Are you looking for test card numbers?

Would you like to contact support?

Risk-management icon

Required risk field reference

Learn which fields to include in your payments request to trigger risk checks

You include a variety of fields when you send in a payment request. Some of these fields are mandatory to make a payment, for example amount and reference. Other fields such as shopperIP, shopperReference and shopperEmail are not always required, but strongly recommended to include.

To get the most benefit out of your risk configuration, we recommend that you collect and then send in as many fields as possible in your payment request. Doing this ensures that you trigger the risk checks, as these checks depend on specific fields being present in the request. Sending in more fields will also help our risk engine to make intelligent decisions based on properties connected to a payment.

Fields required for risk checks

The following is a list of API fields that are required for some of our risk checks:

Field Required for API reference
billingAddress

Block and trust lists

  • Shopper address referral list

Consistency rules

  • Billing address differs from delivery address
  • Billing address does not match cardholder address (AVS)

External rules

  • German SCHUFA check
  • Brazil CPF check

/sessions
/payments
/authorise
deliveryAddress

Block and trust lists

  • Shopper address referral list

Consistency rules

  • Billing address differs from delivery address

ShopperDNA rules

  • Multiple distinct delivery addresses used by shopper

Custom

  • Custom rules
  • Custom lists

/sessions
/payments
/authorise
shopperEmail

Block and trust lists

  • Email domain referral check
  • Shopper email referral check

Consistency rules

  • PayPal auth-result email
  • Email address and shopper name comparison
  • Email is likely to be fake or automatically generated

ShopperDNA rules

  • Multiple distinct email addresses used by shopper

Velocity rules

  • Shopper initiated a transaction more than X times within a time period
  • Shopper email used more than X times within a time period

Custom

  • Custom rules
  • Custom lists

/sessions
/payments
/authorise
shopperIP

Block and trust lists

  • Shopper IP referral check

Consistency rules

  • Shopper IP originates from high-risk country
  • Shopper country differs from issuing country

ShopperDNA rules

  • Multiple distinct IP addresses used by shopper
  • Shopper used shared IP address

Velocity rules

  • Shopper initiated a transaction more than X times within a time period
  • Shopper IP used more than X times within a time period

Custom

  • Custom rules
  • Custom lists

The shopperIP is retrieved automatically if you are using our simplified Web Drop-in or Web Components integration.
/sessions
/payments
/authorise
shopperName

Block and trust lists

  • Shopper name referral check

Consistency rules

  • Email address and shopper name comparison

External rules

  • German SCHUFA check

Custom

  • Custom rules
  • Custom lists

/sessions
/payments
/authorise
shopperReference

Block and trust lists

  • Shopper reference referral check

ShopperDNA rules

  • Multiple distinct shopper references used by shopper

Velocity rules

  • Card/Bank account number already used by another shopper
  • Different cards/bank accounts used by the same shopper

Custom

  • Custom lists

/sessions
/payments
/authorise
telephoneNumber

Block and trust lists

  • Telephone number referral check

Consistency rules

  • Email address and shopper name comparison

External rules

  • Brazil CPF check

Custom

  • Custom rules
  • Custom lists

/sessions
/payments
/authorise

Extra fields for specific cases

The following table shows a number of API fields that you can use for specific risk checks or your own, custom risk setup.

Field Required for API reference
accountInfo.accountCreationDate Required if you want to use the creation date option as the source for the shopper account age consistency check, or in custom rules.
To use this field, you must provide the account creation date as part of the payment request.
Although the accountInfo object is used for 3D Secure transactions, you can also use this object to include the accountCreationDate in your payment request.
/sessions
/payments
/authorise
additionalData.riskdata.deliveryMethod Required if you want to use the delivery method consistency check.
You can configure the values for the deliveryMethod field in the risk rule configuration for the delivery method check.
/payments
/authorise
browserInfo Required for 3D Secure transactions, but you can also use this field in your custom rules or lists. /payments
/authorise
deliveryDate Required if you want to use the time to delivery consistency check, or if you want to use the field hoursToDelivery in a custom risk rule. /payments
/authorise