The content on this page applies to the latest risk engine. If you use the classic risk engine, refer to Configure your risk profile (classic). See the risk management overview for the differences.
Risk profiles let you manage which risk rules you apply to payments made on a merchant account.
When you use Protect, Adyen's risk management tool, and you have created and assigned at least one risk profile, you can configure risk rules to fine-tune your profile.
Risk rules
Risk rules can be risk lists, custom rules or machine learning rules. Risk lists let you block or allow a transaction based on Adyen's data, your own data, or lists provided by third parties. Machine learning rules evaluate the fraud risk of transactions based on global transaction data or suspicious patterns. With premium features enabled, you can create custom rules to complement the risk evaluation.
Which risk rules you can use or configure depends on whether you use Protect basic, or if you have enabled premium features:
| Basic | Premium |
|---|---|
| Adyen-provided risk lists | Adyen-provided risk lists and custom lists |
| Machine learning rule: bot attack risk | Machine learning rule: bot attack risk |
| Machine learning rule: fraud risk | |
| Create, backtest and label custom rules | |
| Dynamic 3D Secure in combination with custom rules |
Each risk profile contains a set of risk rules. Risk rules can trigger before or after authorization:
- Pre-authorization: the risk rule conditions are assessed before the payment is authorized.
- Post-authorization: the risk rule conditions are assessed after the payment is authorized. In post-authorization rules, the risk evaluation can take extra signals into account that are only available after authorization. For example authentication results, CVC/CVV codes, or AVS responses.
A risk rule triggers when a transaction matches the conditions of the rule. When the risk rule triggers, Protect takes one of the following actions:
- Allow: the transaction is allowed.
- Block: the transaction is blocked.
- Review (premium): the transaction is sent to case management.
- Check for 3DS (premium): when you link a custom rule to Dynamic 3D Secure, you can request a specific 3D Secure flow for a transaction that matches the custom rule.
Allow rules have the highest priority within a risk profile. This means that when an Allow rule is triggered, it will override any Block or Review rules.
In the same way, post-authorization rules have priority over pre-authorization rules. This means that a decision made before authorization can still be overridden when a post-authorization risk rule triggers. The only exception is when a transaction is blocked before it is authorized. In that case, the transaction will not trigger any post-authorization risk rules.
Risk rules trigger based on information that is included in a payment request. Protect can make better decisions if you include more fields in the payment request, and some risk lists require specific fields to work.
Fine-tune your risk profile
Used risk before?
If you configured a risk profile before and transitioned to the latest risk profile, check out these best practices.
You can use risk lists to block or allow specific transaction properties. We have grouped together the default, Adyen-provided risk lists.
When you enable premium features, you can add custom rules to complement the fraud risk evaluation. When you configure a rule in your risk profile, you configure which action should be taken when a transaction matches that rule.
For each rule, you configure if the rule should run before or after authorization, and what to do if a transaction matches the rule: Allow, Block, Review, or Check for 3DS.
You can also label your custom rules for easy classification, and to further personalize your risk profile setup.
Extra risk management features
You can continue to use extra risk features such as case management (premium) and Dynamic 3D Secure.
View risk results
You can see the risk decisions on the Risk results page.
To open the Risk results page in your live Customer Area:
- Switch to a merchant account using the latest version of the risk profile.
- Go to Transactions > Payments.
- Select the Risk score for a payment from the payments overview to open the Risk results page.
You can see the decision outcome at the top of the page.
Apart from the overall risk result, you can also see which rules were triggered, if they triggered before or after authorization, and which actions were taken.
View risk profile analytics
When you enable premium features, you can get insights into how each risk rule performs and monitor overall performance of a risk profile in your live Customer Area. Authorization, refusal, and chargeback rates and statistics are available for both risk rules and the risk profile. On top of backtesting, this data can help you pinpoint underperforming risk profiles or rules, and analyze and monitor the impact of changes.
To view profile analytics:
- Go to Revenue & risk > Risk profiles.
- Select a premium profile.
- In the Profile overview, you can see the profile analytics data.
To view risk rule performance:
- Go to Revenue & risk > Risk profiles.
- Select a premium profile.
- Select Risk rules.
- Select Allow, Block, or Review and select the rule you want to evaluate.
- Select Transactions matched > View all transactions that matched the rule’s criteria to see more details.
Best practices after transition
If your company transitioned from classic risk to the latest risk profile, you will notice that the risk profile has changed.
After the transition, you can no longer change classic risk profiles or assign them to merchant accounts, but you can still view previously created profiles.
You may have to take specific actions to make sure that your new risk profile meets the needs specific to your business. See How can I transition to Adyen's new risk engine? for more details and determine which actions apply to you.