--- title: "Post-authorization rules" description: "Use post-authorization signals in risk rules to block or allow a transaction." url: "https://docs.adyen.com/risk-management/configure-your-risk-profile/post-auth-rules" source_url: "https://docs.adyen.com/risk-management/configure-your-risk-profile/post-auth-rules.md" canonical: "https://docs.adyen.com/risk-management/configure-your-risk-profile/post-auth-rules" last_modified: "2023-01-20T10:19:00+01:00" language: "en" --- # Post-authorization rules Use post-authorization signals in risk rules to block or allow a transaction. [View source](/risk-management/configure-your-risk-profile/post-auth-rules.md) After a transaction has been authorized, you get new information from the card scheme and the issuing bank. For example, you will know if there was a liability shift, if the CVC code was entered correctly, and if the address details matched. You can use this information to influence the risk evaluation after authorization. ## Requirements Before you begin, take into account the following requirements and limitations. | Requirement | Description | | ---------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Integration type** | Make sure that you have built an [online payments integration](/online-payments/build-your-integration/) and that [risk management is enabled](/risk-management/configure-risk-settings/). | | **[Customer Area roles](/account/user-roles/#risk)** | Make sure that you have one of the following role(s):- **Merchant change risk settings** - **Risk admin** | | **Limitations** | Because the post-authorization rules for AVS, CVC, and liability shift run after authorization, it is not possible to link the rules to [Dynamic 3D Secure](/risk-management/dynamic-3d-secure/). The liability shift rule does not trigger for recurring [merchant-initiated transactions](/get-started-with-adyen/adyen-glossary/#contauth-continuous-authorization) where the shopper interaction is **ContAuth**. | ## How it works Post-authorization rules let you influence the risk evaluation based on information that becomes available after authorization. For example, you can block the transaction if there is a mismatch in the address details or if the card verification code is incorrect. Or, you can block transactions when there is no liability shift. All post-authorization rules are disabled by default. Because there is a risk of shopper input errors for both the CVC field and address details, enabling these risk rules may result in a higher number of declined transactions because of mismatches. We recommend that you use the [Adyen Uplift](/uplift/#uplift-optimize) Optimize settings, and set Smart Payment Messaging to optimize low risk transactions only. When you [enable a post-authorization rule](#enable-post-auth), and a transaction matches the rule, the transaction can be part of [control traffic](/risk-management/control-traffic/). You can then analyze and identify any false positives. When you enable Protect premium, you can create more specific [custom post-authorization rules](/risk-management/configure-your-risk-profile/custom-rules/) instead. You can use the following post-authorization rules: * **Address Verification System (AVS)**\ This rule checks for mismatches in address details. [Address Verification System](/risk-management/avs-checks/) (AVS) is a security feature that compares the billing address that the shopper entered with the cardholder address on file at the issuer. * **Card Verification Code (CVC)**\ This rule verifies if the Card Verification Code (CVC2/CVV2/CID) matches after authorization by the issuing bank. The rule does not trigger for recurring transactions because it runs only on the initial transaction. * **Liability shift status blocked** and **Liability shift status allowed**\ These rules check if a liability shift has or has not occurred. A liability shift occurs when the liability of chargebacks passes from you to the issuing bank. This happens when the transaction has been verified through 3D Secure. ## Configure a post-authorization rule To configure a post-authorization rule, in your [Customer Area](https://ca-test.adyen.com/): 1. Go to **Revenue & risk** > **Risk profiles**. 2. Select a risk profile. 3. Select **Risk rules**. 4. Select **Block**. 5. Select the post-authorization rule that you want to configure, select **Configure rule options**, and select when you want to block the transaction: | Rule | Options | | --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Address Verification System (AVS) | Select when you want to block the transaction:- Postal code and address do not match. - Address does not match. - Postal code does not match. | | Card Verification Code (CVC) | Select when you want to block the transaction:- CVC is provided but does not match. - CVC does not match, is not provided, or the issuer cannot perform the check. | | Liability shift status blocked | Select which transactions you want to block when there is no liability shift:- Default setting: All 3D Secure transactions. - Only 3D Secure transactions without technical errors. - All e-commerce credit card transactions. Select when you want to trigger the rule:- Default setting: 3D Secure liability shift has not taken place. - Full authentication not achieved. | 6. Select **Save**. ## Enable a post-authorization rule To enable a post-authorization block rule, in your [Customer Area](https://ca-test.adyen.com/): 1. Go to **Revenue & risk** > **Risk profiles**. 2. Select a risk profile. 3. Select **Risk rules**. 4. Select **Block**. 5. Select one or more of the following: * **Address Verification System (AVS)** > **Enabled**. * **Card Verification Code (CVC)** > **Enabled**. * **Liability shift status blocked** > **Enabled**. 6. Select **Save changes**. To allow based on liability shift status: 1. Go to **Revenue & risk** > **Risk profiles**. 2. Select a risk profile. 3. Select **Risk rules**. 4. Select **Allow**. 5. Select **Liability shift status allowed** > **Enabled**. 6. Select **Save changes**. ## See also * [Address Verification System (AVS)](/risk-management/avs-checks/) * [Risk lists](/risk-management/configure-your-risk-profile/risk-lists) * [Custom rules](/risk-management/configure-your-risk-profile/custom-rules) * [Machine learning rules](/risk-management/configure-your-risk-profile/machine-learning-rules) * [Data quality and risk field reference](/risk-management/configure-your-risk-profile/risk-field-reference) * [Adyen Uplift](/uplift)