Are you looking for test card numbers?

Would you like to contact support?

Risk-management icon

Configure custom risk rules

Build your own custom rules around the unique fraud risks faced by your business.

In addition to using our standard risk rules, you can create your own custom risk rules. You can use these to refuse a transaction, or to send it for a Manual Review.

When you create the custom risk rule, you can choose to trigger the rule before or after authorisation. This can help you take a more flexible approach to mitigating risks. For example, when you create a risk rule that triggers after authorisation, you can take additional details from the authorisation response into consideration, such as the AVS response, the CVC2 response, or the liability shift status.

To build your own custom risk rules:

  1. Create custom risk fields.
  2. Create custom risk rules.
  3. Assign actions to your rules.

You can also have a look at our example of a custom risk rule.

This functionality requires additional configuration on Adyen's end. To enable it, contact our Support Team

Step 1: Create custom risk fields

  1. Log in to your Customer Area.
  2. From your company-level account, go to Risk > Custom risk fields.
  3. Select New variable > Custom Field and provide:
    • The name of the field (one word name).
    • The data type of the field: String, Number, Date, or Boolean.
    • A field description.

You can then submit data to the additionalData.riskdata.<customfieldname> field and create a custom rule around it.

Step 2: Enable risk fields provided by Adyen

In your custom risk rules, you can use the custom risk fields you created, as well as risk fields that we provide for you:

To use any Adyen-provided risk field, you need to enable it first:

  1. Log in to your Customer Area.
  2. From your company-level account, go to Risk > Custom risk fields.
  3. Find the Adyen-provided field you want to use, and enable it by turning on the toggle in the Status column.

Step 3: Create a rule

  1. Log in to your Customer Area, and select a merchant-level account.
  2. Go to RiskRisk profiles.
  3. Under Custom Rules, select + New Rule and then select Pre auth or Post auth.

    The following table shows which fields you can use in pre auth, post auth or both types of custom risk rules:

    Fields Pre auth Post auth
    ShopperDNA -white_check_mark- -x-
    Standard fields See Standard fields table See Standard fields table
    Custom fields -white_check_mark- -white_check_mark-
    Basket -white_check_mark- -x-
    Promotional -white_check_mark- -x-
    Airline -white_check_mark- -x-
  4. Enter a Rule Name.
  5. For each condition select:
    • Field Name. This is one of the fields you are submitting with the payment (for example, the amount of the transaction).
    • An Operator. This compares the Field Name to the Field Value (for example, GREATER THAN (>)).
    • Field Value. This is the criteria you'll use to trigger your rule (for example, 40000).

      You can enter multiple Field Values in a condition by separating them with a comma.

  6. Add any additional conditions to the rule by selecting AND or OR.
  7. Select Save.


Below is an example of a custom risk rule. It will be triggered when someone attempts to purchase flight tickets that are either:

  • one-way (numberOfLegs | == | 1) 
  • AND to a destination that is Lagos or Abuja (destination_code | IS IN | LOS,ABV).
  • AND business class (class_of_travel | == | Business)


  • one-way (numberOfLegs | == | 1) 
  • AND to a destination that is Lagos, Abuja, or Port Harcourt (destination_code | IS IN | LOS,ABV,PHC).
  • AND with a price above 1,000.00 (amount | > | 100000)
  • AND is in Euros, Pounds, or US Dollars (currency | IS IN | EUR,GBP,USD)

Step 4: Assign an action

Finally, choose what action is taken when your rule is triggered. You can either:

  • Increase/decrease risk score by a given value. For more information on fraud scores, see How does the fraud score work?.

  • Turn on Send to case management for manual review. For more information on how to manually review transactions, see Case Management - Manual Review.

  • You can Assign a 3D secure rule to Custom Risk check created by you.

Step 5: Test the custom risk rule

  1. Make a payment request including the fields you turned on in step 2:
      "holderName":"John Smith",
      "riskdata.basket.item.productTitle":"Blue Shirt",
      "riskdata.promotions.promotion.promotionName":"Big Sale promotion"
  1. Take note of the pspReference in the payment response.
  2. Log in to your Customer Area, and select the merchant-level account you used to make the payment.
  3. In the Search payments, search for the pspReference and select the payment.
  4. Select the number listed under Fraud scoring.
    A page will open with a breakdown of which fraud checks triggered.

Reference table

Standard fields

The following table shows which standard fields can be used in pre and post auth custom risk rules.

Standard field name Pre auth Post auth
amount -white_check_mark- -white_check_mark-
billingAddressEqualsDeliveryAddress -white_check_mark- -white_check_mark-
billingCity -white_check_mark- -white_check_mark-
billingCountry -white_check_mark- -white_check_mark-
billingPostalCode -white_check_mark- -white_check_mark-
billingState -white_check_mark- -white_check_mark-
bin -white_check_mark- -white_check_mark-
deliveryCity -white_check_mark- -white_check_mark-
deliveryCountry -white_check_mark- -white_check_mark-
deliveryPostalCode -white_check_mark- -white_check_mark-
deliveryState -white_check_mark- -white_check_mark-
emailAddressContainsShopperName -white_check_mark- -white_check_mark-
emailDomain -white_check_mark- -white_check_mark-
fundingSourceName -white_check_mark- -white_check_mark-
fundingSourceSubtypeName -white_check_mark- -white_check_mark-
holderNameContainsShopperName -white_check_mark- -white_check_mark-
issuerName -white_check_mark- -white_check_mark-
issuingCountryCode -white_check_mark- -white_check_mark-
paymentMethod -white_check_mark- -white_check_mark-
shopperCountryCode -white_check_mark- -white_check_mark-
shopperInteraction -white_check_mark- -white_check_mark-
shopperIP -white_check_mark- -white_check_mark-
shopperLocale -white_check_mark- -white_check_mark-
billingStateEqualsDeliveryState -white_check_mark- -x-
billingStreet -white_check_mark- -x-
browser -white_check_mark- -x-
cardNumberIsCopyPasted -white_check_mark- -x-
cardScheme -white_check_mark- -x-
currency -white_check_mark- -x-
deliveryHourOfDayNumber -white_check_mark- -x-
deliveryStreet -white_check_mark- -x-
deviceType -white_check_mark- -x-
emailName -white_check_mark- -x-
holderNameContainsANonAlphabeticCharacter -white_check_mark- -x-
holderNameIsAllCaps -white_check_mark- -x-
holderNameIsOneWord -white_check_mark- -x-
holderNameLength -white_check_mark- -x-
hoursToDelivery -white_check_mark- -x-
isCommercialCard -white_check_mark- -x-
merchantIntegrationType -white_check_mark- -x-
merchantReference -white_check_mark- -x-
numberOfLegs -white_check_mark- -x-
paymentDataSource -white_check_mark- -x-
posEntryMode -white_check_mark- -x-
recurringProcessingModel -white_check_mark- -x-
shopperDateOfBirth -white_check_mark- -x-
shopperNameContainsEnglishCharacters -white_check_mark- -x-
shopperNameContainsJapaneseKatakanaCharacters -white_check_mark- -x-
shopperStatement -white_check_mark- -x-
shopperTelephoneNumber -white_check_mark- -x-
telephoneNumberCountryCode -white_check_mark- -x-
tokenizedExternally -white_check_mark- -x-
totalBasketQuantity -white_check_mark- -x-
transactionDayOfWeekString -white_check_mark- -x-
acquirerCountryCode -x- -white_check_mark-
acquirerEmail -x- -white_check_mark-
acquirerName -x- -white_check_mark-
acquirerTelephoneCountryCode -x- -white_check_mark-
avsResponseCode -x- -white_check_mark-
cvcResponseCode -x- -white_check_mark-
liabilityShift -x- -white_check_mark-
payPalAddressStatus -x- -white_check_mark-
payPalPayerId -x- -white_check_mark-
payPalPayerStatus -x- -white_check_mark-
payPalProtectionEligibility -x- -white_check_mark-
threeDSecure1AuthenticationResponse -x- -white_check_mark-
threeDSecure1DirectoryResponse -x- -white_check_mark-
threeDSecure2AuthenticationResponse -x- -white_check_mark-
threeDSecure2DirectoryResponse -x- -white_check_mark-
threeDSecureVersion -x- -white_check_mark-