{"title":"Risk management","category":"default","creationDate":1672058040,"content":"<div class=\"additional-info-block output-inline\">\n<h5 class=\"article__heading additional-info-block__title\">Risk webinars<\/h5><div class=\"additional-info-block__body\"><p>You can also learn how to use Adyen's fraud and dispute management tools in an upcoming Risk webinar.<br \/><a href=\"https:\/\/help.adyen.com\/academy\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Sign up here.<\/a><\/p><\/div><\/div>\n\n<p>You can use our risk management system, <a href=\"\/pt\/risk-management\">RevenueProtect<\/a>, to minimize fraud by applying risk rules before processing a transaction. For most point-of-sale transactions, you do not need RevenueProtect because the risk for in-person payments is significantly lower than for ecommerce and most risk rules do not apply.<\/p>\n<p>However, for riskier point-of-sale transactions like <a href=\"\/pt\/point-of-sale\/mail-and-telephone-order-moto\">Mail Order\/Telephone Order (MOTO)<\/a> and <a href=\"\/pt\/point-of-sale\/enter-payment-manually\">Manual Key Entry (MKE)<\/a>, you can enable risk rules in your Customer Area. Based on your risk settings, every transaction gets a risk score ranging from 0 to 100. When the risk score reaches 100, the transaction is declined and the terminal shows <strong>Card blocked<\/strong>.<\/p>\n<div class=\"notices yellow\">\n<p>MOTO and MKE payments are considered <a href=\"\/pt\/point-of-sale\/what-we-support\/payment-methods#pos-chargebacks\">insecure<\/a>. There is no liability shift and you are fully liable for <a href=\"\/pt\/point-of-sale\/what-we-support\/payment-methods#pos-chargebacks\">fraud chargebacks<\/a> when accepting MOTO and MKE payments.<\/p>\n<\/div>\n<h2 id=\"enable-risk-pos\">Step 1: Enable risk rules for point of sale<\/h2>\n<p>To turn on the Adyen risk management system for point of sale:<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a> and select an account:\n<ul>\n<li>Company account: to enable risk checks by default for all point-of-sale transactions on all your merchant accounts.<\/li>\n<li>Merchant account: to enable risk checks only for point-of-sale transactions on a specific merchant account.<\/li>\n<\/ul><\/li>\n<li>Go to <strong>Revenue &amp; risk<\/strong> &gt; <strong>Settings<\/strong> and stay on the <strong>Global settings<\/strong> tab.<\/li>\n<li>Under <strong>Enable risk<\/strong>, select <strong>On<\/strong>.<\/li>\n<li>Under <strong>Perform risk checks on point of sale (POS)<\/strong>, select <strong>Enable<\/strong>.\n<div class=\"notices green\">\n<p>On a merchant account, you first need to select <strong>Override company setting<\/strong>.<\/p>\n<\/div><\/li>\n<li>At the bottom, select <strong>Save configuration<\/strong>.<\/li>\n<\/ol>\n<h2 id=\"create-risk-profile\">Step 2: Create a risk profile for point of sale<\/h2>\n<p>When you turn on the risk management system, the default risk profile of the company applies. Many rules in the default risk profile are not suitable for point-of-sale transactions. Therefore, if you only process point-of-sale transactions on your merchant account, we recommend you create a dedicated risk profile with risk rules configured specifically for point of sale.<\/p>\n<ol>\n<li>In your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>, select your company account.<\/li>\n<li>Go to <strong>Revenue &amp; risk<\/strong> &gt; <strong>Risk profiles<\/strong>.<\/li>\n<li>In the top right, select <strong>Create new profile<\/strong>.<\/li>\n<li>Enter a name for your profile.<\/li>\n<li>For the template, under <strong>Based on profile<\/strong>, select the default company profile.<\/li>\n<li>Select <strong>Create<\/strong>, and then select <strong>Edit profile information<\/strong>.<\/li>\n<li>Under <strong>Merchant accounts<\/strong>, select the point-of-sale merchant accounts that you want to apply the risk rules to. Select <strong>Save changes<\/strong>.<\/li>\n<li>In the <strong>Risk rules<\/strong> tab, <a href=\"#disable-risk-rules\">disable unnecessary risk rules<\/a>. Select <strong>Save changes<\/strong>.<br \/>\nAt least, you must disable:\n<ul>\n<li>Multiple distinct IP address used<\/li>\n<li>Shopper used shared IP address<\/li>\n<li>Multiple distinct shopper references used<\/li>\n<\/ul><\/li>\n<li><a href=\"#custom-risk-rules\">Configure custom risk rules<\/a>.<\/li>\n<li>Select <strong>Save changes<\/strong>.<\/li>\n<\/ol>\n<h2 id=\"disable-risk-rules\">Step 3: Disable unnecessary risk rules<\/h2>\n<p>Most risk rules are designed to minimize the risk of ecommerce transactions. To ensure the point-of-sale transactions are not declined unnecessarily:<\/p>\n<ol>\n<li>In your <a href=\"#create-risk-profile\">risk profile for point of sale<\/a>, under <strong>Risk rules<\/strong> &gt; <strong>Standard rules<\/strong> &gt; <a href=\"\/pt\/risk-management\/configure-manual-risk\/standard-risk-rules#shopperdna-rules\">\n  <strong>ShopperDNA<\/strong>\n<\/a>, disable the following risk rules:\n<ul>\n<li><strong>Multiple distinct IP addresses used<\/strong> and <strong>Shopper used shared IP address<\/strong>: because terminals use the IP address of the store, the cards of multiple shoppers will use the same IP address. If you do not disable these rules, point-of-sale transactions will be declined.<\/li>\n<li><strong>Multiple distinct shopper references<\/strong>: the <a href=\"\/pt\/point-of-sale\/loyalty\">shopper reference<\/a> is a unique identifier for a shopper that you send in the payment request. If you do not disable this rule, the transaction is declined if the same shopper has multiple shopper references (for example, due to using the card in different stores).<\/li>\n<\/ul><\/li>\n<li>Optionally, disable all other rules, except for <strong>Velocity<\/strong> and <strong>Consistency<\/strong> and rules that you want to <a href=\"#custom-risk-rules\">customize<\/a>.<\/li>\n<\/ol>\n<h2 id=\"custom-risk-rules\">Step 4: (Optional) Configure custom risk rules<\/h2>\n<p>For a MOTO transaction, you enter the card number and CVV. For an MKE transaction, shoppers enter the card number and the expiry date, and provide their signature. To enable the most important risk rules for these point-of-sale transactions:<\/p>\n<ol>\n<li>In your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>, go to your <a href=\"#create-risk-profile\">risk profile for point of sale<\/a>.<\/li>\n<li>Under <strong>Risk rules<\/strong> &gt; <strong>Standard rules<\/strong> &gt; <a href=\"\/pt\/risk-management\/configure-standard-risk-rules\/consistency-rules\">\n  <strong>Consistency<\/strong>\n<\/a>, enable rules based on:\n<ul>\n<li><a href=\"\/pt\/risk-management\/avs-checks\">AVS checks<\/a> (only if you send the street address and the ZIP\/postal code of the shopper)<\/li>\n<li><strong>Card Verification Code (CVC2\/CVV2\/CID) does not match<\/strong><\/li>\n<\/ul><\/li>\n<li>Under <strong>Risk rules<\/strong> &gt; <strong>Standard rules<\/strong> &gt; <a href=\"\/pt\/risk-management\/configure-manual-risk\/standard-risk-rules#velocity-rules\">\n  <strong>Velocity<\/strong>\n<\/a>, enable rules based on the number of transactions a shopper attempts in a given time.<\/li>\n<li>To target specific behaviors, add <a href=\"\/pt\/risk-management\/configure-manual-risk\/configure-custom-risk-rules\">\n  <strong>Custom risk rules<\/strong>\n<\/a>.<br \/>\nCustom risk rules can make sense if you send additional data in your payment request, like <code>shopperEmail<\/code>.<\/li>\n<\/ol>\n<h2>Testing<\/h2>\n<p>When the transaction gets declined due to a risk rule, the <a href=\"\/pt\/point-of-sale\/basic-tapi-integration\/make-a-payment#payment-response\">\n  <code>PaymentResponse<\/code>\n<\/a> includes:<\/p>\n<ul>\n<li><code>Result<\/code>: <span translate=\"no\"><strong>Failure<\/strong><\/span><\/li>\n<li><a href=\"\/pt\/point-of-sale\/error-scenarios#error_conditions\">\n  <code>error condition<\/code>\n<\/a>: <span translate=\"no\"><strong>Refusal<\/strong><\/span><\/li>\n<li><code>AdditionalResponse<\/code>: provides more information about why the transaction was declined in the following fields:\n<ul>\n<li><code>refusalReason<\/code>: <span translate=\"no\"><strong>199 Card blocked<\/strong><\/span><\/li>\n<li><code>message<\/code>: <span translate=\"no\"><strong>BLOCK_CARD<\/strong><\/span><\/li>\n<\/ul><\/li>\n<\/ul>\n<p>Here's an example failure response for a declined payment:<\/p>\n<pre><code class=\"language-json\">{\n\"SaleToPOIResponse\": {\n      \"MessageHeader\": {...},\n      \"PaymentResponse\": {\n         \"POIData\": {...},\n         \"PaymentReceipt\": {...},\n         \"PaymentResult\": {...},\n         \"SaleData\": {...},\n         \"Response\": {\n            \"AdditionalResponse\": \"refusalReason=199%20Card%20blocked...&amp;message=BLOCK_CARD...\",\n            \"ErrorCondition\": \"Refusal\",\n            \"Result\": \"Failure\"\n         }\n      }\n   }\n}<\/code><\/pre>\n<p>To test how your integration handles refusals due to a risk rule, <a href=\"\/pt\/point-of-sale\/testing-pos-payments\/test-card-v2#testing-declines\">simulate<\/a> a specific declined payment:<\/p>\n<ol>\n<li>Make a test payment for an amount with 125 as the last three digits of the <code>RequestedAmount<\/code> (for example, 101.25 or 21.25).<\/li>\n<li>In the response, check that the error condition is <span translate=\"no\"><strong>Refusal<\/strong><\/span> and the refusal reason is <span translate=\"no\"><strong>Card blocked<\/strong><\/span>.<\/li>\n<li>Make sure that your integration doesn't retry the transaction.<\/li>\n<\/ol>\n<h2>See also<\/h2>\n<div class=\"see-also-links output-inline\" id=\"see-also\">\n<ul><li><a href=\"\/point-of-sale\/mail-and-telephone-order-moto\"\n                        target=\"_self\"\n                        >\n                    Mail Order\/Telephone Order (MOTO)\n                <\/a><\/li><li><a href=\"\/point-of-sale\/enter-payment-manually\"\n                        target=\"_self\"\n                        >\n                    Manually enter payments (MKE)\n                <\/a><\/li><li><a href=\"\/risk-management\/create-and-use-risk-profiles\"\n                        target=\"_self\"\n                        >\n                    Create and use risk profiles\n                <\/a><\/li><li><a href=\"\/risk-management\/configure-manual-risk\/standard-risk-rules\"\n                        target=\"_self\"\n                        >\n                    Configure standard risk rules\n                <\/a><\/li><li><a href=\"\/risk-management\/configure-manual-risk\/configure-custom-risk-rules\"\n                        target=\"_self\"\n                        >\n                    Configure custom risk rules\n                <\/a><\/li><\/ul><\/div>\n","url":"https:\/\/docs.adyen.com\/pt\/point-of-sale\/risk-management-pos","articleFields":{"description":"Use our risk management solution to reduce the risk of fraud for MOTO and MKE transactions.","feedback_component":true,"last_edit_on":"26-12-2022 13:34"},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/point-of-sale\/risk-management-pos","title":"Risk management","content":"\nRisk webinarsYou can also learn how to use Adyen's fraud and dispute management tools in an upcoming Risk webinar.Sign up here.\n\nYou can use our risk management system, RevenueProtect, to minimize fraud by applying risk rules before processing a transaction. For most point-of-sale transactions, you do not need RevenueProtect because the risk for in-person payments is significantly lower than for ecommerce and most risk rules do not apply.\nHowever, for riskier point-of-sale transactions like Mail Order\/Telephone Order (MOTO) and Manual Key Entry (MKE), you can enable risk rules in your Customer Area. Based on your risk settings, every transaction gets a risk score ranging from 0 to 100. When the risk score reaches 100, the transaction is declined and the terminal shows Card blocked.\n\nMOTO and MKE payments are considered insecure. There is no liability shift and you are fully liable for fraud chargebacks when accepting MOTO and MKE payments.\n\nStep 1: Enable risk rules for point of sale\nTo turn on the Adyen risk management system for point of sale:\n\nLog in to your Customer Area and select an account:\n\nCompany account: to enable risk checks by default for all point-of-sale transactions on all your merchant accounts.\nMerchant account: to enable risk checks only for point-of-sale transactions on a specific merchant account.\n\nGo to Revenue &amp; risk &gt; Settings and stay on the Global settings tab.\nUnder Enable risk, select On.\nUnder Perform risk checks on point of sale (POS), select Enable.\n\nOn a merchant account, you first need to select Override company setting.\n\nAt the bottom, select Save configuration.\n\nStep 2: Create a risk profile for point of sale\nWhen you turn on the risk management system, the default risk profile of the company applies. Many rules in the default risk profile are not suitable for point-of-sale transactions. Therefore, if you only process point-of-sale transactions on your merchant account, we recommend you create a dedicated risk profile with risk rules configured specifically for point of sale.\n\nIn your Customer Area, select your company account.\nGo to Revenue &amp; risk &gt; Risk profiles.\nIn the top right, select Create new profile.\nEnter a name for your profile.\nFor the template, under Based on profile, select the default company profile.\nSelect Create, and then select Edit profile information.\nUnder Merchant accounts, select the point-of-sale merchant accounts that you want to apply the risk rules to. Select Save changes.\nIn the Risk rules tab, disable unnecessary risk rules. Select Save changes.\nAt least, you must disable:\n\nMultiple distinct IP address used\nShopper used shared IP address\nMultiple distinct shopper references used\n\nConfigure custom risk rules.\nSelect Save changes.\n\nStep 3: Disable unnecessary risk rules\nMost risk rules are designed to minimize the risk of ecommerce transactions. To ensure the point-of-sale transactions are not declined unnecessarily:\n\nIn your risk profile for point of sale, under Risk rules &gt; Standard rules &gt; \n  ShopperDNA\n, disable the following risk rules:\n\nMultiple distinct IP addresses used and Shopper used shared IP address: because terminals use the IP address of the store, the cards of multiple shoppers will use the same IP address. If you do not disable these rules, point-of-sale transactions will be declined.\nMultiple distinct shopper references: the shopper reference is a unique identifier for a shopper that you send in the payment request. If you do not disable this rule, the transaction is declined if the same shopper has multiple shopper references (for example, due to using the card in different stores).\n\nOptionally, disable all other rules, except for Velocity and Consistency and rules that you want to customize.\n\nStep 4: (Optional) Configure custom risk rules\nFor a MOTO transaction, you enter the card number and CVV. For an MKE transaction, shoppers enter the card number and the expiry date, and provide their signature. To enable the most important risk rules for these point-of-sale transactions:\n\nIn your Customer Area, go to your risk profile for point of sale.\nUnder Risk rules &gt; Standard rules &gt; \n  Consistency\n, enable rules based on:\n\nAVS checks (only if you send the street address and the ZIP\/postal code of the shopper)\nCard Verification Code (CVC2\/CVV2\/CID) does not match\n\nUnder Risk rules &gt; Standard rules &gt; \n  Velocity\n, enable rules based on the number of transactions a shopper attempts in a given time.\nTo target specific behaviors, add \n  Custom risk rules\n.\nCustom risk rules can make sense if you send additional data in your payment request, like shopperEmail.\n\nTesting\nWhen the transaction gets declined due to a risk rule, the \n  PaymentResponse\n includes:\n\nResult: Failure\n\n  error condition\n: Refusal\nAdditionalResponse: provides more information about why the transaction was declined in the following fields:\n\nrefusalReason: 199 Card blocked\nmessage: BLOCK_CARD\n\n\nHere's an example failure response for a declined payment:\n{\n\"SaleToPOIResponse\": {\n      \"MessageHeader\": {...},\n      \"PaymentResponse\": {\n         \"POIData\": {...},\n         \"PaymentReceipt\": {...},\n         \"PaymentResult\": {...},\n         \"SaleData\": {...},\n         \"Response\": {\n            \"AdditionalResponse\": \"refusalReason=199%20Card%20blocked...&amp;message=BLOCK_CARD...\",\n            \"ErrorCondition\": \"Refusal\",\n            \"Result\": \"Failure\"\n         }\n      }\n   }\n}\nTo test how your integration handles refusals due to a risk rule, simulate a specific declined payment:\n\nMake a test payment for an amount with 125 as the last three digits of the RequestedAmount (for example, 101.25 or 21.25).\nIn the response, check that the error condition is Refusal and the refusal reason is Card blocked.\nMake sure that your integration doesn't retry the transaction.\n\nSee also\n\n\n                    Mail Order\/Telephone Order (MOTO)\n                \n                    Manually enter payments (MKE)\n                \n                    Create and use risk profiles\n                \n                    Configure standard risk rules\n                \n                    Configure custom risk rules\n                \n","type":"page","locale":"pt","boost":18,"hierarchy":{"lvl0":"Home","lvl1":"Terminais","lvl2":"Risk management"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/point-of-sale","lvl2":"\/pt\/point-of-sale\/risk-management-pos"},"levels":3,"category":"In-person payments","category_color":"green","tags":["management"]}}