined this payment to have a high level of risk.

Here's an example SuiteScript implementing this logic:

function isEmpty(obj) {
  return obj === undefined || obj === null || obj === "";
}

function afterSubmit() {
    if(nlapiGetFieldValue('custbody_suitesync_fraud_processed') == true) {
        if(isEmpty(nlapiGetFieldValue('custbody_suitesync_fraud_message')) {
            transactionIsSafe();
        } else {
            transactionIsFraudulent();
        }
    } else {
        // transaction has not yet been processed for fraud
    }
}

View Full Example

Here are some examples of the triggers could you build in NetSuite:

  • If a fraudulent transaction is detected, create a task and assign it to a particular employee (or group of employees).
  • If a transaction is not fraudulent, approve the SalesOrder by changing the status of the SalesOrder to _pendingFulfillment

During the onboarding process, we can review your particular situation and offer best practices for fraud integration & management.