--- title: "Risk lists" description: "Use lists of known shopper details to block or allow a transaction." url: "https://docs.adyen.com/risk-management/configure-your-risk-profile/risk-lists" source_url: "https://docs.adyen.com/risk-management/configure-your-risk-profile/risk-lists.md" canonical: "https://docs.adyen.com/risk-management/configure-your-risk-profile/risk-lists" last_modified: "2021-09-21T17:17:00+02:00" language: "en" --- # Risk lists Use lists of known shopper details to block or allow a transaction. [View source](/risk-management/configure-your-risk-profile/risk-lists.md) Risk lists, also called block and allow lists or referrals, let you block or allow a transaction based on Adyen's data, your own data, or lists provided by third parties. ## Requirements Before you begin, take into account the following requirements and limitations. | Requirement | Description | | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Integration type** | Make sure that you have built an [online payments integration](/online-payments/build-your-integration/) and that [risk management is enabled](/risk-management/configure-risk-settings/). | | **[Customer Area roles](/account/user-roles/#risk)** | Make sure that you have one of the following role(s):- **Manage referral lists** - **Risk admin** | | **Limitations** | You can only use custom risk lists when you enable [premium features](/risk-management#risk-engine). | ## How it works By default, risk lists are aggregated and maintained per company account. This means you can provide a setting once and apply it to all merchant accounts under the company account. If you want to have separate risk lists for each merchant account, you can configure this in your [risk settings](/risk-management/configure-risk-settings). Risk lists apply to payments made with credit and debit cards, SEPA Direct Debit, and PayPal by default. If you are using more payment methods, and want to include them in the risk evaluation, make sure you add the payment method in your [risk settings](/risk-management/configure-risk-settings). You can configure risk lists in different ways for different [risk profiles](/risk-management/create-a-risk-profile). Make sure that you submit the required fields in the payment request to trigger the risk list. For example, if you have set up risk lists for shopper email addresses, make sure you include the `shopperEmail` field in your payment request. ## Default risk lists The following lists are available by default to let you block or allow specific shopper-related or card and bank-related details: | List type | List name | List description | | ----------------------------- | -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Card and bank related details | Bank account number | Block or trust a bank account based on its IBAN, or based on the account number and routing number in the US or Canada. | | | Card number | Block or trust a card based on its [PAN](/get-started-with-adyen/adyen-glossary#card-number-pan). | | | Bank identification number (BIN) | Block or trust a card based on its [BIN](/get-started-with-adyen/adyen-glossary#bank-identification-number-bin). | | | Adyen global referral list | This risk list contains card and bank account numbers that are reported by the schemes as stolen or fraudulent. Transactions that match an entry on this list will be blocked before authorization, but the details are not visible in your block list. You can indicate if you want to use the global referral list in the [risk settings](/risk-management/configure-risk-settings). | | Shopper related details | Shopper address | Block or trust a shopper based on a billing or delivery address. | | | Shopper email | Block or trust a shopper based on an email address. | | | Email domain | Block or trust a shopper based on an email domain. | | | Shopper IP address | Block or trust a shopper based on an IP address. | | | Shopper name | Block or trust a shopper based on a name. | | | Shopper reference | Block or trust a shopper based on [shopper reference](/online-payments/tokenization#shopper-reference-management). | | | Social security number | Block or trust a shopper based on a social security number. | | | Paypal Payer ID | Block or trust a shopper based on Paypal Payer ID. | | | Phone number | Block or trust a shopper based on a phone number. | ## View risk lists To view the default risk lists in your [Customer Area](https://ca-test.adyen.com/): 1. Go to **Revenue & risk** > **Risk profiles**. 2. Select a risk profile if you are logged in to your Company account. If you are logged in to a Merchant account, the risk profile is already selected. 3. Select the **Risk rules** tab. 4. Select **Allow** and expand the **Default allow lists**, or select **Block** and expand the **Default block lists**. ## Edit risk lists Use any of the following methods to add or remove items from risk lists in your [Customer Area](https://ca-test.adyen.com/): * [Add a single item to a risk list](#add-a-single-item-to-a-risk-list) * [Populate a risk list with a CSV file](#populate-a-risk-list-with-a-csv-file) * [Populate risk lists through the Referrals API](#populate-risk-lists-through-the-referrals-api) * [Edit a risk list from the **Fraud control** widget](#edit-a-risk-list-from-the-fraud-control-widget) * [Block US and Canadian bank accounts](#block-us-and-canadian-bank-accounts) ### Add a single item to a risk list To manually add an item to a risk list: 1. Log in to your [Customer Area](https://ca-test.adyen.com/). 2. Go to **Revenue & risk** > **Risk profiles**. 3. Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected. 4. Select the **Risk rules** tab. 5. Select the **Block** or **Allow** tab. 6. Select **Default block lists** or **Default allow lists**. 7. Select a risk list, then select **See and edit referral list**. 8. Select **Add item**. 9. Fill in the information in the panel, and select **Add item**. ### Populate a risk list with a CSV file Most risk lists allow you to add multiple items with a `.csv` file. When you open a risk list in your Customer Area, and select the option to upload a CSV file, you get formatting examples and instructions. 1. Log in to your [Customer Area](https://ca-test.adyen.com/). 2. Go to **Revenue & risk** > **Risk profiles**. 3. Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected. 4. Select the **Risk rules** tab. 5. Select the **Block** or **Allow** tab. 6. Select **Default block lists** or **Default allow lists**. 7. Select a risk list, then select **See and edit referral list**. 8. Select **Upload CSV**. 9. Follow the directions, and select **Upload**. ### Populate risk lists through the Referrals API You can use our Referrals API to automate uploading lists of referrals and referral details to block and allow lists. For more information, see [Automate submitting referrals](/risk-management/automate-submitting-referrals). ### Edit a risk list from the **Fraud control** widget You can add or remove items from risk lists based on a specific transaction in the **Fraud control** widget. 1. Log in to your [Customer Area](https://ca-test.adyen.com/). 2. Select **Transactions** > **Payments**. 3. Select the PSP reference for the transaction you want to block. 4. On the **Payment details** page, in the **Fraud control** widget, select the attribute you want to block or allow, and select **Apply**.\ You can allow or block any of the following attributes. Depending on the payment method, some attributes may not be available: * Card holder / consumer name * Shopper email address * Shopper IP address * Shopper reference * Used card / bank account number\ See [Block US and Canadian bank accounts](#block-us-and-canadian-bank-accounts) for specific information on blocking these account numbers. ### Block US and Canadian bank accounts You must create a custom rule to block bank account numbers from the US or Canada (for example [Pay by Bank](/payment-methods/pay-by-bank-us), [ACH](/payment-methods/ach-direct-debit) direct debit, and EFT [PADs](/payment-methods/pad)). Risk list coverage for US and Canadian bank account numbers is currently only available in [Premium protect](/risk-management/create-a-risk-profile#risk-profile). 1. Add the account number to a risk list: 1. In your in your [Customer Area](https://ca-test.adyen.com/), select **Transactions** > **Payments**. 2. Select the PSP reference for the transaction with the bank account you want to block. 3. On the **Payment details** page, in the **Fraud control** widget, check the **Used card / bank account number** box and the **Block** radio button. 4. Select **Apply**. 2. Create a new [custom rule](/risk-management/configure-your-risk-profile/custom-rules) to **Block** the bank account number: 1. Go to **Revenue & risk** > **Risk profiles**. 2. Select a risk profile if you are logged in to your company account. If you are logged in to a merchant account, the risk profile is already selected. 3. Select the **Risk rules** tab. 4. Select **+ Create new rule**, select **Pre-authorization**, and select **Create custom rule**. 5. Enter a rule name. 6. Select a label in the dropdown. 7. In the Conditions field, select `bankAccountRoutingInfo`. 8. Select the **is in list** operator. 9. Select the **Bank Account number & Routing Info block list**. 10. At the bottom of the page, select **Create new rule**. ## See also * [Custom rules](/risk-management/configure-your-risk-profile/custom-rules) * [Machine learning rules](/risk-management/configure-your-risk-profile/machine-learning-rules) * [Post-authorization rules](/risk-management/configure-your-risk-profile/post-auth-rules) * [Data quality and risk field reference](/risk-management/configure-your-risk-profile/risk-field-reference)