Block and trust lists, also called referrals, let you influence the risk score of transactions based on your own data, and lists provided by third parties.
When they trigger, referrals contribute to the total risk score of a transaction.
How referrals work
By default, block and trust lists are aggregated and maintained per company account. This means you can provide a setting once and apply it to all merchant accounts under the company account. If you want to have separate referrals for each merchant account, you can configure this in your risk settings.
Referrals apply to payments made with credit and debit cards, SEPA Direct Debit and PayPal by default. If you are using more payment methods, and want to include them in the risk evaluation, make sure you add the payment method in your risk settings.
After you have added referrals, you can configure them in different ways for different risk profiles.
Make sure that you submit the required fields in the payment request to trigger the referral. For example, if you have set up block and trust lists for shopper email addresses, make sure you include the
Turn on and configure block and trust lists
To use a block or trust list, you have to enable the block and trust list and assign a risk score to increase (block), or decrease (trust) the risk score of transactions that match items in the list. Then, you can add items to the block and trust list.
You can manage block and trust lists in multiple ways:
Use the Customer Area
- Log in to your Customer Area.
- Go to Risk > Risk profiles.
- Select a risk profile.
- Select the Manual risk tab.
If you do not see the Manual risk tab, it will be available for you soon. We are working on a new layout of the risk profile.
- Select Block and trust lists to view or edit a list, and configure the settings.
You can block, trust or remove single items. For some lists, you can upload multiple items using CSV files. You can find the details for each referral in your Customer Area.
You can also block or trust a payment attribute using the Fraud Control widget on the payment details page for a specific payment.
Use an API
There are different types of referrals:
- Block and trust lists based on shopper details.
- Block and trust lists based on card or bank account details.
- Block lists provided by schemes.
Shopper detail referrals
The following referrals trigger when the payment request includes certain shopper details.
|Email domain||Triggers if the shopper's email domain is on your block or trust list.||
|PayPal Payer ID||Triggers based on the provided shopper PayPal Payer ID. Provide a value for the PayPal Payer ID in the payment request for this check to work properly.||PayPal Payer ID|
|PayPal account creation blocked country||Triggers if the country where the shopper's PayPal account was created matches a country in this block list. This rule lets you add or remove countries from the list.||PayPal details|
|Persistent cookie||Triggers based on persistent cookies used when making a payment. A persistent cookie is a unique identifier stored in different places on the shoppers' computer or device. This cookie is difficult for the shopper to remove, and can work across browsers.||Cookie details|
|Shopper IP||Triggers based on the IP address of the shopper.||
|Shopper address||Triggers based on the billing or delivery address of the shopper.
The shopper address is not case sensitive. You can add an address to the block or trust list in two formats:
1. Enter a full address
You can provide a full address with the following fields:
To cover a range, you can use wildcards like
Providing a postal code is mandatory, except for addresses in countries that do not use a postal code, such as Hong Kong, Macau, and Ireland.
2. Enter a partial address (postal code and country)
You can provide a partial address with the following fields:
In the referral configuration, you can assign a score for a full match, and for a partial match. A partial match applies when there is a match with:
|Shopper email||Triggers based on the email address of the shopper. These email addresses must be an exact match, or you can use a wildcard to block a range of email addresses.
Provide multiple emails in a CSV file, and use wildcards (
For example, by adding test* to your block list, you can increase the risk score for payments using email addresses like email@example.com.
|Shopper name||Triggers based on the full name of the shopper. This check analyzes both the cardholder name field and, if provided, the passenger name field. The name must be an exact match, and the payment request must contain both a first and last name.||
|Shopper reference||Triggers based on the shopper reference.
The shopper reference is a unique identifier for a shopper. This reference lets you track users across multiple sessions. If you allow shoppers to make payments without logging in, we recommend that you establish a unique shopper reference for each guest transaction.
For this referral to trigger, the shopper reference that you enter on the block or trust list must be an exact match with the shopper reference in the payment request.
|Social Security Number||Triggers based on the shopper's social security number.
This check works on any provided social security-type number, for example Brazilian CPF.
|Telephone number||Triggers based on the provided telephone number of the shopper.||
Card or bank account detail referrals
The following referrals trigger based on card or bank account details included in the payment request.
|Card/bank account number||Triggers if a card or bank account number is on your block list, or on the global block list. To prevent this, add the number to your trust list.
This referral check does not trigger for transactions made with payment method variant directEbanking (Sofort).
|Card/bank account number non-fraud||Triggers if a card or bank account number has been used in chargeback transactions where the chargeback had a non-fraudulent reason, for example, Insufficient Funds. This is a global list across Adyen's entire network.
"Friendly fraud" occurs when good shoppers dispute a payment for a delivered product or service. They may be one-time offenders who are unhappy with the product, or repeat offenders who exploit the system. This risk rule is focused on finding friendly fraudsters and highlighting that they have disputed payments on Adyen's network in the past.
|Bank Identification Number (BIN)||Triggers based on the Bank Identification Number (BIN), the first six to eight digits of a card number.|
Scheme provided block lists
The following schemes provide a block list.
|American Express scheme blocked cards||Triggers if a card is on a block list provided by American Express. This lets you block the transaction before it can be authorised.|
|Carte Bancaire scheme blocked cards||Triggers if a card is on a block list provided by Carte Bancaire. This lets you block the transaction before it can be authorised.|
|CUP scheme blocked cards||Triggers if a card is on a block list provided by Union Pay. This lets you block the transaction before it can be authorised.|