Search

Are you looking for test card numbers?

Would you like to contact support?

Velocity rules

Velocity checks trigger based on the number of transactions a shopper has attempted in a given time. The average number of transactions from a good shopper varies depending on your business, so configure these checks to the behavior of your shoppers.

If a shopper abandons the transaction after redirecting to a payment method or 3D Secure, this is counted as an attempt and adds to the count. These abandoned attempts are not listed in your payments.

Velocity Rules trigger at the merchant account level, and the number of times the rule is triggered is not aggregated across the company account.

Card/Bank Account holder name usage frequency

This check fires when the number of transactions associated with the same card holder name exceeds the configured threshold. The time threshold is a moving window calculated backwards from the moment of the transaction. 

Fraudsters often use the same card holder name when testing cards, so as to more easily automated their process. This check is aimed at detecting when the same name is being used across a set number of transactions. 

Contact the Adyen Support Team to enable this risk rule for recurring payments.

Configuration Options

  • Merchants can establish a threshold for both the number of transactions and the timeframe allowed. The default is 6 times over 6 hours.
  • The risk fires on the transaction after the set threshold. So, if you set a threshold of 6 in 6 hours, it fires on the 7th transaction in that 6 hours. 

Card/Bank Account Number Already Used by Other Shopper

This check fires when a the payment method for the transaction has already been used with a different Shopper Reference.

Fraudsters often create multiple accounts and attempt to use the same compromised account with different techniques and attack vectors. This check is aimed at identifying when a payment method is being used across multiple accounts. Note that there are some legitimate cases in which this would occur:

  • The user may have multiple accounts. 
  • It may be a shared card in a family or business setting. 
  • The shopper may attempt a transaction as a guest (assuming the merchant is assigning guests a shopper reference).
Contact the Adyen Support Team to enable this risk rule for recurring payments.

Configuration Options

  • By default, this check only cross-checks transactions within the same merchant account. The rule can be configured to assess all transactions across the merchants entire company account.

Card/Bank Account Number Usage Frequency

This check fires when the number of transactions associated with a payment methods exceeds the configured threshold. The time threshold is a moving window calculated backwards from the moment of the transaction. 

Contact the Adyen Support Team to enable this risk rule for recurring payments.

Configuration Options

  • Merchants can establish a threshold for both the number of transactions and the timeframe allowed. The default is 6 times over 6 hours.
  • The risk fires on the transaction after the set threshold. So, if you set a threshold of 6 in 6 hours, it fires on the 7th transaction in that 6 hours. 

Card Number Chunk Usage Frequency

This check fires when the number of transactions associated with the same first-12-card-digits exceeds the configured threshold. The time threshold is a moving window calculated backward from the moment of the transaction. 

Fraudsters often target a particular range of credit card numbers for some attacks. This check is aimed at generalizing the card number velocity check to also include velocity across an entire BIN range. 

Contact the Adyen Support Team to enable this risk rule for recurring payments.

Configuration Options

  • Merchants can establish a threshold for both the number of transactions and the timeframe allowed. The default is 6 times over 6 hours.
  • The risk fires on the transaction after the set threshold. So, if you set a threshold of 6 in 6 hours, it fires on the 7th transaction in that 6 hours. 

Different Cards/Bank Accounts Used by the Same Shopper

This check fires when the same payment details have been used by the same shopper reference in the last 48 hours.

The optional shopperReference field allows merchants to pass a unique user identifier with the transaction. This is usually the unique user ID used to identify the user in your internal systems. By using this field, this check acts as a velocity check on any particular user on your site. This is particularly important for account takeovers, which tend to come from registered accounts with otherwise good history.

Contact the Adyen Support Team to enable this risk rule for recurring payments.

Duplicate Merchant Reference

This risk check initiates when  a duplicate merchant reference is used within a specific time frame. Do not use dummy data as a merchant reference. As the merchant reference is not generated by shoppers, the rule is not meant to prevent fraudulent payments.

Configuration options

  • A threshold for the time frame.

  • When the system stores the merchant reference (pre auth or post auth).

Shopper Email Usage Frequency

This check fires when the number of transactions associated with the transaction email address exceeds the configured threshold. The time threshold is a moving window is calculated backward from the moment of the transaction. 

It is time intensive for fraudsters to collect new email addresses. As such, fraud is often attempted in clusters coming from the same email address in a given time period. This check is aimed at allow merchants to set velocity limits on any particular email address.

Contact the Adyen Support Team to enable this risk rule for recurring payments.

Configuration Options

  • Merchants can establish a threshold for both the number of transactions and the timeframe allowed. The default is 5 times over 30 minutes. 
  • The risk fires on the transaction after the set threshold. So, if you set a threshold of 5 in 30 minutes, it fires on the 6th transaction in that 30 minutes. 

Shopper IP usage frequency

This check fires when the number of transactions associated with the shopper IP address exceeds the configured threshold. The time threshold is a moving window calculated backwards from the moment of the transaction. 

Fraudsters often use the same IP address for a number of fraudulent transactions in a row, possibly attempting different cards or techniques. This check is aimed to allow merchants to set velocity limits on any particular IP address.

Contact the Adyen Support Team to enable this risk rule for recurring payments.

Configuration Options

  • Merchants can establish a threshold for both the number of transactions and the timeframe allowed. The default is 5 times over 30 minutes. 
  • The risk fires on the transaction after the set threshold. So, if you set a threshold of 5 in 30 minutes, it fires on the 6th transaction in that 30 minutes. 

Shopping Frequency

This check fires when a set threshold of transactions-per-shopper is met in a given time period. Unlike other velocity checks, which are based on a single matching attribute, there are multiple attributes used to quantify a shopper for this check.

Configuration Options

  • Merchants can establish a threshold for both the number of transactions and the timeframe allowed.
    The default is 5 times over 90 minutes.
  • The risk fires on the transaction after the set threshold. So, if you set a threshold of 5 in 90 minutes, it fires on the 6th transaction in the 90-minute period preceding the transaction.
  • The following data types can be used with this check:

    1. Device Fingerprint: Device fingerprinting is a technique used to identify shoppers by making a fingerprint of their device/browser. In most cases, the fingerprint is unique for each device/browser. It is the same only if shoppers have exactly the same browser, same settings, same plugins, etc. Contact support to ask about using device fingerprinting with your account.
    2. Persistent Cookie: A persistent cookie is a unique identifier stored in different places on the shopper's device. This persistent cookie is extremely hard to remove by the shopper, and can even work cross-browser. To turn on persistent cookie tracking for your account contact Support Team.
    3. Shopper IP
    4. Shopper Email Address
  • Each data type selection increases the required number of attributes that need to match to consider two transactions coming from the same shopper.

Shopper Delivery Address frequency

This check fires when the number of transactions associated with the shopper delivery address exceeds the configured threshold. The time threshold is a moving window calculated backwards from the moment of the transaction.

Fraudsters often use the same shipping address to receive stolen goods. This check is aimed to allow merchants to set velocity limits on any particular shipping address.

Contact the Adyen Support Team to enable this risk rule for recurring payments.

Configuration Options

  • Merchants can establish a threshold for both the number of transactions and the timeframe allowed. The default is 5 times over 30 minutes.
  • The risk fires on the transaction after the set threshold. So, if you set a threshold of 5 in 30 minutes, it fires on the 6th transaction in that 30 minutes.