Referral checks allow you to block fraudulent transactions based on your own data and lists provided by third parties. Don't use referral checks as strict block and trust lists. No shopper should be trusted, or blocked based on one list or rule. Instead, referral checks should add to the risk score and work with other checks to either allow or block a transaction.
When a referral check that you've added triggers, it changes the final risk score of a transaction. Once you've added referral checks, you can configure them in different ways for different risk profiles.
While you configure risk rules on your merchant account, referral checks are aggregated on the company account. This means you can provide a setting once to apply it to all merchant accounts.
American Express scheme blocked cards
Triggers if a card is on a block list provided by American Express. This lets you block the transaction before it can be authorised.
Triggers if a spike in payments with CVC mismatches has occurred compared with the previous week. You can block BINs that are under attack or flagged for suspicious activity.
CUP scheme blocked cards
Triggers if a card is on a block list provided by Union Pay. This lets you block the transaction before it can be authorised.
Card/Bank account number
Triggers if a card or bank account number is on your block list, or on the global block list. To prevent this, add the number to your trust list.
This referral check does not trigger for transactions made with payment method variant directEbanking (Sofort).
Card/Bank account number non-fraud
Triggers if a card or bank account number has been used in chargeback transactions where the chargeback had a non-fraudulent reason (ex. Insufficient Funds). This is a global list across Adyen's entire network.
"Friendly fraud" occurs when good shoppers dispute a payment for a delivered product or service. They may be one-time offenders who are unhappy with the product, or repeat offenders who exploit the system. This risk rule is focused on finding friendly fraudsters and highlighting that they have disputed payments on Adyen's network in the past.
Carte Bancaire scheme blocked cards
Triggers if a card is on a block list provided by Carte Bancaire. This lets you block the transaction before it can be authorised.
Triggers if the shopper's email domain is on your block list. This lets you block the transaction before it can be authorised. You must include a shopper email with the payment request to use this check. Fraudsters use email services to create multiple email addresses at once. Use this check to block those domains.
Triggers if a shopper's card or bank account is associated with an issuing bank that has a high percentage of fraudulent transactions. Decrease the total risk score for shoppers that should be considered trustworthy. Inserting a negative score will decrease the chance of a transaction being refused.
PayPal Payer ID
Triggers based on the domain of the provided shopper PayPal ID. Submit a PayPal ID value in the payment request for this check to work properly.
PayPal account creation blocked country
Triggers if the country in which the shopper's PayPal account was created matches the check-specific referral list of blocked countries. This rule allows you to add or remove countries from the list.
Triggers based on persistent cookies used to submit fraudulent transactions. A persistent cookie is a unique identifier stored in different places on the shoppers' computer/device. This persistent cookie is difficult for the shopper to remove, and can work across browsers. You can increase or decrease the risk score based on this list.
Triggers based on the specific IP address of the shopper. See How do I add shoppers to a block or trust list? to learn more.
Triggers based on the address of the shopper, either shipping or billing. The address can be added to the block or trust list in two formats:
Providing a full address
You can provide a full address with the following fields:
?can be used for certain fields while adding a full address.
Providing a postal code is mandatory except for addresses in countries that do not use a postal code, such as Hong Kong, Macau, and Ireland.
- Providing a partial address
You can provide a partial address with the following fields:
The shopper address referral list can can be assigned a partial score. This would apply when there is a match with:
- an address containing wildcards in the referral list
- a partial address in the referral list and both the postal code and country match
The shopper address is case insensitive. The risk check will only use the country, postal code, street and house number to match.
See How do I add shoppers to a block or trust list? to learn more.
Triggers based on the specific email address of the shopper. These emails must be an exact match or use a wildcard. Provide emails in a CSV file, and use wildcards (* and ?) to simplify matching. For example by using test*, you will block names like 'test user'. See How do I add shoppers to a block or trust list? to learn more.
Triggers based on the full name of the shopper. This check analyses both the cardholder name field and the passenger name field (if provided). The name must be an exact match, and both a first and last name must be provided. See How do I add shoppers to a block or trust list? to learn more.
Triggers based on the Shopper Reference. You must submit a shopper reference value in the payment request for this check to work properly. See How do I add shoppers to a block or trust list? to learn more.
The shopper reference is a unique identifier for a shopper. This allows the tracking of users across multiple sessions. Establish a unique shopper reference for each guest transaction where transactions are allowed without logging in.
The provided value must be an exact match of the shopper reference string contained in the payment request.
Social Security Number
Triggers based on the domain of the provided shopper social security number.
You must submit a social security number value in the payment request for this check to work properly. This check works on any provided social security-type number, such as with Brazilian CPF.
Triggers based on the domain of the provided shopper phone number.
You must submit a shopper phone number value in the payment request for this check to work properly.