Lists

Stripe Radar for Fraud Teams lets you create lists of specific types of information and use them in rules. For example, you might want to create rules using a list of:

• Customer IDs for trusted customers. Use this list to automatically allow payments by these customers.
• Email addresses you tied to fraud. Automatically block any payment with an email address on this list.
• Suspicious IP addresses. Place payments into review that have a matching IP address.

Lists make rules more manageable. Instead of creating individual rules for one item at a time, you can add similar types of information to a list (for example, email addresses) for a rule to use automatically.

Default lists

Stripe Radar includes a set of default lists to help you get started. Your default allow and block rules can reference the allow and block lists in the following categories.

Cards

ACH Direct Debit

SEPA Direct Debit

Custom lists

You can create lists of your own that contain items that are a specific type of information. The types of lists you can create are:

• String
• Case-sensitive string
• Card fingerprint
• Card BIN
• Customer ID
• Email
• IP address
• Country
• SEPA Direct Debit fingerprint
• ACH Direct Debit fingerprint

Use the Dashboard or the API to create lists. To create a new list in the Dashboard:

1. Click New.
2. Enter a name for the list (we automatically generate an alias to use as a reference when writing rules, but you can override this).
3. Select the type of list to create.
4. Click Add to save your new list.

After creating your new list, add a new rule that references it.

You can edit or remove lists you’ve created by clicking the overflow menu (•••), and you can edit the list directly by clicking the name of the list.

Managing list items

You can view and remove items when viewing a list in the Dashboard. Each item includes information about when it was added and by whom. You can filter items by value, author, and date added. Each list can contain up to 50,000 items.

For card payments, you can refund and report a payment as fraudulent to trigger the following actions:

• Adds the card fingerprint to your default card fingerprint block list. If the payment is made using a Customer object, it adds the card fingerprints of any other cards also added to the list.
• Adds any email address associated with the payment to your default email block list. It takes the email address from:
  • The receipt_email of the payment
  • The email of the Customer object that the payment was created on
  • Any email addresses found in the customer or payment description fields, and in the card’s name field

When refunding a payment because of suspected fraud, make sure to specify this reason to help our AI models recognize similar cases in the future.

You can also make a charge update request using the API and set fraud_details.user_report to fraudulent. This also adds any associated cards and email addresses to your card fingerprint and email block lists.

When adding string list items in the Dashboard, you can select the length of time before they expire. After they expire, rule evaluations no longer use them.

Allowlists can allow fraudsters to operate without restrictions and bypass controls, particularly if unnecessary entries aren’t regularly removed. For this reason, entries on default fingerprint allowlists have a maximum lifespan of 30 days.

You can create custom payment method fingerprint lists with longer or indefinite expiration windows for your custom rules using Stripe Radar for Fraud Teams.