Guides
PortalContact Sales
Start typing to search…
  1. Risk & Fraud

Risk Rules

Risk Rules are the building blocks of a Risk Profile. They are evaluated sequentially from top to bottom when a transaction is received. Each rule inspects the transaction and returns one of four outcomes.

Accept

The transaction is approved as a Frictionless Transaction. The exemption is set according to the rule. No further rules are evaluated.

Challenge

The transaction is sent to the Challenge Flow. No further rules are evaluated.

Reject

The transaction is REJECTED. No further rules are evaluated.

Next

This rule did not determine an outcome. Evaluation continues to the next rule.

If no rule produces a definitive outcome, the transaction is challenged by default.

flowchart TD
    classDef success fill:#e6ffed,stroke:#38a169,color:#276749
    classDef terminal fill:#fff5f5,stroke:#fc8181,color:#c53030
    classDef process fill:#ebf8ff,stroke:#4299e1,color:#2c5282
    START([Transaction received]) --> R1[Rule 1]:::process
    R1 -->|Accept| ACC([Frictionless · SUCCEEDED]):::success
    R1 -->|Challenge| CHAL([Challenge Flow]):::process
    R1 -->|Reject| REJ([REJECTED]):::terminal
    R1 -->|Next| R2[Rule 2]:::process
    R2 -->|Accept| ACC2([Frictionless · SUCCEEDED]):::success
    R2 -->|Challenge| CHAL2([Challenge Flow]):::process
    R2 -->|Reject| REJ2([REJECTED]):::terminal
    R2 -->|Next| RN["... Rule N"]:::process
    RN -->|No rule matched| DEFAULT([Challenge by default]):::process

Challenge Preference Override

Transactions where the merchant prefers or mandates a challenge (3DS Requestor Challenge Indicator 03 or 04) are always challenged, regardless of rule configuration. Transactions classified as Data Share only are always accepted.

📘

This default behaviour can be overridden in the Risk Profile settings.

Risk Profile settings

Available Rule Types

Simple Rule

Universally accept, challenge, or reject all transactions regardless of their details.

Conditional Rule

Apply conditional logic based on transaction fields such as amount, merchant, device channel, or risk score.

Low-Risk Rule

Use an External Risk Engine to exempt low-risk transactions based on a configured value limit.

Acquirer Exemption Rule

Honour or deny exemption requests where the acquirer has already performed TRA or SCA.

Non-Payment Rule

Control how NPA transactions are handled by type.

Max Frictionless Transactions Rule

Challenge the cardholder once a cumulative count of frictionless transactions is reached.

Max Cumulative Frictionless Spend Rule

Challenge the cardholder once cumulative frictionless spend reaches a threshold.

PSD2 Low Value Rule

Exempt transactions meeting PSD2 Low Value Payment criteria (up to €30).

Secure Corporate Payment Rule

Exempt transactions meeting PSD2 Article 17 Secure Corporate Payment criteria.

One-Leg Transaction Rule

Exempt transactions where the acquirer is located outside the EEA.

Merchant-Initiated Rule

Exempt Merchant-Initiated Transaction (3RI) transactions where the originating transaction was authenticated.

Recurring Payment Rule

Exempt Recurring Payment transactions where the merchant and amount have been previously authenticated.

Whitelist Rule

Exempt transactions from merchants on a cardholder's Whitelist (Trusted Beneficiaries).

Stripe Delegate Authentication Rule

Exempt transactions authenticated by Stripe using delegated authentication.

Visa DAF Rule

Exempt transactions qualifying under the Visa Digital Authentication Framework.

Updated 27 days ago