What kind of fraud checks does Recurly perform?

All transactions are passed through a simple fraud velocity filter prior being passed on to your payment gateway for attempted processing. This doesn't guarantee that no fraud will occur, but it will reduce the possibility of large volumes of fraudulent transactions. 

Our fraud velocity filters looks at the number of transactions created, number of new subscriptions created, and number of billing information update attempts submitted from the same IP address. 

Since some of our fraud velocity filters are be enforced using IP based rules, you must provide your customer's actual IP address. If no address is provided for the transaction, or if a local address is provided, such as "127.x.x.x" or "10.x.x.x", we cannot accurately detect fraudulent behavior via our velocity filters. 

If you are signing up a large number of clients from a specific IP address you can whitelist that IP address under configuration -> site settings, this will let you bypass specific IP addresses from the fraud velocity filters. 

This filter is set to allow up to 10 billing information updates in the past 24 hours (per IP address), up to 10 new subscriptions created in the past hour (per IP address), and up to 20 transactions in the past hour (per IP address). The fraud filter can be manually reset by pulling up the account that was declined and hitting the reset fraud filter button on the right hand side of the account page.