In my experience, Stripe won't do anything like that. I manage a website that accepts donations. This tends to be a target that fraudsters like to utilize. They'll "donate" small amounts to the non-profit in order to check if the transaction went through. If the transaction was approved, they know the card is still valid. Meanwhile, we're stuck with the fraudulent transaction and have to refund the charge.
Now, these charges are clearly fraudulent. Without going into details, we can 100% detect the fraudulent transactions from real ones. I've suggested to Stripe that this could be a honey-pot setup to identify stolen cards but they've told me that there card processing doesn't have that type of infrastructure. Even if I know a credit card number has been compromised, there is no way to alert the card holder.
It's a shame really. It's not the fault of Stripe that we can't alert the card holder but it's important to know that there is no mechanism to protect card holders, even if you know their card has been compromised.
There is a path where you can report fraudulent activity to your 'merchant financial institution', which will typically be either your IPSP or your bank.
I don't get why stripe can't do this because my IPSP definitely can and we use this daily.
Time. I can eye ball the charges and know 100%. I need to add code that'll do the same and I don't have the time right now. For the few charges we get, it's easier to quickly refund than to write the code. It's something I will eventually write code to automate.
As a hosting provider, we also see our fair share of fraud. It's truly amazing at to me how many fraudulent CCs are attempted. I can't detect 100% -- but pretty close. I've also made suggestions to stripe with a similar response.
Stripe provides a fingerprint, and it would be nice if stripe provided a service to rate/track various card fingerprints and receive a score when adding/authorizing a card -- or develop some community based feedback scoring system with feedback from companies like ours!
Stripe turns a card number into a token, which you can store without needing to worry about PCI compliance. That token can be used with Stripe to use the card from their secure store.
Now, these charges are clearly fraudulent. Without going into details, we can 100% detect the fraudulent transactions from real ones. I've suggested to Stripe that this could be a honey-pot setup to identify stolen cards but they've told me that there card processing doesn't have that type of infrastructure. Even if I know a credit card number has been compromised, there is no way to alert the card holder.
It's a shame really. It's not the fault of Stripe that we can't alert the card holder but it's important to know that there is no mechanism to protect card holders, even if you know their card has been compromised.