Checkout.com uses automated systems to assess fraud risk in payment transactions, and these systems may make decisions about transactions without human review, though individuals can request a human review if the decision significantly affects them.
This analysis describes what Checkout.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Automated fraud decisions can result in transactions being declined or accounts being flagged without any human judgment involved, and individuals may not always know when they have been subject to such a decision or how to challenge it.
Interpretive note: The scope of which automated decisions qualify as having 'significant effects' triggering Article 22 rights is subject to regulatory interpretation and may vary depending on the specific fraud screening context and jurisdiction.
Cardholders whose transactions are declined or flagged through Checkout.com's automated fraud systems may have the right to request a human review of that decision, particularly under GDPR Article 22, but exercising this right requires knowing it exists and contacting the relevant party.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Checkout.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may use automated decision-making, including profiling, in connection with fraud detection and prevention. You have the right to request human review of any automated decision that significantly affects you.— Excerpt from Checkout.com's Checkout.com Privacy
1. REGULATORY LANDSCAPE: Automated decision-making with significant effects on individuals engages GDPR Article 22, which restricts solely automated decisions producing legal or similarly significant effects and requires human review on request, meaningful information about the logic involved, and the ability to contest the decision. UK GDPR contains equivalent protections. The ICO has published guidance on automated decision-making that is relevant to fraud screening contexts. EU AI Act provisions on high-risk AI systems may also be relevant where fraud scoring systems meet the risk classification thresholds. 2. GOVERNANCE EXPOSURE: Medium. While fraud screening automation is standard in the payments industry, GDPR Article 22 compliance requires documented procedures for human review, transparency obligations about the logic used, and data subject notification. The policy's assertion that human review is available on request must be backed by operational procedures. 3. JURISDICTION FLAGS: EU and UK cardholders have the strongest rights under GDPR Article 22. US users have fewer federal protections in this area, though state laws in California (CCPA/CPRA profiling provisions) may create additional disclosure obligations. Illinois residents may have considerations if biometric data is involved in identity verification combined with fraud scoring. 4. CONTRACT AND VENDOR IMPLICATIONS: Merchants using Checkout.com's fraud detection products should confirm that their own privacy notices disclose automated decision-making and that they have mechanisms for receiving and routing cardholder Article 22 requests. Vendor assessments should cover the data inputs to fraud scoring models, retention of scoring data, and model documentation. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should document the automated decision-making processes used in fraud screening, prepare Article 22 response procedures including human review workflows, and ensure data subjects are informed about automated processing in an accessible manner. AI Act readiness assessments may be warranted for fraud scoring systems deployed in EU contexts.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Automated fraud decisions can result in transactions being declined or accounts being flagged without any human judgment involved, and individuals may not always know when they have been subject to such a decision or how to challenge it.
Cardholders whose transactions are declined or flagged through Checkout.com's automated fraud systems may have the right to request a human review of that decision, particularly under GDPR Article 22, but exercising this right requires knowing it exists and contacting the relevant party.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Checkout.com.