Are you looking for test card numbers?

Would you like to contact support?

Point-of-sale icon

Risk management

Use our risk management solution to reduce the risk of fraud for MOTO and MKE transactions.

Risk webinars

You can also learn how to use Adyen's fraud and dispute management tools in an upcoming Risk webinar.
Sign up here.

You can use our risk management system, RevenueProtect, to minimize fraud by applying risk rules before processing a transaction. For most point-of-sale transactions, you don't need RevenueProtect because the risk for in-person payments is significantly lower than for ecommerce and most risk rules do not apply.

However, for riskier point-of-sale transactions like Mail Order/Telephone Order (MOTO) and Manual Key Entry (MKE), you can enable risk rules in your Customer Area. Based on your risk settings, every transaction gets a risk score ranging from 0 to 100. When the risk score reaches 100, the transaction is declined and the terminal shows Card blocked.

MOTO and MKE payments are considered insecure. There is no liability shift and you are fully liable for fraud chargebacks when accepting MOTO and MKE payments.

Step 1: Enable risk rules for point of sale

To turn on the Adyen risk management system for point of sale:

  1. Log into your Customer Area and select an account:
    • Company account: to enable risk checks by default for all point-of-sale transactions on all your merchant accounts.
    • Merchant account: to enable risk checks only for point-of-sale transactions on a specific merchant account.
  2. Go to Risk > Settings and stay on the Global settings tab.
  3. Under Enable risk, select On.
  4. Under Perform risk checks on point of sale (POS), select Enable.

    On a merchant account, you first need to select Override company setting.

  5. At the bottom, select Save configuration.

Step 2: Create a risk profile for point of sale

When you turn on the risk management system, the default risk profile of the company applies. Many rules in the default risk profile are not suitable for point-of-sale transactions.
Therefore, if you only process point-of-sale transactions on your merchant account, we recommend you create a dedicated risk profile with risk rules configured specifically for point of sale.

  1. In your Customer Area, select your company account.
  2. Go to Risk > Risk profiles.
  3. In the top right, select Create new profile.
  4. Enter a name for your profile.
  5. For the template, under Based on Profile, select the default company profile.
  6. Select Create, refresh the page, and open your profile.
  7. Under Used by, select the point-of-sale merchant accounts that you want to apply the risk rules to.
  8. Disable unnecessary risk rules.
    At least, you must disable:
    • Multiple distinct IP address used
    • Shopper used shared IP address
    • Multiple distinct shopper references used
  9. Configure custom risk rules.
  10. At the bottom, select Save profile.

Step 3: Disable unnecessary risk rules

Most risk rules are designed to minimize the risk of ecommerce transactions. To ensure the point-of-sale transactions are not declined unnecessarily:

  1. In your risk profile for point of sale, under ShopperDNA, disable the following risk rules:
  2. Optionally, disable all other rules, except for Velocity and Consistency and rules that you want to customize.

Step 4: (Optional) Configure custom risk rules

MOTO and MKE transactions typically send just the card number, expiry date, and CVV. To enable the most important risk rules for point-of-sale transactions:

  1. In your Customer Area, go to your risk profile for point of sale.
  2. Under Consistency, enable rules based on:
    • AVS checks (only if you send the street address and the ZIP/postal code of the shopper)
    • CVV checks
  3. Under Velocity, enable rules based on the number of transactions a shopper attempts in a given time.

If you send additional data fields in your payment request (for example shopperName, shopperEmail) different risk rules may make sense for your exact use case.
To target specific behaviors, add Custom Rules to your point-of-sale risk profile.

Testing

When the transaction gets declined due to a risk rule, the PaymentResponse includes:

  • Result: Failure
  • error condition : Refusal
  • AdditionalResponse: provides more information about why the transaction was declined in the following fields:
    • refusalReason: 199 Card blocked
    • message BLOCK_CARD

Here's an example failure response for a declined payment:

{
"SaleToPOIResponse": {
      "MessageHeader": {...},
      "PaymentResponse": {
         "POIData": {...},
         "PaymentReceipt": {...},
         "PaymentResult": {...},
         "SaleData": {...},
         "Response": {
            "AdditionalResponse": "refusalReason=199%20Card%20blocked...&message=BLOCK_CARD...",
            "ErrorCondition": "Refusal",
            "Result": "Failure"
         }
      }
   }
}

To test how your integration handles refusals due to a risk rule, simulate a specific declined payment:

  1. Make a test payment for an amount with 125 as the last three digits of the RequestedAmount (for example, 101.25 or 21.25).
  2. In the response, check that the error condition is Refusal and the refusal reason is Card blocked.
  3. Make sure your integration doesn't retry the transaction.

See also