Search

Are you looking for test card numbers?

Would you like to contact support?

Risk-management icon

Configure custom risk rules

Build your own custom rules around the unique fraud risks faced by your business.

In addition to using our standard risk rules, you can create your own custom risk rules. You can use these to refuse a transaction, or to send it for case management.

Custom risk rules are a RevenueProtect premium feature. If you have questions about RevenueProtect premium, contact our Support Team.

To build your custom risk rules:

  1. Decide when your rule should trigger.
  2. Set up risk variables.
  3. Create the rule.
  4. Assign an action to the rule.
  5. Test the rule.

Example scenario

As a webshop owner you find out certain purchases by a guest user have an increased fraud risk. You decide to build a custom rule to offset this risk.

Your custom rule adds 20 risk points if the shopper:

  • Is a guest user.
  • Is buying more than 2 items from a list of restricted products.

Step 1: Decide when your custom rule should trigger

When you create a custom risk rule, you can choose to trigger the rule before or after authorisation. For example, when you create a risk rule that triggers after authorisation, you can take additional details from the authorisation response into consideration, such as the AVS response, the CVC2 response, or the liability shift status. In this way, you can take a more flexible approach to mitigating risks.

The variables you use in your custom rule determine if the rule can be triggered before or after authorisation:

Variable Before authorisation After authorisation
Custom fields -white_check_mark- -white_check_mark-
Custom lists -white_check_mark- -x-

When you use RevenueProtect premium, Adyen also provides a number of risk fields that you can use in your custom rule. To use an Adyen-provided field, you have to enable the field for your company in your Customer Area.

For the example scenario, we don't need to take into consideration details from the authorisation response.

Step 2: Set up risk variables

The risk variables in your custom risk rules can be:

  • Custom fields defined by you.
  • Risk fields provided by Adyen.
  • Custom list comparisons.

For the example scenario you need all three types of variables:

  • For the user type, you need to create a custom field.
  • To use the shopper's basket items in your rule, you need to enable Adyen-provided risk fields for basket items.
  • To check the items in the shopper's basket against your list of restricted products, you need to create a custom list comparison.

Create custom fields

  1. Log in to your Customer Area and stay in your company account.
  2. Go to Risk > Custom risk fields.
  3. Select New variable > Custom Field and provide the details for your custom field.

For the example scenario, you create a custom field for the shopper user type with the following details:

  • Name: userType
  • Data type: String
  • Field description: The type of user making the payment

You assign a value to your custom field when you make a payment request, providing the riskdata.[customFieldName] in the additionalData object of your /payments or /authorise request. For an example, see how to assign a value to riskdata.userType in the Test the rule section.

Now that you've created a custom field, the following steps show how to use it as part of a custom risk rule.

Create a custom list comparison

A custom list comparison lets you compare risk field values against block and trust lists, which includes custom lists. For custom lists you can add expiry dates for list entries. Field values are only compared against list entries that have not expired.

In the example scenario, you want to check if the shopper has more than 2 items from a list of restricted items that you define.

To do this, you first create your custom list containing restricted items. Then, you create the list comparison that checks if the shopper's basket has any restricted items:

  1. Create your list:

    1. From your Customer Area company account, go to Risk > Block and trust lists.
    2. Select Create new list.
    3. Enter the list name and select Create list. In the example scenario, we're creating a list called Restricted items.
  2. Select the list you just created and add items to it. You can either:

    • Select Add item and provide details for your entry:
      • Item: The list item, in the example scenario, the product title for the restricted item.
      • Reason: (Optional) Any information useful to you about why the item is part of the list.
      • Expire date: (Optional) Expiry date for the list entry. The date must be in the future and if empty, we assign 9999-12-30 23:00:00+01.
    • Select Upload CSV and upload a CSV file containing your list, for example:
      item,reason,expiredate
      Signature shirt,Limited edition,2021-11-10
      Golden shoes,,
      Designer bag,Limited edition,
      are vintage hat,,2021-11-10
  3. Define the list comparison:

    1. Go to Risk > Custom risk fields.
    2. Select New variable > List comparison and provide the details for your comparison:
      • Name: A name for the list comparison. It must not contain spaces.
      • Description: A description of the comparison.
      • Field for comparison: Select a risk field you defined or an enabled field provided by Adyen.
      • List: Select a custom list you defined or another block and trust list.
    3. Select Save.

    For the example scenario the list comparison has:

    • Name: restrictedProduct
    • Description: Check if a shopper is buying any items with a restricted product title.
    • Field for comparison: productTitle, a field provided by Adyen, which you enabled. You assign the value of this field when you make a payments request, providing the riskdata.basket.item[itemNr].productTitle in the additionalData object of your /payments or /authorise request. For an example, see the Test the rule section.
    • List: Restricted items, the custom list you created.

Step 3: Create the rule

The variables you use in your custom rule determine if the rule can be triggered before or after authorisation.

  1. In your Customer Area select a merchant-level account.
  2. Go to RiskRisk profiles.
  3. Under Custom Rules, select + New Rule and then select Pre auth or Post auth.
  4. Enter a Rule Name.
  5. For each condition select:
    • Field Name - choose a risk variable, for example custom fields, list comparisons, or enabled Adyen risk fields.
    • Operator - how to compare the Field Name and the Field Value, for example GREATER THAN (>).
    • Field Value - value that triggers your rule. If multiple values should trigger your rule, use commas to separate the values.
  6. Add conditions to the rule by selecting AND or OR.
  7. Select Save to finish creating the rule.

For the example scenario:

  1. Select Pre-auth when creating the rule, because you're using custom lists which can only be used before authorization.
  2. Name the rule guestBuysTooManyRestrictedProducts.
  3. Fill in the conditions for the rules:

    Field Name Operator Field Value Corresponding additionalData.riskdata field
    userType (String) EQUALS (==) Guest riskdata.[customFieldName]
    quantity (Number) GREATER THAN (>) 2 riskdata.basket.item[itemNr].quantity
    restrictedProduct (Boolean) EQUALS (==) True riskdata.basket.item[itemNr].productTitle

Step 4: Assign an action to the rule

Now that you created your custom rule, it's time to assign the action to take when the rule applies: modify the risk score, or send to case management.

To assign an action for the custom rule you created, configure the risk profile that contains the rule. A risk profile can apply to more than one merchant account. You can configure a risk profile from either:

  • Your company account.
  • A merchant account with the risk profile that contains your custom rule.

Regardless where you configure the risk profile, the changes apply to all merchant accounts using that risk profile.

Select the tab for the account level where you want to assign an action.

  1. Go to your Customer Area.
  2. Select RiskRisk profiles.
  3. Select the risk profile containing your custom rule.
  4. Under Custom Rules, select your custom rule.
  5. Assign an action from the custom rule menu:
    • Increase or decrease total risk score by a given value. For more information on fraud scores, see How does the fraud score work?.
    • Send to case management for manual review. For more information on how to manually review transactions, see Case management.
  6. Select Save Profile.
  • Go to your Customer Area.
  • Select a merchant-level account that has the profile containing your custom rule.
  • Go to RiskRisk profiles.
  • Under Custom Rules, select your custom rule.
  • Assign an action from the custom rule menu:
    • Increase or decrease total risk score by a given value. For more information on fraud scores, see How does the fraud score work?.
    • Send to case management for manual review. For more information on how to manually review transactions, see Case management.
  • Select Save Profile.
  • Now that you have your custom rule, you can also use it as one of the risk checks to be applied when configuring Dynamic 3D Secure.

    For the example scenario select the custom rule you created, guestBuysTooManyRestrictedProducts, and increase the risk score by 20.

    Step 5: Test the rule

    1. Make a POST request to the /payments endpoint, including the risk fields your custom rule uses:

      {
       "amount":{
          "currency":"USD",
          "value":1000
       },
       "reference":"98739872454D",
       "paymentMethod":{
          "type":"scheme",
          "number":"4111111111111111",
          "expiryMonth":"10",
          "expiryYear":"2020",
          "holderName":"John Smith",
          "cvc":"737"
       },
       "returnUrl":"https://your-company.com/...",
       "merchantAccount":"YOUR_MERCHANT_ACCOUNT",
       "additionalData":{
         "riskdata.basket.item1.productTitle":"Golden shoes",
         "riskdata.basket.item1.quantity": "3",
         "riskdata.userType": "Guest"
       }
      }
    2. Take note of the pspReference in the payment response.
    3. Log in to your Customer Area.
    4. In the Search payments, select Payments and search for the pspReference value.
    5. Select the number listed under Risk score for your payment. A page will open with a breakdown of which fraud checks triggered.