Risk-management icon

Configure manual risk

Learn how to configure risk rules for a risk profile.

When you use manual risk, RevenueProtect compares transactions to risk rules that you define, and increases the risk score if a transaction breaks these rules.

When you configure a risk rule, each rule has a risk score that you can configure:

  • When the rule triggers, the score is added to the total transaction score.
  • When the total risk score reaches 100, the transaction is blocked.

You can configure several risk rule types.

For each risk profile, you can configure a set of risk rules. You can configure risk rules in different ways for different risk profiles.

Risk rules trigger based on information that is included in a payment request. RevenueProtect can make better decisions if you include more fields in the payment request, and some risk rules require specific fields to work.

Turn on and configure risk rules

  1. Log in to your Customer Area.
  2. Go to Risk > Risk profiles.
  3. Select a risk profile.
  4. Select the Risk rules tab.

On this page, you see tabs with different types of risk rules. Select a tab to see which risk rules are available for the selected risk profile.

Risk rule types and availability

When you select a risk rule, you can enable the rule and see the options to configure rule-specific settings. Most risk rules let you specify a time frame and an amount to increase the risk score by, as well as other settings specific to the check.

Which type of risk rules you can enable and configure depends on whether you use our basic RevenueProtect solution, or if you have enabled RevenueProtect premium.

Select a RevenueProtect solution to see the options:

You can use:

  • Standard risk rules
    • Velocity: set thresholds on how often a shopper can attempt transactions.
    • Consistency: analyze provided shopper data and behavior for inconsistencies and fraud.
    • External: use data from third-party risk mitigation systems to determine fraud. These rules are only displayed when you use external risk rules.
  • Block and trust lists (Referrals)
    • Use lists of known good and bad shoppers to prevent fraudsters from making payments.

Extra risk management features

In addition to configuring risk rules, we also offer extra risk features. For example, if you want to have more control over which transactions are processed with 3D Secure, you can set up rules for Dynamic 3D Secure.
When you have enabled RevenueProtect premium, you can use case management, and let risk rules be a trigger to send a payment to manual review.

Test a risk rule

After you have turned on and configured a risk rule, you can test if the risk rule triggers.

  1. Make a payment request providing the fields that trigger the rule.
    For example, if you have set up a referral list containing shopper references, and you want to add 10 to the total risk score for shopper reference 1234567890, include that shopperReference in your payment request:
{
   "amount":{
      "currency":"USD",
      "value":1000
   },
   "reference":"YOUR_PAYMENT_REFERENCE",
   "shopperReference":"1234567890",
   "paymentMethod":{
      "type":"scheme",
      "encryptedCardNumber":"test_4111111111111111",
      "encryptedExpiryMonth":"test_03",
      "encryptedExpiryYear":"test_2030",
      "encryptedSecurityCode":"test_737"
   },
   "returnUrl":"https://your-company.com/...",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}
  1. Take note of the pspReference in the payment response.
  2. Log in to your Customer Area, and select the merchant account you used to make the payment.
  3. Go to Transactions > Payments. Do one of the following:
    • Find the test payment on the overview page, and select the number in the Risk score column.
    • In the Search field, search for the pspReference of your test payment. Select the payment, and then select the number listed under Fraud scoring.

The Risk results page will open with a breakdown of which fraud checks triggered. You can check if your risk rule triggered, and see an overview of any other risk checks that triggered for this payment.

You can optionally include the fraud results in the API response or in webhooks.

Next steps