Binary decisions are brittle. For payments that are neither clearly safe nor clearly fraudulent, Stripe uses a "soft block." This triggers a 3DS authentication step, allowing legitimate users to proceed while stopping fraudsters, resolving ambiguity without losing revenue.
Related Insights
In regulated industries, AI's value isn't perfect breach detection but efficiently filtering millions of calls to identify a small, ambiguous subset needing human review. This shifts the goal from flawless accuracy to dramatically improving the efficiency and focus of human compliance officers.
Stripe avoids costly system rebuilds by treating its new payments foundation model as a modular component. Its powerful embeddings are simply added as new features to many existing ML classifiers, instantly boosting their performance with minimal engineering effort.
Stripe's AI model processes payments as a distinct data type, not just text. It analyzes transaction sequences across buyers, cards, devices, and merchants to uncover complex fraud patterns invisible to humans, boosting card testing detection from 59% to 97%.
The government's standard procedure is to disburse funds and attempt to recover improper payments later—a highly inefficient process that costs hundreds of billions annually. A more effective system would require real-time prepayment verification, defaulting to "no pay" if eligibility cannot be confirmed, preventing fraud before it occurs.
Unlike other tech verticals, fintech platforms cannot claim neutrality and abdicate responsibility for risk. Providing robust consumer protections, like the chargeback process for credit cards, is essential for building the user trust required for mass adoption. Without that trust, there is no incentive for consumers to use the product.
For complex cases like "friendly fraud," traditional ground truth labels are often missing. Stripe uses an LLM to act as a judge, evaluating the quality of AI-generated labels for suspicious payments. This creates a proxy for ground truth, enabling faster model iteration.
A core pillar of modern cybersecurity, anomaly detection, fails when applied to AI agents. These systems lack a stable behavioral baseline, making it nearly impossible to distinguish between a harmless emergent behavior and a genuine threat. This requires entirely new detection paradigms.
By creating dense embeddings for every transaction, Stripe's model identifies subtle patterns of card testing (e.g., tiny, repetitive charges) hidden within high-volume merchants' traffic. These attacks are invisible to traditional ML but appear as distinct clusters to the foundation model, boosting detection on large users from 59% to 97%.
Users distrust "talk to your data" tools they don't understand. Stripe's Sigma product overcomes this by generating a natural language explanation alongside every answer. It details assumptions made, like the specific dates used for "Black Friday," allowing non-technical users to verify the logic.
Purely model-based or rule-based systems have flaws. Stripe combines them for better results. For instance, a transaction with a CVC code mismatch (a rule) is only blocked if its model-generated risk score is also elevated, preventing rejection of good customers who make simple mistakes.