Checkout.com uses automated systems to assess fraud risk in payment transactions, and these systems may make decisions about transactions without human review, though individuals can request a human review if the decision significantly affects them.
This analysis describes what Checkout.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Automated fraud decisions can result in transactions being declined or accounts being flagged without any human judgment involved, and individuals may not always know when they have been subject to such a decision or how to challenge it.
Interpretive note: The scope of which automated decisions qualify as having 'significant effects' triggering Article 22 rights is subject to regulatory interpretation and may vary depending on the specific fraud screening context and jurisdiction.
Cardholders whose transactions are declined or flagged through Checkout.com's automated fraud systems may have the right to request a human review of that decision, particularly under GDPR Article 22, but exercising this right requires knowing it exists and contacting the relevant party.
How other platforms handle this
For information on how we process personal data through "profiling" and "automated decision-making", please see our FAQ.
For information on how we process personal data through "profiling" and "automated decision-making", please see our FAQ.
We use Personal Data to detect and prevent fraud, and to develop and improve our fraud detection models and other machine learning systems. This may include using transaction data, device information, and other Personal Data to train and refine our systems.
Monitoring
Checkout.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may use automated decision-making, including profiling, in connection with fraud detection and prevention. You have the right to request human review of any automated decision that significantly affects you.— Excerpt from Checkout.com's Checkout.com Privacy
1. REGULATORY LANDSCAPE: Automated decision-making with significant effects on individuals engages GDPR Article 22, which restricts solely automated decisions producing legal or similarly significant effects and requires human review on request, meaningful information about the logic involved, and the ability to contest the decision. UK GDPR contains equivalent protections. The ICO has published guidance on automated decision-making that is relevant to fraud screening contexts. EU AI Act provisions on high-risk AI systems may also be relevant where fraud scoring systems meet the risk classification thresholds. 2. GOVERNANCE EXPOSURE: Medium. While fraud screening automation is standard in the payments industry, GDPR Article 22 compliance requires documented procedures for human review, transparency obligations about the logic used, and data subject notification. The policy's assertion that human review is available on request must be backed by operational procedures. 3. JURISDICTION FLAGS: EU and UK cardholders have the strongest rights under GDPR Article 22. US users have fewer federal protections in this area, though state laws in California (CCPA/CPRA profiling provisions) may create additional disclosure obligations. Illinois residents may have considerations if biometric data is involved in identity verification combined with fraud scoring. 4. CONTRACT AND VENDOR IMPLICATIONS: Merchants using Checkout.com's fraud detection products should confirm that their own privacy notices disclose automated decision-making and that they have mechanisms for receiving and routing cardholder Article 22 requests. Vendor assessments should cover the data inputs to fraud scoring models, retention of scoring data, and model documentation. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should document the automated decision-making processes used in fraud screening, prepare Article 22 response procedures including human review workflows, and ensure data subjects are informed about automated processing in an accessible manner. AI Act readiness assessments may be warranted for fraud scoring systems deployed in EU contexts.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Automated fraud decisions can result in transactions being declined or accounts being flagged without any human judgment involved, and individuals may not always know when they have been subject to such a decision or how to challenge it.
Cardholders whose transactions are declined or flagged through Checkout.com's automated fraud systems may have the right to request a human review of that decision, particularly under GDPR Article 22, but exercising this right requires knowing it exists and contacting the relevant party.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Checkout.com.