The shopper reference is a unique identifier for a shopper that a merchant provides in the payment request. This is most commonly the unique User ID associated with the user's login alias.
It is common practice for fraudsters to use multiple account logins in an attempt to appear separate, and legitimate users - this includes creating new accounts, utilizing account takeover attack vectors. This check is aimed at identifying users whose Shopper Reference diversity fits the profile of a fraudster.
For this risk check to work properly, it is imperative that merchant's ensure that there is parity between their internal reference numbers/ID associated with a unique user and what they are passing to Adyen via the
You can establish a threshold for both the number of unique email addresses and the timeframe allowed. The default is 2 times over 30 days.
The risk check fires on the transaction after the set threshold. So, if you set a threshold of 2 in 30 days, it fires after the shopper uses the third shopper reference recorded in that 30-day period.