Back to home

Fraud Prevention & Monitoring Policy

Effective: June 2026

mikomiko is committed to maintaining a secure payment environment and to preventing fraudulent, unauthorized, or abusive transactions. This policy describes the preventive controls, detection and monitoring activities, and incident response procedures that make up our fraud-risk management program. It applies to all purchases made through our Services, including subscription plans and credit purchases, and to all payment methods and processors we use.

1. What We Treat as Fraud and Abuse

  • Use of stolen, unauthorized, or invalid payment credentials.
  • Unauthorized transactions where the legitimate cardholder did not consent to the purchase.
  • Account takeover, credential stuffing, and unauthorized access to user accounts.
  • Friendly fraud, including disputing or charging back a legitimate purchase that was actually received and used.
  • Promotion, referral, free-credit, or trial abuse, including creating multiple or fake accounts to obtain benefits.
  • Money laundering, transaction structuring, or use of the Services to disguise the origin of funds.
  • Automated abuse, including bots and scripted purchasing or resource consumption.

2. Preventive Controls

2.1 Secure payment processing

  • Payments are processed through established third-party payment processors. mikomiko does not store full card numbers or sensitive authentication data on its own servers.
  • Card transactions are handled by PCI-DSS compliant processors, and we rely on their tokenization and secure vaulting of payment credentials.
  • All payment-related communications occur over encrypted (TLS) connections.

2.2 Transaction integrity and authentication

  • Server-to-server payment notifications and return callbacks are cryptographically signed, and signatures are verified before any order is marked as paid. Requests that fail verification are rejected.
  • Order amounts, currency, and identifiers are validated against the originating order to prevent tampering and price manipulation.
  • Duplicate-notification and replay protection ensures a transaction is only fulfilled once.
  • Strong Customer Authentication / 3-D Secure is supported where offered by the processor and required by applicable regulation.

2.3 Account security

  • Accounts are protected by authenticated sessions and server-side token validation on protected routes.
  • Sensitive account changes (such as email or password updates) require re-authentication.
  • Suspicious authentication activity can trigger session invalidation and forced re-login.

3. Detection and Monitoring

We monitor transactions and account activity on an ongoing basis to identify patterns consistent with fraud or abuse, combining processor-provided risk signals with our own platform signals:

  • Risk scoring and fraud signals from our payment processors are used to flag or decline high-risk transactions.
  • Velocity checks identify abnormal frequencies of purchases, failed payment attempts, or refunds from a single account, card, device, or IP address.
  • Anomaly detection flags unusual purchase amounts, mismatched geolocation, and rapid account creation.
  • Webhook and order-status reconciliation ensures recorded payment states match processor records.
  • Chargeback and dispute notifications are tracked and correlated to the originating transactions and accounts.

4. Response and Investigation

When potential fraud or abuse is detected, we apply a graduated response based on risk and evidence:

  • Decline or hold the suspect transaction and request additional verification where appropriate.
  • Temporarily restrict affected account features or purchasing ability pending review.
  • Investigate using transaction records, processor risk data, and account history.
  • Reverse or refund unauthorized transactions to the legitimate payment holder where fraud is confirmed.
  • Suspend or terminate accounts engaged in fraud or abuse and revoke fraudulently obtained benefits or credits.
  • Cooperate with payment processors, card networks, and law enforcement, and report activity where required by law.

5. Reporting Suspected Fraud

If you believe your payment method or account has been used without your authorization, contact us immediately so we can investigate and, where appropriate, reverse unauthorized charges and secure your account. Please include the transaction date, amount, and any order or reference identifier. We encourage customers to contact us before initiating a chargeback so that we can resolve the issue directly and quickly. Contact support@mikomiko.ai. We respond within 24–48 hours.

6. Review and Updates

This policy and the underlying controls are reviewed at least annually and whenever there is a material change to our payment providers, regulatory obligations, or risk profile. Records relevant to fraud monitoring and investigations are retained in accordance with applicable law and payment-network requirements.

Contact

For fraud reports or payment-security questions, email support@mikomiko.ai. We respond within 24–48 hours.