---
title: "Custom risk rules"
description: "Build your own custom rules around the unique fraud risks faced by your business."
url: "https://docs.adyen.com/risk-management/configure-manual-risk/configure-custom-risk-rules"
source_url: "https://docs.adyen.com/risk-management/configure-manual-risk/configure-custom-risk-rules.md"
canonical: "https://docs.adyen.com/risk-management/configure-manual-risk/configure-custom-risk-rules"
last_modified: "2020-04-01T11:43:00+02:00"
language: "en"
---

# Custom risk rules

Build your own custom rules around the unique fraud risks faced by your business.

[View source](/risk-management/configure-manual-risk/configure-custom-risk-rules.md)

You can create custom risk rules next to using [standard risk rules](/risk-management/configure-standard-risk-rules). Custom risk rules are a [RevenueProtect premium](/risk-management/configure-manual-risk?tab=revenue_protect_premium_2#risk-rule-types) feature. You can use these rules to influence the risk score of a transaction, send it to [case management](/risk-management/case-management), or use the custom rule in combination with [Dynamic 3D Secure](/risk-management/dynamic-3d-secure).

With custom rules, you can address risks specific to your business. They provide a flexible way to supplement your risk profile, and can help prevent specific types of potential fraud.

Here are some [examples](#example-scenario) when creating a custom risk rule might be useful:

* You want a combination of different transaction attributes to influence the risk score. For example, you want to increase the risk score for transactions above a certain amount, using a specific payment method and currency.
* You want to block a guest shopper from buying too many specific products. This can help prevent reseller fraud.

To build your custom risk rules:

1. [Choose risk variables](#set-up-risk-variables): understand which variables you can use in custom risk rules, or create custom fields.
2. [Create the rule](#create-the-rule): set rule conditions to define when the rule should trigger.
3. [Assign an action to the rule](#assign-an-action): define what should happen to the transaction when the rule triggers.

## Step 1: Choose risk variables

You can [create your own fields](#create-custom-fields), or choose any of the [risk fields provided by Adyen](#adyen-provided-fields) as variables in your custom rule. To trigger the custom risk rule, the fields that you are using in the custom rule have to be included in the payment request. For practical examples, see the [example scenarios](#example-scenario).

### Create custom fields

1. Log in to your [Customer Area](https://ca-test.adyen.com/), and stay in your company account.
2. Go to **Revenue & risk** > **Risk fields**.
3. Under **Custom fields**, select **New field**, and provide the details for your custom field. The custom field name is case sensitive.

You assign a value to the custom field when you make payment requests. Submit the custom field name and the value in the `additionalData` object of the payment request.

The custom field name that you provide in your payment request is case-sensitive, and must match the name of the custom field that you created.

The example scenario has [example payment requests](#test-the-rule) that include a custom field.

### Use Adyen-provided risk fields

To see which Adyen-provided risk fields are available:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and stay in your company account.

2. Go to **Revenue & risk** > **Risk fields**.

3. Browse or search for fields that you can use. The fields are divided in different categories:

   * **ShopperDNA fields**\
     Fields that, based on ShopperDNA, relate to payments made by a distinct shopper.

   * **Standard fields**\
     Fields that are included in the payment request, or that are combinations of fields included in the payment request or checkout session.

   * **Basket fields**\
     Fields that describe the items or products in the transaction.\
     To be able to use basket fields in custom rules, provide basket item data using the following parameters in your payment request:

     * Checkout API v69 or earlier: [additionalData.riskdata.basket.item\[itemNr\]](https://docs.adyen.com/api-explorer/Checkout/69/post/payments#request-additionalData-AdditionalDataRisk-riskdata-basket-item_itemNr_-productTitle)
     * Checkout API v70 and later: [lineItems](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-lineItems)

   * **Promotion fields**\
     Fields that describe a promotion, such as a discount.

   * **Airline fields**\
     Fields connected to transactions related to air travel.

   * **Velocity fields**\
     Fields that relate to the number of times a payment containing the same fields occurred within a certain time period.

## Step 2: Create the rule

Before you create a custom risk rule, decide when you want to trigger the rule: before or after authorization.

When you create a risk rule that triggers after authorization, you can take additional details from the authorization response into consideration. Examples of details that are available after authorization are the [AVS](/risk-management/avs-checks) response, the CVC response, or the liability shift status.

To create a custom rule:

1. Log in to your [Customer Area](https://ca-test.adyen.com/), and switch to the merchant account for which you want to create a custom rule.

2. Go to **Revenue & risk** > **Risk profiles**.

3. Select **Risk rules** > **Custom rules**.

4. Select **+ Create new custom rule**, and then select **Pre-authorization** or **Post-authorization**. The [risk fields that you want to use in your custom rule](#set-up-risk-variables) determine if the rule can be triggered before or after authorization.

5. Enter a **Rule Name**.

6. Enter conditions. You can add conditions to the rule by selecting **AND** or **OR**. For each condition, select:

   * **Field Name** - choose a risk variable, for example a custom field, an Adyen-provided risk field, or a list comparison.
   * **Operator** - how to compare the **Field Name** and the **Field Value**. The type of the fields you are comparing defines which [operators](#operators) you can use. For example, you can use  **greater than (>)** for numbers, or **starts with** for strings.
   * **Field Value** - value that triggers your rule.

7. Select **Save** to finish creating the rule.

## Step 3: Assign an action to the rule

After creating your custom rule, assign the action that you want to take when the rule triggers: modify the risk score, or send to case management.

To assign an action for the custom rule you created, configure the [risk profile](/risk-management/create-and-use-risk-profiles) that contains the rule. A risk profile can be assigned to more than one merchant account.

### Configure the risk profile containing the rule

You can configure a risk profile from either:

* A company account.\
  Log in to your [Customer Area](https://ca-test.adyen.com/), and stay in your company account. Select **Revenue & risk** > **Risk profiles**, and select the risk profile containing your custom rule. The risk profile overview page opens.
* A merchant account.\
  Log in to your [Customer Area](https://ca-test.adyen.com/), and select a merchant account that uses the risk profile containing your custom rule. Select **Revenue & risk** > **Risk profiles**. The risk profile overview page opens.

Regardless where you configure the risk profile, the changes apply to all merchant accounts using that risk profile.

### Assign an action to the custom rule

From the risk profile overview page:

1. Select **Risk rules** > **Custom rules**.

2. Select your custom rule.

3. Assign an action from the custom rule menu:

   * **Increase or decrease total risk score** by a given value. For more information on fraud scores, see [How does the fraud score work?](https://help.adyen.com/knowledge/risk/fraud-score/how-does-the-fraud-score-work).
   * **Send to case management** for manual review. For more information on how to manually review transactions, see [Case management](/risk-management/case-management).

4. Select **Save changes**.

Now that you have created your custom rule, and assigned an action, you can also use it as one of the risk checks to be applied when [configuring Dynamic 3D Secure](/risk-management/dynamic-3d-secure#configuring-dynamic-3d-secure-rules).

If you use [Dynamic 3D Secure](/risk-management/dynamic-3d-secure) in combination with custom rules, and you copy the risk profile, you have to re-configure any Dynamic 3D Secure rules that use custom rules in the new risk profile.

## Optional: Create a custom list comparison

A custom list comparison lets you compare risk field values against block and trust lists, which includes custom lists. For custom lists you can add expiry dates for list entries. Field values are only compared against list entries that have not expired.

For example, in the [example scenario](#example-restricted) **Guest user buys too many restricted products**, you use a custom list to check if a shopper buys more than two items from a list of restricted items that you define.

First create your custom list containing restricted items. Then create the list comparison that checks if the shopper's basket has any restricted items:

1. Create your list:

   1. From your [Customer Area](https://ca-test.adyen.com/) company account, go to **Revenue & risk** > **Risk lists**.
   2. Select **Create new list**.
   3. Enter the list name and select **Create list**.

2. Select the list you just created and add items to it. You can either:

   * Select **Add item** and provide details for your entry:

     * **Item**: The list item. For example, a product title for a restricted item.
     * **Reason**: (Optional) Any information useful to you about why the item is part of the list.
     * **Expire date**: (Optional) Expiry date for the list entry. The date must be in the future and if empty, we assign `9999-12-30 23:00:00+01`.

   * Select **Upload CSV** and upload a CSV file containing your list.

     To create a CSV file:

     1. Create a spreadsheet file. In the first row of the file, write the following headers: **item**, **reason**, and **expiredate**.

     2. In the next rows, add the **item** and provide details for your entry in the spreadsheet.

        * **item**: The list item. For example, a product title for a restricted item.

        * **reason**: (Optional) Any information useful to you about why the item is part of the list.

        * **expiredate**: (Optional) Expiry date for the list entry. The date must be in the future and if empty, we assign `9999-12-30 23:00:00+01`.

          **Example**:

          | item            | reason          | expiredate |
          | --------------- | --------------- | ---------- |
          | Signature shirt | Limited edition | 2023-11-10 |
          | Golden shoes    |                 |            |
          | Designer bag    | Limited edition |            |
          | Vintage hat     |                 | 2023-12-30 |

     3. Save the spreadsheet in CSV format.

     4. Upload the CSV file to your custom list.

3. Define the list comparison:

   1. Go to **Revenue & risk** > **Risk fields**.

   2. Under **List comparisons**, select **New list comparison** and provide the details for your comparison:

      * **Name**: A name for the list comparison. It must not contain spaces.
      * **Description**: A description of the comparison.
      * **Field for comparison**: Select a [custom risk field you defined](#create-custom-fields) or an Adyen-provided field.
      * **List**: Select a custom list you defined or another block and trust list.

   3. Select **Save**.

## Working with custom rules

### How a payment request triggers a custom rule

A custom rule triggers when it meets the conditions, and matches the fields or values that you define in the custom rule. If you want a field or value to trigger the rule, make sure the payment request includes the field that triggers the custom rule.

Many fields that can be included in a payment request can also be used in custom rules. If you want to use any of these fields in your custom rule, you must provide [the required field](/risk-management/configure-manual-risk/required-risk-field-reference), and assign a value to it in the payment request. The example scenario has [example payment requests](#test-the-rule) that include both Adyen-provided fields and a custom field.

Some fields and values are automatically extracted, but others have to be specifically provided in the payment request.

### Operators

When you build your custom risk rule, you can use operators to define the rule conditions. You can use **AND** and **OR** to add conditions to the custom risk rule.\
The data type of the field you are building your rule around determines if you can use a specific operator, which and how many values you can enter, and how the fields will be compared.

| Operator                    | When to use                                                                                                             | Example                                       | Data type                 | Multiple values                                                                             |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | ------------------------- | ------------------------------------------------------------------------------------------- |
| equals (==)                 | Compare the field against another field, against a single field value, or verify that the field value is true or false. | `quantity` equals (==) **2**                  | String, Number or Boolean | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| does not equal (!=)         | Compare the field against another field, against a single field value, or verify that the field value is true or false. | `quantity` does not equal (!=) **2**          | String, Number or Boolean | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| is one of                   | Compare the field against multiple field values of a list.                                                              | `currency` is one of **EUR, USD, AUD**        | String or Number          | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") |
| is not one of               | Compare the field against multiple field values of a list.                                                              | `currency` is not one of **EUR, USD, AUD**    | String or Number          | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") |
| contains string             | Compare the field value to a specific string.                                                                           | `emailDomain` contains **example.com**        | String or Number          | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| starts with                 | Compare the start of the string in the field value to a specific string.                                                | `emailName` starts with **test**              | String                    | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| ends with                   | Compare the end of the string in the field value to a specific string.                                                  | `emailName` ends with **test**                | String                    | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| greater than (>)            | Compare the field value against a specific value.                                                                       | `amount` greater than (>) **1000**            | Number                    | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| greater than or equals (>=) | Compare the field value against a specific value.                                                                       | `amount` greater than or equals (>=) **1000** | Number                    | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| less than (<)               | Compare the field value against a specific value.                                                                       | `amount` less than (<) **1000**               | Number                    | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |
| less than or equals (<=)    | Compare the field value against a specific value.                                                                       | `amount` less than or equals (<=) **1000**    | Number                    | ![-x-](/user/data/smileys/emoji/x.png "-x-")                                                |

Back to [Create the rule](#create-the-rule).

## Example scenarios

### Block specific high-value transactions

The following scenario is an example of a basic custom risk rule that increases the risk score of Mastercard payments if they are above EUR 1000 or USD.

#### Step 1: Choose risk variables

You will use the variables `paymentMethod`, `currency` and `amount`. All of these are standard risk fields. You do not have to create custom fields.

#### Step 2: Create the rule

For this example scenario:

1. Select **Pre-authorization** when creating the rule.

2. Name the rule **paymentMethodAmountCurrency**.

3. Fill in the conditions for the rules, using **AND** to add conditions:

   | Field Name             | Operator         | Field Value  | Corresponding payment request field | Comment                                                                                                                  |
   | ---------------------- | ---------------- | ------------ | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------ |
   | paymentMethod (String) | equals (==)      | **mc**       | `paymentMethod`                     | See [payment method variants](/development-resources/paymentmethodvariant) to see how to enter the payment method value. |
   | amount (Number)        | greater than (>) | **100000**   | `amount`                            | Specify the amount in [minor units](/development-resources/currency-codes).                                              |
   | currency (String)      | is one of        | **EUR, USD** | `currency`                          | Select each [currency](/development-resources/currency-codes) from the drop-down list.                                   |

#### Step 3: Assign an action

For this example scenario, select the custom rule you created, **paymentMethodAmountCurrency**, and increase the risk score by **100**.\
This custom rule will block all Mastercard transactions above USD or EUR 1000.

### A guest user buys too many restricted items

The following scenario is an example of how you can set up and use custom rules and custom list comparisons.

As a webshop owner you find out certain purchases by a guest user have an increased fraud risk. You decide to build a custom rule to offset this risk.

Your custom rule adds 20 risk points if the shopper:

* Is a guest user.
* Is buying more than 2 items from a list of restricted products.

#### Step 1: Choose risk variables

For this example scenario, you need all variables:

* To use the shopper's basket items in your rule:

  * Provide basket item data using the following parameters in your payment request:

    * Checkout API v69 or earlier: [additionalData.riskdata.basket.item\[itemNr\]](https://docs.adyen.com/api-explorer/Checkout/69/post/payments#request-additionalData-AdditionalDataRisk-riskdata-basket-item_itemNr_-productTitle)
    * Checkout API v70 and later: [lineItems](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-lineItems)

* For the user type, you need to [create a custom field](#create-custom-fields) with the following details:

  * **Name**: userType
  * **Data type**: String
  * **Field description**: The type of user making the payment

#### Step 2: Create the rule

For this example scenario:

1. Select **Pre-authorization** when creating the rule, because you are using custom lists which can only be used before authorization.

2. Name the rule **guestBuysTooManyRestrictedProducts**.

3. Fill in the conditions for the rules, using **AND** to add conditions:

   | Field Name                  | Operator         | Field Value | Corresponding payment request field                                                                                                                                                                                                                                                                                                                                         |
   | --------------------------- | ---------------- | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | userType (String)           | equals (==)      | Guest       | [riskdata.userType](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-additionalData-AdditionalDataRisk-riskdata-_customFieldName_)                                                                                                                                                                                                                 |
   | quantity (Number)           | greater than (>) | 2           | Checkout API v69 and earlier:- [riskdata.basket.item#.quantity](https://docs.adyen.com/api-explorer/Checkout/69/post/payments#request-additionalData-AdditionalDataRisk-riskdata-basket-item_itemNr_-quantity)Checkout API v70 and later:- [lineItems.quantity](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-lineItems-quantity)               |
   | restrictedProduct (Boolean) | equals (==)      | True        | Checkout API v69 and earlier:- [riskdata.basket.item#.productTitle](https://docs.adyen.com/api-explorer/Checkout/69/post/payments#request-additionalData-AdditionalDataRisk-riskdata-basket-item_itemNr_-productTitle)Checkout API v70 and later:- [lineItems.description](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-lineItems-description) |

#### Step 3: Assign an action

For this example scenario, select the custom rule you created, **guestBuysTooManyRestrictedProducts**, and increase the risk score by **20**.

#### Mandatory for this scenario: create a custom list comparison

To check the items in the shopper's basket against your list of restricted products, you need to [create a custom list comparison](#create-custom-list-comparison).

That means you have to create custom list comparison, and create a custom list called **Restricted items**.

Create a [custom list comparison](#create-custom-list-comparison):

* **Name**: **restrictedProduct**
* **Description**: Check if a shopper is buying any items with a restricted product title.
* **Field for comparison**: **productTitle**, an Adyen-provided risk field. You assign the value of this field when you make a payments request. For an example, see the [Test the rule](#test-the-rule) section.
* **List**: **Restricted items**, the custom list you created.

#### Step 5: Test the rule

The following example [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) requests are based on the [example scenario](#example-restricted) **Guest user buys too many restricted products**.

1. Make a POST request to the [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) endpoint, including the risk fields that your custom rule uses:

### Tab: Checkout API v69 and earlier

For the example scenario **Guest user buys too many restricted products**:

* Use [additionalData.riskdata.\[customFieldName\]](https://docs.adyen.com/api-explorer/Checkout/69/post/payments#request-additionalData-AdditionalDataRisk-riskdata-_customFieldName_) to send in the custom field `userType`.
* Use [additionalData.riskdata.basket.item\[itemNr\]](https://docs.adyen.com/api-explorer/Checkout/69/post/payments#request-additionalData-AdditionalDataRisk-riskdata-basket-item_itemNr_-productTitle) to send in the Adyen provided basket fields `productTitle` and `quantity`.

```json
  {
     "amount":{
        "currency":"USD",
        "value":1000
     },
     "reference":"98739872454D",
     "paymentMethod": {
        "type": "scheme",
        "encryptedCardNumber": "test_4111111111111111",
        "encryptedExpiryMonth": "test_03",
        "encryptedExpiryYear": "test_2030",
        "encryptedSecurityCode": "test_737"
     },
     "returnUrl":"https://your-company.example.com/...",
     "merchantAccount":"YOUR_MERCHANT_ACCOUNT",
     "additionalData":{
       "riskdata.basket.item1.productTitle":"Golden shoes",
       "riskdata.basket.item1.quantity": "3",
       "riskdata.userType": "Guest"
     }
  }
```

### Tab: Checkout API v70 and later

For the example scenario **Guest user buys too many restricted products**:

* Use [additionalData.riskdata.\[customFieldName\]](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-additionalData-AdditionalDataRisk-riskdata-_customFieldName_) to send in the custom field `userType`.

* Use [lineItems](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-lineItems) to send in the Adyen-provided basket fields `productTitle` and `quantity`. Use `lineItems.description` for `productTitle`, and `lineItems.quantity` for `quantity`.

  ```json
  {
   "amount":{
      "currency":"USD",
      "value":1000
   },
   "reference":"98739872454D",
   "paymentMethod": {
       "type": "scheme",
       "encryptedCardNumber": "test_4111111111111111",
       "encryptedExpiryMonth": "test_03",
       "encryptedExpiryYear": "test_2030",
       "encryptedSecurityCode": "test_737"
   },
   "returnUrl":"https://your-company.example.com/...",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT",
   "lineItems":[
      {
         "description":"Golden shoes",
         "quantity":"3",
         "amountIncludingTax":"1000"
      }
   ],
   "additionalData":{
     "riskdata.userType": "Guest"
   }
  }
  ```

2. Take note of the `pspReference` in the payment response.
3. Log in to your [Customer Area](https://ca-test.adyen.com/).
4. In the **Search payments**, select **Payments** and search for the `pspReference` value.
5. Select the number listed under **Risk score** for your payment. A page will open with a breakdown of which fraud checks triggered.

[Back to top](/risk-management/configure-manual-risk/configure-custom-risk-rules)

## See also

* [Required risk field reference](/risk-management/configure-manual-risk/required-risk-field-reference)
* [Configure standard risk rules](/risk-management/configure-standard-risk-rules)