{"title":"Risk lists","category":"default","creationDate":1632237420,"content":"<p>Risk lists, also called block and allow lists or referrals, let you block or allow a transaction based on Adyen's data, your own data, or lists provided by third parties.<\/p>\n<h2>Requirements<\/h2>\n<p>Before you begin, take into account the following requirements and limitations.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">Make sure that you have built an <a href=\"\/online-payments\/build-your-integration\/\">online payments integration<\/a> and that <a href=\"\/risk-management\/configure-risk-settings\/\">risk management is enabled<\/a>.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong><a href=\"\/account\/user-roles\/#risk\">Customer Area roles<\/a><\/strong><\/td>\n<td style=\"text-align: left;\">Make sure that you have one of the following role(s): <ul><li markdown=\"1\"><strong>Manage referral lists<\/strong><\/li><li markdown=\"1\"><strong>Risk admin<\/strong><\/li><\/ul><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Limitations<\/strong><\/td>\n<td style=\"text-align: left;\">You can only use custom risk lists when you enable <a href=\"\/risk-management#risk-engine\">premium features<\/a>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>How it works<\/h2>\n<p>By default, risk lists are aggregated and maintained per company account. This means you can provide a setting once and apply it to all merchant accounts under the company account. If you want to have separate risk lists for each merchant account, you can configure this in your <a href=\"\/risk-management\/configure-risk-settings\">risk settings<\/a>.<\/p>\n<p>Risk lists apply to payments made with credit and debit cards, SEPA Direct Debit, and PayPal by default. If you are using more payment methods, and want to include them in the risk evaluation, make sure you add the payment method in your <a href=\"\/risk-management\/configure-risk-settings\">risk settings<\/a>.<\/p>\n<p>You can configure risk lists in different ways for different <a href=\"\/risk-management\/create-a-risk-profile\">risk profiles<\/a>.<\/p>\n<p>Make sure that you submit the required fields in the payment request to trigger the risk list. For example, if you have set up risk lists for shopper email addresses, make sure you include the <code>shopperEmail<\/code> field in your payment request.<\/p>\n<h2>Default risk lists<\/h2>\n<p>The following lists are available by default to let you block or allow specific shopper-related or card and bank-related details:<\/p>\n<table>\n  <thead>\n    <tr>\n      <th>List type<\/th>\n      <th>List name<\/th>\n      <th>List description<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr>\n      <td rowspan=\"4\">Card and bank related details<\/td>\n      <td>\n<p>Bank account number<\/p>\n<\/td>\n      <td>\n<p>Block or trust a bank account based on its IBAN, or based on the account number and routing number in the US or Canada.<\/p>\n<\/td>\n    <\/tr>\n      <td>\n<p>Card number<\/p>\n<\/td>\n      <td>\n<p>Block or trust a card based on its <a href=\"\/get-started-with-adyen\/adyen-glossary#card-number-pan\">PAN<\/a>.<\/p>\n<\/td>\n    <tr>\n      <td>\n<p>Bank identification number (BIN)<\/p>\n<\/td>\n      <td>\n<p>Block or trust a card based on its <a href=\"\/get-started-with-adyen\/adyen-glossary#bank-identification-number-bin\">BIN<\/a>.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Adyen global referral list<\/p>\n<\/td>\n      <td>\n<p>This risk list contains card and bank account numbers that are reported by the schemes as stolen or fraudulent. Transactions that match an entry on this list will be blocked before authorization, but the details are not visible in your block list. You can indicate if you want to use the global referral list in the <a href=\"\/risk-management\/configure-risk-settings\">risk settings<\/a>.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td rowspan=\"9\">Shopper related details<\/td>\n      <td>\n<p>Shopper address<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on a billing or delivery address.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Shopper email<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on an email address.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Email domain<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on an email domain.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Shopper IP address<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on an IP address.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Shopper name<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on a name.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Shopper reference<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on <a href=\"\/online-payments\/tokenization#shopper-reference-management\">shopper reference<\/a>.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Social security number<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on a social security number.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Paypal Payer ID<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on Paypal Payer ID.<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n      <td>\n<p>Phone number<\/p>\n<\/td>\n      <td>\n<p>Block or trust a shopper based on a phone number.<\/p>\n<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table>\n<h2>View risk lists<\/h2>\n<p>To view the default risk lists in your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>:<\/p>\n<ol>\n<li>Go to <strong>Revenue &amp; risk<\/strong> &gt; <strong>Risk profiles<\/strong>.<\/li>\n<li>Select a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected.<\/li>\n<li>Select the <strong>Risk rules<\/strong> tab.<\/li>\n<li>Select <strong>Allow<\/strong> and expand the <strong>Default allow lists<\/strong>, or select <strong>Block<\/strong> and expand the <strong>Default block lists<\/strong>.<\/li>\n<\/ol>\n<h2>Edit risk lists<\/h2>\n<p>Use any of the following methods to add or remove items from risk lists in your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>:<\/p>\n<ul>\n<li><a href=\"#add-a-single-item-to-a-risk-list\">Add a single item to a risk list<\/a><\/li>\n<li><a href=\"#populate-a-risk-list-with-a-csv-file\">Populate a risk list with a CSV file<\/a><\/li>\n<li><a href=\"#populate-risk-lists-through-the-referrals-api\">Populate risk lists through the Referrals API<\/a><\/li>\n<li><a href=\"#edit-a-risk-list-from-the-fraud-control-widget\">Edit a risk list from the <strong>Fraud control<\/strong> widget<\/a><\/li>\n<li><a href=\"#block-us-and-canadian-bank-accounts\">Block US and Canadian bank accounts<\/a><\/li>\n<\/ul>\n<h3>Add a single item to a risk list<\/h3>\n<p>To manually add an item to a risk list:<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>.<\/li>\n<li>Go to <strong>Revenue &amp; risk<\/strong> &gt; <strong>Risk profiles<\/strong>.<\/li>\n<li>Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.<\/li>\n<li>Select the <strong>Risk rules<\/strong> tab.<\/li>\n<li>Select the <strong>Block<\/strong> or <strong>Allow<\/strong> tab.<\/li>\n<li>Select <strong>Default block lists<\/strong> or <strong>Default allow lists<\/strong>.<\/li>\n<li>Select a risk list, then select <strong>See and edit referral list<\/strong>.<\/li>\n<li>Select <strong>Add item<\/strong>.<\/li>\n<li>Fill in the information in the panel, and select <strong>Add item<\/strong>.<\/li>\n<\/ol>\n<h3>Populate a risk list with a CSV file<\/h3>\n<p>Most risk lists allow you to add multiple items with a <code>.csv<\/code> file. When you open a risk list in your Customer Area, and select the option to upload a CSV file, you get formatting examples and instructions.<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>.<\/li>\n<li>Go to <strong>Revenue &amp; risk<\/strong> &gt; <strong>Risk profiles<\/strong>.<\/li>\n<li>Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.<\/li>\n<li>Select the <strong>Risk rules<\/strong> tab.<\/li>\n<li>Select the <strong>Block<\/strong> or <strong>Allow<\/strong> tab.<\/li>\n<li>Select <strong>Default block lists<\/strong> or <strong>Default allow lists<\/strong>.<\/li>\n<li>Select a risk list, then select <strong>See and edit referral list<\/strong>.<\/li>\n<li>Select <strong>Upload CSV<\/strong>.<\/li>\n<li>Follow the directions, and select <strong>Upload<\/strong>.<\/li>\n<\/ol>\n<h3>Populate risk lists through the Referrals API<\/h3>\n<p>You can use our Referrals API to automate uploading lists of referrals and referral details to block and allow lists.<\/p>\n<p>For more information, see <a href=\"\/risk-management\/automate-submitting-referrals\">Automate submitting referrals<\/a>.<\/p>\n<h3>Edit a risk list from the <strong>Fraud control<\/strong> widget<\/h3>\n<p>You can add or remove items from risk lists based on a specific transaction in the <strong>Fraud control<\/strong> widget.<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>.<\/li>\n<li>Select <strong>Transactions<\/strong> &gt; <strong>Payments<\/strong>.<\/li>\n<li>Select the PSP reference for the transaction you want to block.<\/li>\n<li>On the <strong>Payment details<\/strong> page, in the <strong>Fraud control<\/strong> widget, select the attribute you want to block or allow, and select <strong>Apply<\/strong>.<br \/>\nYou can allow or block any of the following attributes. Depending on the payment method, some attributes may not be available: <ul>\n<li>Card holder \/ consumer name<\/li>\n<li>Shopper email address<\/li>\n<li>Shopper IP address<\/li>\n<li>Shopper reference<\/li>\n<li>Used card \/ bank account number<br \/>\nSee <a href=\"#block-us-and-canadian-bank-accounts\">Block US and Canadian bank accounts<\/a> for specific information on blocking these account numbers.<\/li>\n<\/ul><\/li>\n<\/ol>\n<h3>Block US and Canadian bank accounts<\/h3>\n<p>You must create a custom rule to block bank account numbers from the US or Canada (for example <a href=\"\/payment-methods\/pay-by-bank-us\">Pay by Bank<\/a>, <a href=\"\/payment-methods\/ach-direct-debit\">ACH<\/a> direct debit, and EFT <a href=\"\/payment-methods\/pad\">PADs<\/a>).<\/p>\n<div class=\"notices green\">\n<p>Risk list coverage for US and Canadian bank account numbers is currently only available in <a href=\"\/risk-management\/create-a-risk-profile#risk-profile\">Premium protect<\/a>. <\/p>\n<\/div>\n<ol>\n<li>\n<p>Add the account number to a risk list:<\/p>\n<ol>\n<li>In your in your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>, select <strong>Transactions<\/strong> &gt; <strong>Payments<\/strong>.<\/li>\n<li>Select the PSP reference for the transaction with the bank account you want to block.<\/li>\n<li>On the <strong>Payment details<\/strong> page, in the <strong>Fraud control<\/strong> widget, check the <strong>Used card \/ bank account number<\/strong> box and the <strong>Block<\/strong> radio button.<\/li>\n<li>Select <strong>Apply<\/strong>.<\/li>\n<\/ol>\n<\/li>\n<li>\n<p>Create a new <a href=\"\/risk-management\/configure-your-risk-profile\/custom-rules\">custom rule<\/a> to <strong>Block<\/strong> the bank account number:<\/p>\n<ol>\n<li>Go to <strong>Revenue &amp; risk<\/strong> &gt; <strong>Risk profiles<\/strong>.<\/li>\n<li>Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.<\/li>\n<li>Select the <strong>Risk rules<\/strong> tab.<\/li>\n<li>Select <strong>+ Create new rule<\/strong>, select <strong>Pre-authorization<\/strong>, and select <strong>Create custom rule<\/strong>.<\/li>\n<li>Enter a rule name.<\/li>\n<li>Select a label in the dropdown.<\/li>\n<li>In the Conditions field, select <code>bankAccountRoutingInfo<\/code>.<\/li>\n<li>Select the <strong>is in list<\/strong> operator.<\/li>\n<li>Select the <strong>Bank Account number &amp; Routing Info block list<\/strong>.<\/li>\n<li>At the bottom of the page, select <strong>Create new rule<\/strong>.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<h2>See also<\/h2>\n<div class=\"see-also-links output-inline\" id=\"see-also\">\n<ul><li><a href=\"\/risk-management\/configure-your-risk-profile\/custom-rules\"\n                        target=\"_self\"\n                        >\n                    Custom rules\n                <\/a><\/li><li><a href=\"\/risk-management\/configure-your-risk-profile\/machine-learning-rules\"\n                        target=\"_self\"\n                        >\n                    Machine learning rules\n                <\/a><\/li><li><a href=\"\/risk-management\/configure-your-risk-profile\/post-auth-rules\"\n                        target=\"_self\"\n                        >\n                    Post-authorization rules\n                <\/a><\/li><li><a href=\"\/risk-management\/configure-your-risk-profile\/risk-field-reference\"\n                        target=\"_self\"\n                        >\n                    Data quality and risk field reference\n                <\/a><\/li><\/ul><\/div>\n","url":"https:\/\/docs.adyen.com\/risk-management\/configure-your-risk-profile\/risk-lists","articleFields":{"description":"Use lists of known shopper details to block or allow a transaction.","feedback_component":true,"process":{"twig":true},"last_edit_on":"21-09-2021 17:17"},"algolia":{"url":"https:\/\/docs.adyen.com\/risk-management\/configure-your-risk-profile\/risk-lists","title":"Risk lists","content":"Risk lists, also called block and allow lists or referrals, let you block or allow a transaction based on Adyen's data, your own data, or lists provided by third parties.\nRequirements\nBefore you begin, take into account the following requirements and limitations.\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nMake sure that you have built an online payments integration and that risk management is enabled.\n\n\nCustomer Area roles\nMake sure that you have one of the following role(s): Manage referral listsRisk admin\n\n\nLimitations\nYou can only use custom risk lists when you enable premium features.\n\n\n\nHow it works\nBy default, risk lists are aggregated and maintained per company account. This means you can provide a setting once and apply it to all merchant accounts under the company account. If you want to have separate risk lists for each merchant account, you can configure this in your risk settings.\nRisk lists apply to payments made with credit and debit cards, SEPA Direct Debit, and PayPal by default. If you are using more payment methods, and want to include them in the risk evaluation, make sure you add the payment method in your risk settings.\nYou can configure risk lists in different ways for different risk profiles.\nMake sure that you submit the required fields in the payment request to trigger the risk list. For example, if you have set up risk lists for shopper email addresses, make sure you include the shopperEmail field in your payment request.\nDefault risk lists\nThe following lists are available by default to let you block or allow specific shopper-related or card and bank-related details:\n\n  \n    \n      List type\n      List name\n      List description\n    \n  \n  \n    \n      Card and bank related details\n      \nBank account number\n\n      \nBlock or trust a bank account based on its IBAN, or based on the account number and routing number in the US or Canada.\n\n    \n      \nCard number\n\n      \nBlock or trust a card based on its PAN.\n\n    \n      \nBank identification number (BIN)\n\n      \nBlock or trust a card based on its BIN.\n\n    \n    \n      \nAdyen global referral list\n\n      \nThis risk list contains card and bank account numbers that are reported by the schemes as stolen or fraudulent. Transactions that match an entry on this list will be blocked before authorization, but the details are not visible in your block list. You can indicate if you want to use the global referral list in the risk settings.\n\n    \n    \n      Shopper related details\n      \nShopper address\n\n      \nBlock or trust a shopper based on a billing or delivery address.\n\n    \n    \n      \nShopper email\n\n      \nBlock or trust a shopper based on an email address.\n\n    \n    \n      \nEmail domain\n\n      \nBlock or trust a shopper based on an email domain.\n\n    \n    \n      \nShopper IP address\n\n      \nBlock or trust a shopper based on an IP address.\n\n    \n    \n      \nShopper name\n\n      \nBlock or trust a shopper based on a name.\n\n    \n    \n      \nShopper reference\n\n      \nBlock or trust a shopper based on shopper reference.\n\n    \n    \n      \nSocial security number\n\n      \nBlock or trust a shopper based on a social security number.\n\n    \n    \n      \nPaypal Payer ID\n\n      \nBlock or trust a shopper based on Paypal Payer ID.\n\n    \n    \n      \nPhone number\n\n      \nBlock or trust a shopper based on a phone number.\n\n    \n  \n\nView risk lists\nTo view the default risk lists in your Customer Area:\n\nGo to Revenue &amp; risk &gt; Risk profiles.\nSelect a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected.\nSelect the Risk rules tab.\nSelect Allow and expand the Default allow lists, or select Block and expand the Default block lists.\n\nEdit risk lists\nUse any of the following methods to add or remove items from risk lists in your Customer Area:\n\nAdd a single item to a risk list\nPopulate a risk list with a CSV file\nPopulate risk lists through the Referrals API\nEdit a risk list from the Fraud control widget\nBlock US and Canadian bank accounts\n\nAdd a single item to a risk list\nTo manually add an item to a risk list:\n\nLog in to your Customer Area.\nGo to Revenue &amp; risk &gt; Risk profiles.\nSelect a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.\nSelect the Risk rules tab.\nSelect the Block or Allow tab.\nSelect Default block lists or Default allow lists.\nSelect a risk list, then select See and edit referral list.\nSelect Add item.\nFill in the information in the panel, and select Add item.\n\nPopulate a risk list with a CSV file\nMost risk lists allow you to add multiple items with a .csv file. When you open a risk list in your Customer Area, and select the option to upload a CSV file, you get formatting examples and instructions.\n\nLog in to your Customer Area.\nGo to Revenue &amp; risk &gt; Risk profiles.\nSelect a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.\nSelect the Risk rules tab.\nSelect the Block or Allow tab.\nSelect Default block lists or Default allow lists.\nSelect a risk list, then select See and edit referral list.\nSelect Upload CSV.\nFollow the directions, and select Upload.\n\nPopulate risk lists through the Referrals API\nYou can use our Referrals API to automate uploading lists of referrals and referral details to block and allow lists.\nFor more information, see Automate submitting referrals.\nEdit a risk list from the Fraud control widget\nYou can add or remove items from risk lists based on a specific transaction in the Fraud control widget.\n\nLog in to your Customer Area.\nSelect Transactions &gt; Payments.\nSelect the PSP reference for the transaction you want to block.\nOn the Payment details page, in the Fraud control widget, select the attribute you want to block or allow, and select Apply.\nYou can allow or block any of the following attributes. Depending on the payment method, some attributes may not be available: \nCard holder \/ consumer name\nShopper email address\nShopper IP address\nShopper reference\nUsed card \/ bank account number\nSee Block US and Canadian bank accounts for specific information on blocking these account numbers.\n\n\nBlock US and Canadian bank accounts\nYou must create a custom rule to block bank account numbers from the US or Canada (for example Pay by Bank, ACH direct debit, and EFT PADs).\n\nRisk list coverage for US and Canadian bank account numbers is currently only available in Premium protect. \n\n\n\nAdd the account number to a risk list:\n\nIn your in your Customer Area, select Transactions &gt; Payments.\nSelect the PSP reference for the transaction with the bank account you want to block.\nOn the Payment details page, in the Fraud control widget, check the Used card \/ bank account number box and the Block radio button.\nSelect Apply.\n\n\n\nCreate a new custom rule to Block the bank account number:\n\nGo to Revenue &amp; risk &gt; Risk profiles.\nSelect a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected.\nSelect the Risk rules tab.\nSelect + Create new rule, select Pre-authorization, and select Create custom rule.\nEnter a rule name.\nSelect a label in the dropdown.\nIn the Conditions field, select bankAccountRoutingInfo.\nSelect the is in list operator.\nSelect the Bank Account number &amp; Routing Info block list.\nAt the bottom of the page, select Create new rule.\n\n\n\nSee also\n\n\n                    Custom rules\n                \n                    Machine learning rules\n                \n                    Post-authorization rules\n                \n                    Data quality and risk field reference\n                \n","type":"page","locale":"en","boost":17,"hierarchy":{"lvl0":"Home","lvl1":"Risk management","lvl2":"Configure your risk profile","lvl3":"Risk lists"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/","lvl1":"https:\/\/docs.adyen.com\/risk-management","lvl2":"https:\/\/docs.adyen.com\/risk-management\/configure-your-risk-profile","lvl3":"\/risk-management\/configure-your-risk-profile\/risk-lists"},"levels":4,"category":"Risk Management","category_color":"green","tags":["lists"]}}