Risk-team icon

Risk lists

Use lists of known shopper details to block or allow a transaction.

Risk lists, also called block and allow lists or referrals, let you block or allow a transaction based on Adyen's data, your own data, or lists provided by third parties.

Requirements

Before you begin, take into account the following requirements and limitations.

Requirement Description
Integration type Make sure that you have built an online payments integration and that risk is enabled.
Customer Area roles Make sure that you have one of the following role(s):
  • Manage referral lists
  • Risk admin
Limitations You can only use custom risk lists when you use Protect premium.

How it works

By default, risk lists are aggregated and maintained per company account. This means you can provide a setting once and apply it to all merchant accounts under the company account. If you want to have separate risk lists for each merchant account, you can configure this in your risk settings.

Risk lists apply to payments made with credit and debit cards, SEPA Direct Debit and PayPal by default. If you are using more payment methods, and want to include them in the risk evaluation, make sure you add the payment method in your risk settings.

You can configure risk lists in different ways for different risk profiles.

Make sure that you submit the required fields in the payment request to trigger the risk list. For example, if you have set up risk lists for shopper email addresses, make sure you include the shopperEmail field.

Default risk lists

The following lists are available by default to let you block or allow specific shopper-related or card and bank-related details:

List type List name List description
Card and bank related details

Bank account number

Block or trust a bank account based on its IBAN, or based on the account number and routing number in the US or Canada.

Card number

Block or trust a card based on its PAN.

Bank identification number (BIN)

Block or trust a card based on its BIN.

Adyen global referral list

This risk list contains card and bank account numbers that are reported by the schemes as stolen or fraudulent. Transactions that match an entry on this list will be blocked before authorization, but the details are not visible in your block list. You can indicate if you want to use the global referral list in the risk settings.
Shopper related details

Shopper address

Block or trust a shopper based on a billing or delivery address.

Shopper email

Block or trust a shopper based on an email address.

Email domain

Block or trust a shopper based on an email domain.

Shopper IP address

Block or trust a shopper based on an IP address.

Shopper name

Block or trust a shopper based on a name.

Shopper reference

Block or trust a shopper based on shopper reference.

Social security number

Block or trust a shopper based on a social security number.

Paypal Payer ID

Block or trust a shopper based on Paypal Payer ID.

Phone number

Block or trust a shopper based on a phone number.

View risk lists

To view the default risk lists in your Customer Area:

  1. Go to Revenue & risk > Risk profiles.
  2. Select a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected.
  3. Select the Risk rules tab.
  4. Select Allow and expand the Default allow lists, or select Block and expand the Default block lists.

Edit risk lists

Use any of the following methods to add or remove items from risk lists in your Customer Area:

Add a single item to a risk list

  1. Go to Revenue & risk > Risk profiles.
  2. Select a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected.
  3. Select the Risk rules tab.
  4. Select the Block or Allow tab.
  5. Select Default block lists or Default allow lists.
  6. Select a risk list, then select See and edit referral list.
  7. Select Add item.
  8. Fill in the information in the panel, and select Add item.

Populate a risk list with a CSV file

Most risk lists allow you to add multiple items with a .csv file.

  1. Go to Revenue & risk > Risk profiles.
  2. Select a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected.
  3. Select the Risk rules tab.
  4. Select the Block or Allow tab.
  5. Select Default block lists or Default allow lists.
  6. Select a risk list, then select See and edit referral list.
  7. Select Upload CSV.
  8. Follow the directions, and select Upload.

Populate risk lists through the Referrals API

You can use our Referrals API to automate uploading lists of referrals and referral details to block and allow lists.

For more information, see Automate submitting referrals.

Edit a risk list from the Fraud control widget

You can add or remove items from Block or Allow lists based on a specific transaction in the Fraud control widget.

  1. In your in your Customer Area, select Transactions > Payments.
  2. Select the PSP reference for the transaction you want to block.
  3. On the Payment details page, in the Fraud control widget, select the attribute you want to block or allow, and select Apply.
    You can allow or block any of the following attributes. Depending on the payment method, some attributes may not be available:
    • Card holder / consumer name
    • Shopper email address
    • Shopper IP address
    • Shopper reference
    • Used card / bank account number
      See Block US and Canadian bank accounts for specific information on blocking these account numbers.

Block US and Canadian bank accounts

You must create a custom rule to block bank account numbers from the US or Canada (for example Pay by Bank, ACH direct debit, and EFT PADs).

Risk list coverage for US and Canadian bank account numbers is currently only available in Premium protect.

  1. Add the account number to a risk list:
    1. In your in your Customer Area, select Transactions > Payments.
    2. Select the PSP reference for the transaction with the bank account you want to block.
    3. On the Payment details page, in the Fraud control widget, check the Used card / bank account number box and the Block radio button.
    4. Select Apply.
  2. Create a new custom rule to Block the bank account number:
    1. Go to Revenue & risk > Risk profiles.
    2. Select a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected.
    3. Select the Risk rules tab.
    4. Select + Create new rule, select Pre-authorization, and select Create custom rule.
    5. Enter a rule name.
    6. Select a Label in the dropdown.
    7. In the Conditions field, select bankAccountRoutingInfo.
    8. Select the is in list operator.
    9. Select the Bank Account number & Routing Info block list.
    10. At the bottom of the page, select Create new rule.

See also