Risk profiles let you manage which risk rules you apply to payments made on a merchant account.
When you use Protect, Adyen's risk management tool, and you have created and assigned at least one risk profile, you can configure risk rules to fine-tune your profile.
Risk rules
Each risk profile contains a set of risk rules that you can use to fine-tune your profile. Which risk rules you can use or configure depends on whether you use Protect basic, or if you have enabled premium features:
| Basic | Premium |
|---|---|
| Adyen-provided risk lists | Adyen-provided risk lists and custom lists |
| Machine learning rule: bot attack risk | Machine learning rule: bot attack risk |
| Machine learning rule: fraud risk and risk-based authentication | |
| Adyen-provided post-authorization rules | Adyen-provided post-authorization rules |
| Create, backtest, and label custom rules | |
| Dynamic 3D Secure in combination with custom rules |
Risk rules can trigger before or after authorization:
- Pre-authorization: the risk rule conditions are assessed before the payment is authorized. This saves issuer and scheme fees compared to blocking after authorization.
- Post-authorization: the risk rule conditions are assessed after the payment is authorized. In post-authorization rules, the risk evaluation can take extra signals into account that are only available after authorization. For example authentication results, CVC/CVV codes, or AVS responses.
A risk rule triggers when a transaction matches the conditions of the rule. When the risk rule triggers, Protect takes one of the following actions:
- Allow: the transaction is allowed.
- Block: the transaction is blocked.
- Review (premium): the transaction is sent to case management.
- Check for 3DS (premium): when you link a custom rule to Dynamic 3D Secure, you can request a specific 3D Secure flow for a transaction that matches the custom rule.
Allow rules have the highest priority within a risk profile. This means that when an Allow rule is triggered, it will override any Block or Review rules.
In the same way, post-authorization rules have priority over pre-authorization rules. This means that a decision made before authorization can still be overridden when a post-authorization risk rule triggers. The only exception is when a transaction is blocked before it is authorized. In that case, the transaction will not trigger any post-authorization risk rules.
Risk rules trigger based on information that is included in a payment request. Protect can make better decisions if you include more fields in the payment request, and some risk lists require specific fields to work.
Fine-tune your risk profile
You can configure risk rules to fine-tune your risk profile:
- Risk lists: Block or allow a transaction based on Adyen's data, your own data, or lists provided by third parties.
- Post-authorization rules: Influence the risk evaluation with signals that are available after authorization.
- Machine learning rules: Evaluate the fraud risk of transactions based on global transaction data or suspicious patterns.
- Custom rules (premium): Complement the risk evaluation by the machine learning rules, or address risks specific to your business.
When you configure a rule in your risk profile, you configure which action should be taken when a transaction matches that rule: Allow, Block, Review (premium), or Check for 3DS (premium).
View risk results
You can see the risk decisions on the Risk results page.
To open the Risk results page in your live Customer Area:
- Switch to a merchant account.
- Go to Transactions > Payments.
- Select the Risk score for a payment from the payments overview to open the Risk results page.
You can see the decision outcome at the top of the page.
Apart from the overall risk result, you can also see which rules were triggered, if they triggered before or after authorization, and which actions were taken.
View risk profile analytics
When you enable premium features, you can get insights into how each risk rule performs and monitor overall performance of a risk profile. Statistics and authorization, refusal, and chargeback rates are available for both risk rules and the risk profile. On top of backtesting, this data can help you pinpoint underperforming risk profiles or rules, and analyze and monitor the impact of changes.
To view profile analytics, in your live Customer Area:
- Go to Revenue & risk > Risk profiles.
- Select a premium profile.
- To view the analytics data of the profile, in the Profile overview, review the Performance metrics > Overall section.
To view risk rule performance, in your live Customer Area:
- Go to Revenue & risk > Risk profiles.
- Select a premium profile.
- Select Risk rules.
- Select Allow, Block, or Review and select the rule you want to evaluate.
- Select Transactions matched > View all transactions that matched the rule’s criteria to see more details.
To view risk-based authentication performance, in your live Customer Area:
- Go to Revenue & risk > Risk profiles.
- Select a premium profile.
- To see the uplift resulting from this optimization, in the Profile overview, review the Performance metrics > Risk-based authentication section.