How to build effective risk profiles

Understanding risk profiles

Risk profiles let you manage which risk rules you apply to payments made on a merchant account.

Default risk profiles

When onboarding to Adyen you will receive a default risk profile to which all of your merchant accounts will be assigned. This default (parent) profile comes with a number of pre configured rules depending on the product tier

Customizing risk profiles

You may choose to keep this set up or create multiple risk profiles based on the risk and fraud needs of a particular merchant account. For example, you may want to have a stricter set of rules for a particular geo or line of business that poses a higher fraud risk. 

Building an effective risk profile

Building an effective risk profile is a continuous process that involves understanding your markets, configuring risk rules and continuously monitoring and updating your profile based on fraud trends.  

Machine Learning and Risk rules

Customizing machine learning fraud models

The latest version of our risk engine is a hybrid solution pairing powerful machine learning models with customizable risk rules. To build the most effective risk profile consider your risk and optimization goals for the merchant account. 

You are able to customize our machine learning fraud model to decide how much risk you are willing to take on. By default, the rule “Machine learning: fraud risk” will block transactions with a high risk classification. The medium and high risk thresholds aim to find a balanced approach between auth and fraud rate. 

A risk threshold of ‘Very High’ should be selected if your goal is to maximize authorization rates with the knowledge that some fraud may get through. On the opposite end a risk threshold of ‘Low’ will have the goal of minimizing fraud rates, with the possibility of blocking legitimate transactions. You are able to adjust these thresholds as you monitor their results using our Risk & Disputes Dashboard located in the Customer area. 

Creating Customer Risk Rules

Designing effective Custom Risk Rules

For an additional layer of risk and fraud mitigation Adyen’s risk engine gives you the power to create custom risk rules. In order to create effective custom risk rules consider the risk and fraud challenges that face your business. To create the most powerful custom risk rules we recommend that you send in as many of the required risk fields as possible. This allows for the creation of granular BLOCK, ALLOW, REVIEW and CHECK FOR 3DS rules. 

For example, a rule blocking all transactions with an amount greater than $5,000.00 would inevitably block good shoppers. 

But a rule blocking a transaction with all of the below conditions will only trigger on a small subset of traffic that you have determined to be high risk. 

  • An amount greater than $5,000.00 

  • A delivery address in Miami, FL 

  • A BIN of 12345 

  • More than five issuer refusals in the past 24 hours (as determined by ShopperDNA) 

Backtesting Risk Rules

In order to gain insights on a risk rule’s performance prior to enabling it you can utilize our backtesting feature.

A back test will show you the rule’s performance based on past transactions over a certain time period. The effectiveness of the rule can be determined based on the outcome of past transactions.

If your goal is to create a BLOCK rule that stops fraudulent activity you will be focused on the count and amount of fraudulent payments. This represents transactions that would have triggered your rule and that have since become notifications of fraud or fraud chargebacks. Ideally you will want to see more fraudulent than legitimate payments. The delta between these two metrics can give you insight into possible false positives and decide if the rule is worth creation based on your risk tolerance.

Based on the back rule results you can further iterate on the rule, adjusting and adding fields.

A measure of effectiveness for an ALLOW rule would not show any past transactions that have resulted in fraud. 

Keep in mind that the data pertaining to fraudulent and legitimate payments may change as additional fraud chargebacks and NoFs are received. The count and amount shown in the back testing results are based on the outcomes of transactions at the time of the back test.