Risk lists, also called block and allow lists or referrals, let you block or allow a transaction based on Adyen's data, your own data, or lists provided by third parties.
Requirements
Before you begin, take into account the following requirements and limitations.
| Requirement | Description |
|---|---|
| Integration type | Make sure that you have built an online payments integration and that risk management is enabled. |
| Customer Area roles | Make sure that you have one of the following role(s):
|
| Limitations | Custom risk lists require that you enable premium features. By default, shopper details such as name, email, and IP address are masked. To view unmasked shopper details, your user must have the Merchant view PII user role. |
How it works
By default, risk lists are aggregated and maintained per company account. This means you can provide a setting once and apply it to all merchant accounts under the company account. If you want to have separate risk lists for each merchant account, you can configure this in your risk settings.
Risk lists apply to payments made with credit and debit cards, SEPA Direct Debit, and PayPal by default. If you are using more payment methods, and want to include them in the risk evaluation, make sure you add the payment method in your risk settings.
You can configure risk lists in different ways for different risk profiles.
Make sure that you submit the required fields in the payment request to trigger the risk list. For example, if you have set up risk lists for shopper email addresses, make sure you include the shopperEmail field in your payment request.
Default risk lists
The following lists are available by default to let you block or allow specific shopper-related or card and bank-related details:
| List type | List name | List description |
|---|---|---|
| Card and bank related details |
Bank account number |
Block or trust a bank account based on its IBAN. Or, in the US or Canada, block or trust the account number and routing number for accounts such as Pay by Bank (US), ACH Direct Debit, or EFT PADs. |
Card number |
Block or trust a card based on its PAN. |
|
Bank identification number (BIN) |
Block or trust a card based on its BIN. |
|
|
Adyen global referral list |
This risk list contains card and bank account numbers that are reported by the schemes as stolen or fraudulent. Transactions that match an entry on this list will be blocked before authorization, but the details are not visible in your block list. You can indicate if you want to use the global referral list in the risk settings. |
|
| Shopper related details |
Shopper address |
Block or trust a shopper based on a billing or delivery address. |
|
Shopper email |
Block or trust a shopper based on an email address. |
|
|
Email domain |
Block or trust a shopper based on an email domain. |
|
|
Shopper IP address |
Block or trust a shopper based on an IP address. |
|
|
Shopper name |
Block or trust a shopper based on the input in the shopper name, cardholder name, or passenger name field, if provided. |
|
|
Shopper reference |
Block or trust a shopper based on shopper reference. |
|
|
Social security number |
Block or trust a shopper based on a social security number. |
|
|
Paypal Payer ID |
Block or trust a shopper based on Paypal Payer ID. |
|
|
Phone number |
Block or trust a shopper based on a phone number. |
View risk lists
To view the default risk lists in your Customer Area:
- Go to Revenue & risk > Risk profiles.
- Select a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected.
- Select the Risk rules tab.
- Select Allow and expand the Default allow lists, or select Block and expand the Default block lists.
Edit risk lists
Use any of the following methods to add or remove items from risk lists in your Customer Area:
- Add a single item to a risk list
- Populate a risk list with a CSV file
- Populate risk lists through the Referrals API
- Edit a risk list from the Fraud control widget
Shopper details such as name, email, and IP address are masked by default. To view unmasked shopper details, your user must have the Merchant view PII user role.
If your user does not have this role, edit risk lists using the Fraud control widget.
Add a single item to a risk list
To manually add an item to a risk list:
- Log in to your Customer Area.
- Go to Revenue & risk > Risk profiles.
- Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.
- Select the Risk rules tab.
- Select the Block or Allow tab.
- Select Default block lists or Default allow lists.
- Select a risk list, then select See and edit referral list.
- Select Add item.
- Fill in the information in the panel, and select Add item.
Populate a risk list with a CSV file
Most risk lists allow you to add multiple items with a .csv file. When you open a risk list in your Customer Area, and select the option to upload a CSV file, you get formatting examples and instructions.
- Log in to your Customer Area.
- Go to Revenue & risk > Risk profiles.
- Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.
- Select the Risk rules tab.
- Select the Block or Allow tab.
- Select Default block lists or Default allow lists.
- Select a risk list, then select See and edit referral list.
- Select Upload CSV.
- Follow the directions, and select Upload.
Populate risk lists through the Referrals API
You can use our Referrals API to automate uploading lists of referrals and referral details to block and allow lists.
For more information, see Automate submitting referrals.
Edit a risk list from the Fraud control widget
You can add or remove items from risk lists based on a specific transaction in the Fraud control widget.
- Log in to your Customer Area.
- Select Transactions > Payments.
- Select the PSP reference for the transaction you want to block.
- On the Payment details page, in the Fraud control widget, select the attribute you want to block or allow, and select Apply.
You can allow or block any of the following attributes. Depending on the payment method, some attributes may not be available:- Card holder / consumer name
- Shopper email address
- Shopper IP address
- Shopper reference
- Used card / bank account number