StripeCart uses a rule-based fraud screening layer before payment authorization. One high-severity rule automatically declines card transactions when the billing country and IP country differ and the account is less than 7 days old. Over the last 6 weeks, customer support complaints about “card declined” events increased, and the Risk team wants to know whether this rule is blocking too many legitimate purchases.
| Metric | Rule-Off Baseline | Current Rule-On | Change |
|---|---|---|---|
| Transactions evaluated / week | 1,200,000 | 1,200,000 | 0% |
| Rule-triggered declines / week | 0 | 18,000 | +18,000 |
| Confirmed fraud prevented / week | 0 | 2,700 | +2,700 |
| Legitimate declines / week | 0 | 15,300 | +15,300 |
| Precision (fraud among declines) | — | 0.15 | — |
| Recall on fraud segment covered by rule | — | 0.54 | — |
| False positive rate on all legitimate txns | — | 1.29% | — |
| Approval rate | 96.8% | 95.3% | -1.5 pts |
| Weekly gross payment volume lost | — | $1.84M | — |
| Estimated fraud loss avoided | — | $486K | — |
The rule catches fraud, but most declined transactions appear to be legitimate. You need to determine whether the rule is too aggressive, how to quantify the business tradeoff, and what changes should be made.
