Fraud & Policies

Protect your business with fraud controls and retry policies.

Fraud Policies

Set organization-level risk controls for payment intents.

Available Controls

ControlDescription
max_amountMaximum payment amount (minor units)
blocked_binsCard BINs to reject
allowed_binsOnly allow these BINs (whitelist)
velocity_max_per_minuteMax payments per minute per customer

Get Fraud Policy

curl https://api.reevit.io/v1/policies/fraud \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123"
Response: 
{
  "org_id": "org_123",
  "max_amount": 10000000,
  "blocked_bins": ["411111", "400000"],
  "allowed_bins": [],
  "velocity_max_per_minute": 5,
  "updated_at": "2025-02-10T10:00:00Z"
}

Set Fraud Policy

curl -X POST https://api.reevit.io/v1/policies/fraud \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123" \
  -H "Idempotency-Key: fraud-policy-001" \
  -d '{
    "max_amount": 10000000,
    "blocked_bins": ["411111"],
    "velocity_max_per_minute": 10
  }'

Merge Behavior

Policies are merged, not replaced:
  • blocked_bins are added to existing list
  • allowed_bins are added to existing list
  • Other fields are overwritten

Per-Request Override

Override fraud policy for a specific payment: 
curl -X POST https://api.reevit.io/v1/payments/intents \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123" \
  -H "Idempotency-Key: order-12345" \
  -d '{
    "amount": 15000000,
    "currency": "GHS",
    "method": "card",
    "country": "GH",
    "reference": "ORD-12345",
    "metadata": {
      "org_id": "your_org_id",
      "connection_id": "your_conn_id",
      "payment_id": "ORD-12345"
    },
    "fraud_override": {
      "max_amount": 20000000,
      "skip_velocity": true
    }
  }'

Audit Trail

View policy changes: 
curl https://api.reevit.io/v1/policies/fraud/audit \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123"

{
  "logs": [
    {
      "id": "log_123",
      "actor": "user_456",
      "previous": { "max_amount": 5000000 },
      "new": { "max_amount": 10000000 },
      "created_at": "2025-02-10T10:00:00Z"
    }
  ]
}

Retry Policies

Configure how failed subscription payments are retried.

Get Retry Policy

curl https://api.reevit.io/v1/policies/retry \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123"
Response: 
{
  "org_id": "org_123",
  "plan_id": "",
  "delays": ["15m", "1h", "24h"],
  "max_retries": 3
}

Set Retry Policy

curl -X POST https://api.reevit.io/v1/policies/retry \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123" \
  -H "Idempotency-Key: retry-policy-001" \
  -d '{
    "plan_id": "premium",
    "delays": ["30m", "4h", "24h", "72h"],
    "max_retries": 4
  }'

Delay Format

FormatDuration
15m15 minutes
1h1 hour
24h24 hours
7d7 days

Policy Hierarchy

Policies are applied in order:
  1. Plan-level — Specific to subscription plan
  2. Org-level — Default for organization (empty plan_id)
  3. Global — System default (3 retries at 15m, 1h, 24h)

List Retry Policies

curl https://api.reevit.io/v1/policies/retry/list \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123"

Delete Retry Policy

curl -X DELETE "https://api.reevit.io/v1/policies/retry?plan_id=premium" \
  -H "X-Reevit-Key: pfk_live_xxx.secret" \
  -H "X-Org-Id: org_123"

Error Codes

CodeDescription
fraud_blockedPayment blocked by fraud policy
max_amount_exceededAmount exceeds limit
bin_blockedCard BIN is blocked
velocity_exceededToo many payments in time window

Best Practices

Fraud Policies

  1. Start Conservative — Set lower limits initially
  2. Monitor Blocks — Review blocked payments regularly
  3. Whitelist Trusted — Use allowed_bins for known customers
  4. Velocity Limits — Prevent card testing attacks

Retry Policies

  1. Gradual Delays — Start short, increase over time
  2. Plan-Specific — Higher-value plans may need more retries
  3. Notify Customers — Send emails before final retry
  4. Grace Period — Allow time for customers to update payment