Risk-team icon

Block and trust lists (Referrals)

Use lists of known good and bad shoppers to prevent fraudsters from making payments.

Block and trust lists, also called referrals, let you influence the risk score of transactions based on your own data, and lists provided by third parties.

When they trigger, referrals contribute to the total risk score of a transaction.

How referrals work

By default, block and trust lists are aggregated and maintained per company account. This means you can provide a setting once and apply it to all merchant accounts under the company account. If you want to have separate referrals for each merchant account, you can configure this in your risk settings.

Referrals apply to payments made with credit and debit cards, SEPA Direct Debit and PayPal by default. If you are using more payment methods, and want to include them in the risk evaluation, make sure you add the payment method in your risk settings.

After you have added referrals, you can configure them in different ways for different risk profiles.

Make sure that you submit the required fields in the payment request to trigger the referral. For example, if you have set up block and trust lists for shopper email addresses, make sure you include the shopperEmail field.

When you are testing your integration using test card numbers and payment method details, RevenueProtect might block these test payments. You can temporarily add the test card and shopper details to a trust list so that you can continue testing.

Turn on and configure block and trust lists

To use a block or trust list, you have to enable the block and trust list and assign a risk score to increase (block), or decrease (trust) the risk score of transactions that match items in the list. Then, you can add items to the block and trust list.

You can manage block and trust lists in multiple ways:

  • Use the Customer Area

    1. Log in to your Customer Area.
    2. Go to Revenue & risk > Risk profiles.
    3. Select a risk profile.
    4. Select the Risk rules tab.
    5. Select Block and trust lists to view or edit a list, and configure the settings.

    You can block, trust or remove single items. For some lists, you can upload multiple items using CSV files. You can find the details for each referral in your Customer Area.

    You can also block or trust a payment attribute using the Fraud Control widget on the payment details page for a specific payment.

  • Use an API

Referral types

There are different types of referrals:

Shopper detail referrals

The following referrals trigger when the payment request includes certain shopper details.

Referral Description Required field
Email domain Triggers if the shopper's email domain is on your block or trust list. shopperEmail
PayPal Payer ID Triggers based on the provided shopper PayPal Payer ID. Provide a value for the PayPal Payer ID in the payment request for this check to work properly. PayPal Payer ID
PayPal account creation blocked country Triggers if the country/region where the shopper's PayPal account was created matches a country/region in this block list. This rule lets you add or remove countries/regions from the list. PayPal details
Persistent cookie Triggers based on persistent cookies used when making a payment. A persistent cookie is a unique identifier stored in different places on the shoppers' computer or device. This cookie is difficult for the shopper to remove, and can work across browsers. Cookie details
Shopper IP Triggers based on the IP address of the shopper. shopperIP
Shopper address Triggers based on the billing or delivery address of the shopper.
The shopper address is not case sensitive. You can add an address to the block or trust list in two formats:

1. Enter a full address
You can provide a full address with the following fields:
  • Street
  • House number/Name
  • Postal code
  • City
  • State/province
  • Country

To cover a range, you can use wildcards like * (multiple characters) and ? (single character).
Providing a postal code is mandatory, except for addresses in countries/regions that do not use a postal code, such as Hong Kong, Macau, and Ireland.

2. Enter a partial address (postal code and country/region)
You can provide a partial address with the following fields:
  • Postal code
  • Country

In the referral configuration, you can assign a score for a full match, and for a partial match. A partial match applies when there is a match with:
  • a full address containing wildcards
  • a partial address where both postal code and country/region match
billingAddress
deliveryAddress
Shopper email Triggers based on the email address of the shopper.
When you provide an email address manually, you can enter an email address that must match exactly, or use wildcards * (multiple characters) or ? (single character) to cover a range of email addresses.
For example, by adding test* to your block list, you can increase the risk score for payments using email addresses like test_user@example.com.
You can provide multiple emails in a CSV file. These email addresses must be an exact match, and cannot contain wildcards.
shopperEmail
Shopper name Triggers based on the full name of the shopper. This check analyzes both the cardholder name field and, if provided, the passenger name field. The name must be an exact match, and the payment request must contain both a first and last name. shopperName
Shopper reference Triggers based on the shopper reference.
The shopper reference is a unique identifier for a shopper. This reference lets you track users across multiple sessions. If you allow shoppers to make payments without logging in, we recommend that you establish a unique shopper reference for each guest transaction.
For this referral to trigger, the shopper reference that you enter on the block or trust list must be an exact match with the shopper reference in the payment request.
shopperReference
Social Security Number Triggers based on the shopper's social security number.
This check works on any type of social security number if it is provided in the payment request.
socialSecurityNumber
Telephone number Triggers based on the provided telephone number of the shopper. telephoneNumber

Card or bank account detail referrals

The following referrals trigger based on card or bank account details included in the payment request.

Referral Description
Card/bank account number Triggers if a card or bank account number is on your block list, or on the global block list. To prevent this, add the number to your trust list.
This referral check does not trigger for transactions made with payment method variant directEbanking (Sofort).
Card/bank account number non-fraud Triggers if a card or bank account number has been used in chargeback transactions where the chargeback had a non-fraudulent reason, for example, Insufficient Funds. This is a global list across Adyen's entire network.

"Friendly fraud" occurs when good shoppers dispute a payment for a delivered product or service. They may be one-time offenders who are unhappy with the product, or repeat offenders who exploit the system. This risk rule is focused on finding friendly fraudsters and highlighting that they have disputed payments on Adyen's network in the past.
Bank Identification Number (BIN) Triggers based on the Bank Identification Number (BIN), the first six to eight digits of a card number.

Scheme provided block lists

The following schemes provide a block list.

Referral Description
American Express scheme blocked cards Triggers if a card is on a block list provided by American Express. This lets you block the transaction before it can be authorised.
Carte Bancaire scheme blocked cards Triggers if a card is on a block list provided by Carte Bancaire. This lets you block the transaction before it can be authorised.
CUP scheme blocked cards Triggers if a card is on a block list provided by Union Pay. This lets you block the transaction before it can be authorised.