A friend of mine recently got his Stripe account banned due to card testing attacks. He thought he was safe because he had "Stripe Radar" enabled.
The Problem: Upon auditing his logs, we discovered that 30% of his transactions had no billing address. It turns out Stripe's default Checkout (especially with Apple Pay/Link) doesn't force address collection. Without an address, AVS (Address Verification Service) is skipped, and Radar rules based on location are completely bypassed. I call these "Ghost Transactions".
The Solution: I built GhostAudit to scan for this specific vulnerability.
How it works: It fetches your last 100 transactions (via a Restricted Read-Only Key) and calculates your "Ghost Rate".
Security: Keys are processed in-memory, never stored. The app is open about what permissions it needs (Read-only Charges).
Pricing: It's a one-time $29.9 audit (I hate subscriptions for simple tools). There is a free check to see if you are exposed.
Tech Stack: Next.js, Tailwind, Shadcn UI.
I'd love to hear your feedback on the "Terminal" UI and if you've encountered this AVS blindness before.
A friend of mine recently got his Stripe account banned due to card testing attacks. He thought he was safe because he had "Stripe Radar" enabled.
The Problem: Upon auditing his logs, we discovered that 30% of his transactions had no billing address. It turns out Stripe's default Checkout (especially with Apple Pay/Link) doesn't force address collection. Without an address, AVS (Address Verification Service) is skipped, and Radar rules based on location are completely bypassed. I call these "Ghost Transactions".
The Solution: I built GhostAudit to scan for this specific vulnerability.
How it works: It fetches your last 100 transactions (via a Restricted Read-Only Key) and calculates your "Ghost Rate".
Security: Keys are processed in-memory, never stored. The app is open about what permissions it needs (Read-only Charges).
Pricing: It's a one-time $29.9 audit (I hate subscriptions for simple tools). There is a free check to see if you are exposed.
Tech Stack: Next.js, Tailwind, Shadcn UI.
I'd love to hear your feedback on the "Terminal" UI and if you've encountered this AVS blindness before.
Link: https://ghostaudit.io