Risk-management icon

Data collection to detect fraud

Find out more about the types of data Web Drop-in and Components collect, and how RevenueProtect uses that data to detect and mitigate fraud.

When you use our Web Drop-in or Components to build your checkout experience, Adyen collects data about how shoppers interact with and use the payment form. RevenueProtect uses this data to detect fraudulent payment activity, and mitigate fraud.

Data privacy

Because personal data is processed to detect fraudulent payment activity, you have to consider data privacy and adhere to privacy laws.

Before processing any shopper data, make sure that you:

  • Comply with obligations under the applicable privacy laws and regulations. Consult your legal department or an accredited third-party company to understand the data privacy regulations of the countries that you operate in.
  • Understand the requirements. Different jurisdictions may require different actions. For example, under European regulations, you are required to ask for your customer’s consent to process their data, and you have to be transparent about the use of that data. You can clarify how data is processed in your privacy and cookie statement. For example, when a shopper lands on the checkout page, your company's privacy policy could pop up and show a consent checkbox or button. It is your responsibility to keep track of the shoppers who have given consent.

How RevenueProtect uses the data

To detect fraud, and to mitigate the effects of potential fraudulent activity, RevenueProtect uses data that is collected when you use Web Drop-in or Components.

This includes the following data:

  • Device characteristics: for example the shopper's browser type, screen size, and device type.
  • Activity information: for example if credit card details were copied and pasted into the payment form, and the time between payment requests.

The anonymized data may be used across customers to determine if a transaction is legitimate. Adyen does not use this data for anything else than to detect and mitigate fraud, and does not share or use this information for marketing purposes. For more details, see Adyen's privacy statement.

This data is one of the sources to help detect and mitigate fraud. To use RevenueProtect, you have to set up risk, and configure at least one risk profile.

Data types

When you use Web Drop-in or Components, the following data is collected:

Data category Example Domain Purpose Lifetime
Cookie _RP_UID checkoutshopper-live.adyen.com This cookie is used to track users, and helps identify suspicious browsing and/or purchasing activity. 30 days in the browser
Device information Attributes about the users' device, including User Agent, Browser Type, Device Model, and Operating System. Checkout API Collecting device information helps identify suspicious user behavior or transaction patterns. Indefinite
Behavior information How much time a shopper spent on the checkout page, if they copied and pasted payment details, and how long it took the shopper to complete certain actions like filling in a field. Checkout API Collecting behavior information lets Adyen analyze and identify suspicious user behavior and transaction patterns. Indefinite

Configure risk data collection

Risk data collection is included in the Adyen checkout configuration, and is turned on by default when you build your integration with Web Drop-in or Components. It is a separate setting that is independent of your RevenueProtect configuration.

It is possible to turn off risk data collection, but this increases the chance that you will be exposed to and experience fraud.

To configure risk data collection, include the following in the AdyenCheckout configuration:

Parameter Description
risk.enabled Indicates if you are collecting and sending risk data to Adyen. Default: true.

See also