Risk profiles let you manage which risk rules you apply to payments made on a merchant account.
When you use RevenueProtect, Adyen's risk management tool, and you have configured your risk settings you can create and use risk profiles. Each risk profile contains a set of risk rules and profile settings.
You set up and configure risk profiles on your company account, and you can assign a profile to merchant accounts.
We are working on changes to RevenueProtect to make it easier to configure your risk profile.
Choose a risk profile type
Which type of risk profile you can choose depends on whether you use our basic RevenueProtect solution, or if you have enabled RevenueProtect premium.
You configure risk rules manually, and configure a risk score that is added to or subtracted from the total risk score for a payment when that rule triggers.
The riskier the payment, the higher the risk score. When the total risk score reaches 100, the payment is refused.
A default risk profile is set up for you, with pre-configured settings that are based on your company's industry. By default, all new merchant accounts created in your company account use this default risk profile.
You can update the default profile or create new risk profiles as you see fit. You are responsible for setting up the risk score settings and thresholds for risk rules, and maintaining the risk profiles.
Create a new risk profile
- Log in to your Customer Area with your company account.
- Go to Risk > Risk profiles.
- Select Create new profile.
- In the Profile name, type a name for the new risk profile. Then, from the Based on profile drop down, select the risk profile that will be the template for your new profile.
- Select Create. Refresh the page to see your changes.
When you select a risk profile, you can:
- Assign the risk profile to a merchant account.
- Configure the risk profile settings, for example for case management.
- Configure risk rules for the risk profile.
- (Optional) Find the risk profile reference to assign a risk profile to a payment.
Assign a risk profile to a merchant account
You can assign a profile as the default profile for all your merchant accounts, or create different risk profiles with different risk rule settings for some of your merchant accounts.
To assign a risk profile to a merchant account:
- Open the profile you created.
- Select Edit profile information.
- Under Merchant accounts, select merchant accounts from the list.
- Select Save changes.
For larger lists, use the textbook to enter a comma-separated list.
Case management settings
You can use case management to manually review certain transactions before they are captured. On the risk profile, you can configure two case management settings:
Skip manual review on liability shift
This option on the risk profile lets you control whether transactions with liability shift are sent to case management. You can choose not to manually review cases where the liability has shifted to the issuing bank, for example when the shopper has authenticated by using 3D Secure.
If you have turned on Send to Case Management for an individual risk rule, this overrides Skip manual review on liability shift. The payment goes through 3D Secure and liability has shifted, but the payment still goes to case management.
Minimum score for manual review
This option on the risk profile lets you set a minimum risk score that a payment must have before it is sent to case management for manual review. This way, you have the option to limit the amount of cases.
Assign a risk profile to a payment
You have the option to override the risk profile that is assigned to a merchant account if you want to use a different risk profile for a specific payment.
If you do not provide a risk profile reference in your payment request, the merchant account's default risk profile will be applied to the payment. You can find the risk profile reference when you select a risk profile in your Customer Area.
To assign a specific profile to a payment, you provide the risk profile reference in the payment request. Select which endpoint you use to send in payment requests:
Using the /sessions endpoint: