---
title: Risky transaction prevention
---

# Risky transaction prevention

Add friction to high-risk checkouts before the charge goes through.

## Step 1: Protect the checkout

Before anything else, make sure you have a working integration by following the [Quick start](/docs/v3/quick-start). A dedicated transaction action is coming soon. Until then, protect the checkout surface as an `access` evaluation: evaluate when the user reaches checkout.

## Step 2: Add the policies

A policy has a trigger (the event it runs on) and a verdict. Add these in your [policies dashboard](https://app.rupt.dev/policies):

| Policy                  | Trigger  | Conditions                                                        | Verdict    |
| ----------------------- | -------- | ----------------------------------------------------------------- | --------- |
| Challenge risky checkouts | `access` | `is_new_fingerprint`, `ip_is_vpn`, `impossible_travel`, or `is_new_ip` | Challenge |

These are the same signals as an account takeover, applied to a purchase instead of a login: a device you've never seen, a VPN, a location the account couldn't have reached, a network it has never used. When they line up, challenge the checkout so a real buyer can clear it before the charge clears.

## Related

- [Account takeover prevention](/docs/v3/guides/account-takeover-prevention): the same signals on the `login` action.
- [Anonymizing network](/docs/v3/concepts/anonymizing-network): the VPN, proxy, and Tor checks behind this policy.