Skip to main content

Chargebacks & Fraud Protection

Chargebacks occur when a cardholder disputes a fiat payment. Niftipay provides a multi-layered fraud detection system that protects your business automatically. This page covers:
New: You can now proactively block IPs, emails, and card BINs without waiting for chargebacks. See Fraud Prevention & Blocking.

How fraud protection works

Niftipay uses multiple signals to detect and prevent repeat fraud:

1. Automatic blocking (IP & email)

When a chargeback is recorded, Niftipay checks whether the same IP address or email has been involved in previous chargebacks for your account. If 2 or more chargebacks share the same IP or email, that identifier is automatically blocked and a case is created. When a blocked customer tries to pay via your checkout link, they see a block page with their case number instead of the payment form. You can add a contact URL so they can reach you if the block was a mistake. Each block is per merchant — if you unblock an IP, it only affects your account. Other merchants’ blocks are independent.

2. Manual blocking (IP, email, BIN)

You can proactively block IPs, emails, and card BINs without waiting for chargebacks. This is useful when you spot suspicious activity or know a particular card range is being used for fraud. See the Fraud Prevention & Blocking page for the full API reference.

3. BIN blocking

Block entire card ranges by their BIN (first 6 digits of the card number). When you notice fraud from cards sharing the same BIN (e.g. 443047), block that BIN to prevent all cards in that range from completing checkout. See Block a Card BIN for details.

4. Unusual amount detection

Niftipay monitors your order amounts and flags orders that are significantly higher than your average. If the same IP or email submits 2 or more flagged orders within 24 hours, that identifier is automatically blocked. See Unusual Amount Detection for details.

5. Fraud alerts at payment time

When any order is paid, Niftipay checks the card number (last 4 digits), email, IP, card BIN, and order amount against:
  • Your own chargebacks — full order details included in the alert
  • Platform-wide chargebacks from other merchants — count and date included (no other merchant’s details are exposed)
  • Blocked BINs — flagged if the card BIN is on the blocklist
  • Amount anomalies — flagged if the order amount is unusually high
If any signal matches, you receive a fraud alert email so you can review the order before shipping. This catches fraud even on the first order from a new customer if that card, email, or IP was flagged on another merchant’s account.

6. Disposable email detection

Orders placed with disposable/temporary email addresses (e.g. mailinator.com, guerrillamail.com) are automatically flagged. This does not block the order, but the flag is included in fraud alert emails. Niftipay checks against a database of 120,000+ known disposable email domains.

7. VPN / TOR / proxy detection

Before every checkout redirect, Niftipay checks the customer’s IP against known VPN, TOR, and proxy networks. TOR and proxy traffic is blocked by default. This runs independently of the chargeback system.

Base URL

All examples use:
  • https://www.niftipay.com

Authentication

These endpoints support two authentication methods: Send your API key in the x-api-key header.
If you are authenticated via the dashboard.

Amounts are in minor units

All monetary values (feeCents, orderAmountCents, amountCents, subtotalCents) are stored in minor units (e.g. cents for EUR/USD). To convert to the major unit, divide by 100 for most currencies. See Fiat Orders for details on currency decimal rules.

List Chargebacks

Endpoint

GET /api/fiat/chargebacks
Requires API key or session authentication.
Returns a paginated list of chargeback events for the authenticated user, ordered by most recent first.

Query parameters

NameTypeDefaultNotes
pagenumber1Page number (min 1).
pageSizenumber25Results per page. Min 1, max 500.
ipAddressstringOptional. Filter chargebacks by IP address.

Example request

Example response

Response fields

FieldTypeDescription
idstringChargeback event ID.
userIdstringYour user ID.
fiatOrderIdstringThe fiat order that was charged back.
pspstringPayment service provider identifier.
pspChargebackOrderIdstringThe PSP’s chargeback reference.
pspOriginalOrderIdstring | nullThe PSP’s original order reference.
ipAddressstring | nullIP address associated with the chargeback.
feeCentsnumberChargeback fee in minor units.
feeCurrencystringCurrency of the fee (e.g. "EUR").
feeDeductedbooleanWhether the fee has been deducted from your balance.
feeDeductedAtstring | nullISO 8601 timestamp when the fee was deducted.
orderAmountCentsnumber | nullOriginal order amount in minor units.
orderCurrencystring | nullCurrency of the original order.
createdAtstringISO 8601 timestamp when the chargeback was created.
orderobject | nullThe linked fiat order (see below).

Nested order object

FieldTypeDescription
idstringFiat order ID.
orderKeynumberNumeric order key.
merchantReferencestring | nullYour merchant reference for this order.
userIdstringOwner user ID.
pspstringPayment service provider.
pspOrderIdstringPSP order reference.
statusstringOrder status (e.g. "chargeback").
createdAtstringISO 8601 timestamp.
completedAtstring | nullISO 8601 timestamp when payment completed.

Get Chargeback

Endpoint

GET /api/fiat/chargebacks/:id
Requires API key or session authentication.
Returns a single chargeback event by its ID, along with the linked fiat order details.

Path parameters

NameTypeNotes
idstringThe chargeback event ID.

Example request

Example response


Chargeback Statistics

Endpoint

GET /api/fiat/chargebacks/stats
Requires API key or session authentication.
Returns a daily breakdown of chargeback counts and amounts, plus overall chargeback rate.

Example request

Example response

Response fields

days array

FieldTypeDescription
dateYmdstringDate in YYYY-MM-DD format (Europe/Amsterdam timezone).
countnumberNumber of chargebacks on that day.
amountCentsnumberTotal chargeback amount in minor units for that day.

summary object

FieldTypeDescription
totalChargebacksnumberTotal number of chargeback events.
totalPaidOrdersnumberTotal number of paid orders (completed + chargeback).
chargebackRatePercentnumberChargeback rate as a percentage (e.g. 2.0 means 2%).

Error Responses

Invalid query parameters (400)

Missing or invalid authentication (401)

Chargeback not found (404)

Returned by GET /api/fiat/chargebacks/:id when the ID does not exist or does not belong to your account.

Chargeback Cases (Blocked IPs & Emails)

When an IP address or email appears in 2 or more chargebacks for your account, Niftipay automatically creates a chargeback case and blocks that identifier. Blocked customers see a message with their case number instead of being redirected to checkout. Each case has a type: ip (blocked by IP address) or email (blocked by email address).
Merchant isolation: Each case belongs to your account only. If you unblock an IP or email, it only affects your checkout. Other merchants’ blocks are completely independent.

List Chargeback Cases

Endpoint

GET /api/fiat/chargeback-cases
Requires API key or session authentication.
Returns a paginated list of chargeback cases for the authenticated user.

Query parameters

NameTypeDefaultNotes
pagenumber1Page number (min 1).
pageSizenumber25Results per page. Min 1, max 500.
statusstringOptional. Filter by blocked or unblocked.
searchstringOptional. Search by case number, IP address, or email.

Example request

Example response

Response fields (case object)

FieldTypeDescription
idnumberCase ID (used in URLs).
caseNumberstringHuman-readable case number (e.g. CB-00001). Shown to blocked customers.
kindstringBlock type: "ip" or "email".
ipAddressstring | nullBlocked IP address (for ip kind cases).
blockedEmailstring | nullBlocked email address (for email kind cases).
statusstring"blocked" or "unblocked".
chargebackEventIdsstring[]IDs of the chargeback events that triggered this case.
cardNamesstring[]Cardholder names from the flagged orders.
truncatedPansstring[]Truncated card numbers (last 4 digits) from the flagged orders.
orderEmailsstring[]Email addresses used in the flagged orders.
createdAtstringISO 8601 timestamp when the case was created.
unblockedAtstring | nullISO 8601 timestamp when the case was unblocked.
unblockedReasonstring | nullReason provided when unblocking.

Get Chargeback Case

Endpoint

GET /api/fiat/chargeback-cases/:id
Requires API key or session authentication.
Returns a single chargeback case with its related chargeback events and order details.

Path parameters

NameTypeNotes
idnumberThe case ID.

Example request

Example response


Unblock a Case

Endpoint

PATCH /api/fiat/chargeback-cases/:id
Requires API key or session authentication.
Unblocks an IP or email, allowing orders from that identifier to proceed again. If a new chargeback is later recorded from the same identifier, the case will be automatically re-blocked.
You can only unblock your own cases. Other merchants’ blocks are not affected.

Path parameters

NameTypeNotes
idnumberThe case ID.

Request body

FieldTypeRequiredNotes
actionstringYesMust be "unblock".
reasonstringNoOptional reason for unblocking (max 500 characters).

Example request

Example response

Error: already unblocked (409)


Fraud Signals (Order Risk Check)

Endpoint

GET /api/fiat/orders/:identifier/fraud-signals
Requires API key or session authentication.
Returns a comprehensive fraud risk assessment for a single fiat order. Checks the order’s card number, email, and IP address against all chargeback records (both your own and platform-wide), checks for active blocks, detects disposable emails, and computes an IP risk score — all in a single request. This endpoint is used by the WooCommerce plugin to display real-time fraud warnings on the order detail page.

Path parameters

NameTypeNotes
identifierstringThe fiat order identifier. Can be an orderKey (digits), order id (UUID), or merchantReference (string).

Example request

Example response

Response fields

FieldTypeDescription
orderobjectSummary of the order being checked (see below).
severitystringOverall risk level: "critical", "high", "medium", or "low".
signalsarrayList of fraud signals detected (see below). Empty array if clean.
ipRiskobjectIP risk scoring details (see below).

order object

FieldTypeDescription
idstringFiat order ID.
orderKeynumberNumeric order key.
merchantReferencestring | nullYour merchant reference.
emailstring | nullCustomer email on the order.
ipstring | nullCustomer IP address (captured at checkout or from PSP).
truncatedPanstring | nullLast 4 digits of the card used.
binstring | nullCard BIN (first 6 digits). Used for BIN blocking.
cardholderNamestring | nullCardholder name from the PSP.

severity levels

LevelMeaning
criticalIP/email blocked, BIN blocked, velocity auto-block, or IP risk score >= 75. Do not fulfil without review.
highCard/email/IP matched your chargebacks, critical amount anomaly (z-score >= 5.0), or IP risk score >= 50.
mediumPlatform-wide matches, disposable email, or warning amount anomaly (z-score >= 3.0).
lowNo fraud signals detected.

signals array

Each signal is an object with a type field. The possible types are:
TypeDescriptionExtra fields
pan_merchantCard matched your own chargebacks.count, matches[]
email_merchantEmail matched your own chargebacks.count, matches[]
ip_merchantIP matched your own chargebacks.count, matches[]
pan_platformCard flagged in chargebacks across other merchants.count, latestAmount, latestDate
email_platformEmail flagged across other merchants.count, latestAmount, latestDate
ip_platformIP flagged across other merchants.count, latestAmount, latestDate
disposable_emailEmail uses a known disposable/temporary domain.
ip_blockedIP is currently blocked by a chargeback case.caseNumber
email_blockedEmail is currently blocked by a chargeback case.caseNumber
bin_blockedCard BIN is on the blocklist. See BIN blocking.bin, reason
amount_anomalyOrder amount is unusually high. See amount detection.zScore, severity, merchantMean, amountCents
ip_amount_velocityIP auto-blocked for repeated high-amount orders. See velocity.anomalyCount, caseNumber
email_amount_velocityEmail auto-blocked for repeated high-amount orders. See velocity.anomalyCount, caseNumber
Merchant-level matches (*_merchant) include a matches array with full order details:
FieldTypeDescription
signalstring"pan", "email", or "ip".
cbOrderKeystringOrder key of the matching chargeback (e.g. "#10042").
cbRefstringMerchant reference of the matching order.
cbAmountstringAmount and currency (e.g. "50.00 EUR").
cbDatestringDate of the chargeback (YYYY-MM-DD).
cbCardholderNamestringCardholder name from the matching order.
Platform-level matches (*_platform) only include a count and most recent amount/date — no other merchant’s details are exposed.

ipRisk object

FieldTypeDescription
scorenumberRisk score from 0 (safe) to 100 (very high risk).
labelstring"low" (0-19), "medium" (20-49), "high" (50-74), "critical" (75+).
componentsobjectScore breakdown: count (0-40), recency (0-25), velocity (0-15), spread (0-20).
reasonsstring[]Human-readable explanations for the score.
statsobject | nullRaw statistics: total, distinctMerchants, distinctPsps, last1d, last7d, last30d, firstSeenAt, lastSeenAt, daysSinceLastSeen. Null if no IP available.

Error responses

Order not found (404)

Not a fiat order / invalid identifier (400)

Ambiguous merchant reference (409)

If your merchantReference matches multiple orders:
Use the numeric orderKey or UUID id instead.

Fraud Alert Emails

Niftipay sends you an email when a paid order matches previous chargeback signals. These alerts are sent automatically — no API configuration needed.

What triggers an alert

When an order completes payment, Niftipay checks three signals against your own chargebacks and chargebacks across the entire platform (from other merchants):
SignalYour chargebacksPlatform-wide
Card number (last 4 digits)Full order details shownCount + date only (no other merchant details)
Email addressFull order details shownCount + date only
IP addressFull order details shownCount + date only
Disposable emailFlagged in the alert
Blocked BINFlagged with BIN and reason
Unusual amountFlagged with z-score and average
If any signal matches, you receive a single email with all risk signals and related chargebacks.

Example alert email contents

Privacy: Platform-wide alerts never expose other merchants’ order numbers, references, or identities. Only the signal type, count, and most recent date/amount are shown.

What to do when you receive an alert

  • Review the order in your dashboard before shipping any goods.
  • If the order looks legitimate, no action is needed.
  • If the order looks fraudulent, you can cancel or refund it from the dashboard.

Block Page & Contact URL

When a customer is blocked, they see a page like this:
There’s a problem with your order Case number: #CB-00042 Please contact the shop for assistance. [Contact Shop] ← button (only if you configured a contact URL)

Setting up a contact URL

You can add a contactUrl to your fiat integration so blocked customers can reach you directly. The “Contact Shop” button links to this URL. To set it, update your integration via the API:
To remove it, set it to null:
This field is optional. If not set, the block page shows only the case number and a text message asking the customer to contact you. See Fiat Integrations for the full integration management API.