Lists are meant to contain groups of items on which you would like to take a single type of action. For instance, you may set up:
- A list of trusted customer IDs. When you create an allow rule that references the trusted customer ID list, any future transaction associated with those customer IDs will be automatically allowed.
- A list of email addresses you know to be used by fraudulent customers. When you create a block rule that references the fraudulent email address list, any future transactions associated with those email addresses will be automatically blocked.
- A list of suspicious IP addresses. When you create a review rule that references the suspicious IP address list, any future transactions associated with those IP addresses will be automatically placed in review.
You can now use a single rule to reference a list of items. Using a referenced list of items in a rule is more concise and easier to edit than writing rules that reference just one item at a time.
Default Stripe lists
We’ve created 8 default allow lists and 8 default block lists to help you get started. Each of the 8 lists references a data property.
- Card BIN: The Bank Identification Number (BIN) of the card being used to make the payment. It is the first six digits of the card number (e.g., 414141).
- Card country: The two-letter code corresponding to the country where the card was issued (e.g., US).
- Card fingerprint: The fingerprint of the card being used to make the payment. The card fingerprint is a unique Stripe identifier of a particular card number (e.g., Xt5EWLLDS7FJjR1c). It is a property of the Card API object and is displayed in the dashboard when viewing a payment.
- Charge description: The description supplied with the payment.
- Client IP country: The two-letter code corresponding to the country-level geolocation of the IP address from which the payment originates (e.g., GB).
- Client IP address: The IP address from which the payment originates (e.g., 220.127.116.11)
- Email: The first email derived from the charge, card, or customer objects, in that order (e.g., firstname.lastname@example.org).
- Email domain: The first email domain derived from the charge, card, or customer objects, in that order (e.g., stripe.com).
These default lists are referenced in two default rules: one allow rule that references all 8 allow lists and one block rule that references all 8 block lists.
You can add and remove items from these lists but you cannot edit or remove the default lists themselves.
Creating, editing, and removing lists
In addition to using the default lists already supplied, you can create new lists on your own.
- Click the New button on the lists page.
- Enter a list name (we’ll automatically generate the list alias you need to reference when writing rules).
- Enter a list type.
- Click the Add button on the modal to save the new list.
- Write a rule that references that list for the list to go into effect.
You can edit or remove the list by expanding your options on the right hand side of the list. You can also edit the list directly by clicking the list’s name.
Adding and removing items
The list page shows when and by whom each item was added. You can add items in a number of different ways.
- Click the Add button on the list page and add a value.
- Make a charge update request from the API with
fraud_details.user_report='fraudulent'. Doing so will add associated cards and emails to your card fingerprint and customer email block lists.
- Refund a payment as fraud. When you refund a payment as fraud, Stripe adds the payment’s card fingerprint to the default card fingerprint block list and the payment’s email to the default email block list. When you refund a payment because of suspected fraud, you should indicate this reason to help our machine learning systems recognize similar cases in the future. To do so:
- When refunding from the Dashboard, choose the Refund as fraud option
- When using the API, supply
reason='fraudulent'` with the refund request
The following are added to when refunding a payment as fraudulent:
- Card fingerprint to the default card fingerprint block list
- The fingerprint of the card used to make the payment
- If the payment is made using a Customer object, the card fingerprints of any other cards also stored on that customer
- Email addresses to the default email block list
receipt_emailof the payment
- Any email addresses found in the customer or payment
descriptionfields, and in the card’s
You can remove items from your list by clicking the trash can icon. If there is a particular item that is improperly blocking or allowing payments, you can find it most easily by using the filter to look up the value, the author or the date added.