Lists

    Create your own lists of information that can be used by rules to block, allow, or place in review matching payments.

    Users of Stripe Radar for Fraud Teams can create lists of specific types of information which can be referenced in rules. For example, you might want to create allow, block, or review rules using a list of:

    • Customer IDs for trusted customers. Use this list with so payments by these customers are always allowed automatically.
    • Email addresses you know are used by fraudulent customers. Automatically block any payment with an email address on this list.
    • Suspicious IP addresses. Payments that have a matching IP address can be placed into review.

    Lists make rules much more concise and easier to manage. Instead of creating individual rules for one item at a time, similar types of information (e.g., email addresses) can be added to a list for a rule to automatically make use of.

    Default lists

    Stripe Radar includes a set of default lists to help you get started. There is a separate allow list and block list for each of the following types of information, and each list is referenced in your default allow and block rules.

    Card BIN
    The Bank Identification Number (BIN) of the card being used to make the payment. This is the first six digits of the card number (e.g., 424242).
    Card country
    The two-letter code corresponding to the country where the card was issued (e.g., US).
    Card fingerprint
    The fingerprint of the card being used to make the payment. The card fingerprint is a unique Stripe identifier of a particular card number (e.g., jgcBdFrcr0xvZ7). It is a property of the Card object and is shown in the Dashboard when viewing a payment.
    Charge description
    The description supplied with the payment.
    Client IP country
    The two-letter code corresponding to the country-level geolocation of the IP address from which the payment originates (e.g., GB).
    Client IP address
    The IP address from which the payment originates (e.g., 13.112.224.240).
    Email
    The first email derived from the charge, card, or customer objects, in that order (e.g., jenny.rosen@example.com).
    Email domain
    The first email domain derived from the Charge, Card, or Customer objects, in that order (e.g., example.com).

    Custom lists

    You can create lists of your own that contain items that are a specific type of information. The types of lists you can create are:

    • String
    • Case-sensitive string
    • Card fingerprint
    • Card BIN
    • Email
    • IP address
    • Country

    Lists are created in the Dashboard. To create a new list:

    1. Click New
    2. Enter a name for the list (we automatically generate an alias to use as a reference when writing rules, though you can override this)
    3. Select the type of list to create
    4. Click Add to save your new list

    After creating your new list, add a new rule that references it.

    You can edit or remove lists you’ve created by clicking the ••• icon. You can also edit the list directly by clicking the list’s name.

    Managing list items

    You can view and remove items when viewing a list in the Dashboard. Each item includes information about when it was added and by whom. You can filter items by value, author, and date added.

    Viewing list items in the Dashboard.

    You can add items to your default block list by refunding and reporting a payment as fraudulent. Doing so takes the following actions:

    • The card fingerprint is added to your default card fingerprint block list. If the payment is made using a Customer object, the card fingerprints of any other cards also added to the list.
    • Any email address associated with the payment is added to your default email block list. The email address is taken from:
      • The receipt_email of the payment
      • The email of the Customer object that the payment was created on
      • Any email addresses found in the customer or payment description fields, and in the card’s name field

    When refunding a payment because of suspected fraud, you should indicate this reason to help our machine learning systems recognize similar cases in the future.

    You can also make a charge update request using the API and set fraud_details.user_report to fraudulent. This also adds any associated cards and email addresses to your card fingerprint and email block lists.

    Next steps

    Now that you know more about lists, read on to learn about writing rules.

    Questions?

    We're always happy to help with code or other questions you might have! Search our documentation, contact support, or connect with our sales team. You can also chat live with other developers in #stripe on freenode.

    Was this page helpful? Yes No

    Send

    Thank you for helping improve Stripe's documentation. If you need help or have any questions, please consider contacting support.