The shopper reference is a unique identifier for a shopper that a merchant provides in the payment request. This is most commonly the unique User ID associated with the user's login alias.
It is common practice for fraudsters to use multiple account logins in an attempt to appear separate, and legitimate users - this includes creating new accounts, utilizing account takeover attack vectors. This check is aimed at identifying users whose Shopper Reference diversity fits the profile of a fraudster.
For this risk check to work properly, it is imperative that merchant's ensure that there is parity between their internal reference numbers/ID associated with a unique user and what they are passing to Adyen via the
Merchants can establish a threshold for both the number of unique email addresses and the timeframe allowed. The default is 2 times over 30 days.
The risk check fires on the transaction after the set threshold. So, if a merchant sets a threshold of 2 in 30 days, it fires on the 3rd shopper reference recorded in that 30-day period.