Rules Reference

Rule processing and ordering

When creating a rule, the action it’s going to take determines the order in which it is processed. Each payment is evaluated against the rules you have created and performed in a specific order:

1. Allow: Rules that allow a payment to be processed. If a payment is allowed, it is not evaluated against any block or review rules.
2. Block: Rules that block a payment and reject it. If a payment is rejected, it’s not evaluated against any review rules.
3. Review: Rules that allow a payment to be processed but are then placed in review

If a payment should match a rule’s criteria, the respective action is performed and no further rules are evaluated against the payment. If a payment matches an allow rule, it’s processed normally–no block or review rules are subsequently evaluated, even if the payment would also meet their criteria. For instance, an example set of rules might be as follows:

• Allow payments less than $10
• Allow payments made within the US and with a risk level of normal
• Block payments where the risk level is high
• Block payments greater than $1,000
• Review payments made with a card issued outside the U.S.

Using the rules above, all payment less than $10 would be processed, regardless of their risk level or where the card used was issued. This is because the first rule allows the payment, so no further rules are evaluated. Similarly, a $1,500 payment made within the U.S. with a normal risk level would also be allowed, despite the rule to block payments over $1,000. This is because of the second rule in the list, allowing payments made within the US and a normal risk level. Once a particular rule is triggered, no further rules are evaluated.

Rule structure

Rules are constructed using two components: the action it should take and the condition to evaluate:

{action} if {condition}

In practice, a rule to block all payments over $1,000 would appear as:

Block if :amount_in_usd: > 1000.00

• The action is Block
• The condition is :amount_in_usd: > 1000.00

Actions

A rule can perform one of three actions with a payment that meets its criteria, which are processed in this specific order.

Allow

This rule action determines when a payment of a certain criteria should always be allowed, regardless of Stripe’s evaluation and any other rules the payment might match. When a payment matches the criteria in an allow rule, it is processed normally by Stripe and has no further rules evaluated against it. Even when Stripe proceeds with a payment it may nonetheless be declined by the issuing bank.

Block

This specifies when a payment should always be blocked by Stripe. If a payment matches the criteria in a block rule, the payment is rejected and no further rules are evaluated.

Review

There might be certain types of payments you want to allow, but still take a closer look at. With review rules, you can place payments in review. This is especially useful to manage payments that aren’t particularly common, such as those with a larger than usual amount or from a country that you don’t often ship to. These payments are still processed, and the customer charged, but you have an additional opportunity to review the order to make sure there are no signs of fraud.

Conditions

If a payment matches a rule’s condition, the corresponding action is taken. A basic condition is, itself, made up of three parts:

[attribute] [operator] [value]

• Attribute: The attribute of a payment (e.g., the amount or type of card)
• Operator: The arithmetic that compares the attribute to the value (e.g., greater than or not equal to)
• Value: The criteria you wish to use (e.g., 100.00 or debit)

Combining both the action and condition together, the structure of a rule is:

{action} if {[attribute] [operator] [value]}

There are four types of conditions that exist, depending on the attribute type:

• [string_attribute] [operator] [string_value]
• [country_attribute] [operator] [country_value]
• [numeric_attribute] [operator] [numeric_value]
• [boolean_attribute]

Certain attributes can also be used as a corresponding value within a condition. For instance, you can create a rule to block payments where the country the card was issued does not match against the country the payment was made, using the following attribute and value:

Block if :card_country: != :ip_country:

String attributes

These contain any combination of characters. String attributes and values most commonly represent a piece of text, such as a card’s brand (e.g., visa, amex) or risk level (e.g., elevated). These can be used in rules to allow payments only from a particular country, or block payments made with prepaid cards.

Country attributes

These makes use of two-letter country codes to represent a country, such as US for United States or CA for Canada. Country attributes operate the same as string attributes, the only difference being that the value must be a country code.

Numeric attributes

As these only contain numbers, they support more operators than string attributes and values. A payment’s amount is one example of a numeric attribute, and a rule can be created to perform an action should the amount be higher, lower, equal, or not equal to the amount you specify.

Boolean attributes

A boolean attribute simply represents whether a particular attribute is true. Unlike string and numeric attributes, there are no operators or values to use. You can use a boolean attribute to block payments that have been made with a disposable email address, or place payments in review that were made with an anonymous IP address.

Supported attributes

The following payment attributes are supported for use in rule definitions:

The email_domain and is_disposable_email attributes make use of an email address found in any of the following fields:

• The receipt_email of the payment
• The description of the payment
• The name of the card (if an email address has been provided as the cardholder name)
• The email of the customer that the payment was created on
• The description of the customer or payment

Operators

A condition’s operator denotes the comparison between the payment’s attribute and the value you provide. There are different operators available, depending on the type attribute being used.

Complex conditions

You can build complex conditions by joining together basic conditions using the operators AND, OR, and NOT. You can also use their symbolic equivalents &&, || and ! respectively.

Similar to programming languages such as C, Python, and SQL, Stripe supports standard operator precedence (order of operations). For instance, the complex condition:

{condition_X} OR NOT {condition_Y} AND {condition_Z}

is interpreted as:

{condition_X} OR ((NOT {condition_Y}) AND {condition_Z})

Sub-conditional grouping within complex conditions is also supported using parentheses. For instance, the prior example can be amended to explicitly change the evaluation order of sub-predicates:

({condition_X} OR (NOT {condition_Y})) AND {condition_Z}

{condition_X} OR NOT ({condition_Y} AND {condition_Z})

By using parentheses in different locations, each of these complex conditions lead to different results.