LogoLogo
Explore with DeepWikiJoin Slack CommunityContact Us
  • About Hyperswitch
    • Exploration Guide
    • Overview
    • Payments Suite
    • Payments Modules
      • Cost Observability
      • Revenue Recovery
      • Vault
        • Server to Server Vault tokenization
        • Vault SDK Integration
        • Hyperswitch Vault: Pass Through Proxy Payments
      • Intelligent Routing
      • Reconciliation
        • Getting Started with Recon
      • Alternate Payment Method Widgets
        • Hyperwidget Integration Guide
    • Roadmap - Q2 2025
      • Previous Roadmap - Q1 2025
      • Previous Roadmap - Q4 2024
      • Previous Roadmap - Q3 2024
      • Previous Roadmap - Q2 2024
      • Previous roadmap - Q1 2024
      • Previous roadmap - Q4 2023
  • Use-Cases
    • For SaaS Businesses
    • For B2B SaaS Businesses
    • For E-Commerce Businesses
    • For Marketplace/Platforms
  • Explore Hyperswitch
    • Payment Orchestration
      • Accept Payments
        • Connectors
          • Activate Connector on Hyperswitch
          • Try a Payment
          • Available Connectors
            • ACI
            • Adyen
            • Airwallex
            • Authorizedotnet
            • Bambora
            • Bank of America
            • Billwerk
            • Bluesnap
            • Braintree
            • Checkout
            • Coinbase
            • Cybersource
              • Apple Pay
              • Google Pay
            • dLocal
            • Fiserv
            • GlobalPayments
            • GoCardless
            • Klarna
            • Mollie
            • MultiSafepay
            • Nuvei
            • OpenNode
            • Paypal
            • PayU
            • Prophetpay
            • Rapyd
            • Shift4
            • Stripe
            • TrustPay
            • Volt
            • Worldline
            • Worldpay
            • Zen
            • Netcetera
              • Authenticating Payments via Netcetera Through HyperSwitch SDK
        • Setup Payment Methods
          • Cards
          • Wallets
            • Apple Pay
              • Web Domain
              • iOS Application
            • Google Pay
            • PayPal
          • Pay Later
          • Banks
            • Bank Debits
            • Bank Redirects
            • Bank Transfers
            • Open Banking
          • Crypto
          • Test Credentials
        • Payment Links
          • Configurations
          • Create Payment Links
          • Secure Payment Links
          • Setup Custom Domain
        • Save a Payment Method
        • Manual Capture
        • Incremental Authorization
        • Tokenization & Card Vault
          • Network Tokenisation
        • Supported Payment Workflows
        • Co-badged Cards
        • Webhooks
      • Process Payouts
        • Getting Started with Payouts
        • Using Saved Payment Methods
        • Smart Router for Payouts
        • Smart Retries in Payout
        • Payout Links
      • Smart Routing
        • Rule Based Routing
        • Volume Based Routing
        • Default Fallback Routing
      • Smart Retries
        • 3DS Step-up Retries
      • 3DS / Strong Customer Authentication
        • Setting up 3DS Decision Manager
        • Native 3DS Authentication
        • External Authentication for 3DS
      • Fraud & Risk Management
        • Activating FRM in Hyperswitch
        • Fraud Blocklist
      • Subscriptions
        • PG Agnostic Card Forwarding
        • Zero Amount Authorization
      • Split Payments
        • Stripe Split Payments
        • Adyen Split Payments
        • Xendit Split Payments
    • Checkout Experience
      • Customizable and Native Integrations
        • Web
          • Node And React
          • Customization
          • Error Codes
          • Node and HTML
          • Vanilla JS and REST API Integration
        • Android
          • Kotlin with Node Backend
          • Customization
          • Features
        • iOS
          • Swift with Node Backend
          • Customization
          • Features
        • React Native
          • React Native with Node Backend
          • Card Widget
          • Customization
        • Flutter
          • Flutter with Node Backend
          • Customization
        • Headless SDK
        • Server Setup
      • Click To Pay
        • Visa Click to Pay: V1 to V2 Migration
      • Payment Methods Management
    • Payment Operations
      • Managing Accounts and Profiles
        • ⚙️Control Centre Account setup
        • Hyperswitch Account Structure
      • Manage Your Team
      • Analytics & operations
        • Exporting payments data
      • Disputes / Chargebacks
      • Surcharge
        • Surcharge Setup guide
      • Multi-Tenancy
      • Data migration
        • Import data to Hyperswitch
        • Export data from Hyperswitch
    • Security and Compliance
      • PCI Compliance
      • Data Security
      • GDPR compliance
      • Identity and Access Management
    • E-commerce Platform Plugins by Hyperswitch
      • 🔌WooCommerce Plugin
        • Setup
        • Roadmap
        • Compatibility
        • FAQs
      • Saleor App
        • Setup
      • Automatic Tax calculation for Express Checkout wallets
  • Hyperswitch open source
    • Overview
      • Run Hyperswitch Locally Using Docker
        • Run Additional Services
      • Development Environment Setup
        • Backend
          • Configure and Run the Application
          • Try out APIs
        • SDK (Frontend)
        • Control Center
    • Deploy on AWS
      • Deploy on AWS using CloudFormation
      • Component-wise Deployment
        • Deploy app server
        • Deploy Control Center
        • Deploy web client
          • Production ready deployment
          • Integrate web client on your web app
          • Playground deployment for prototyping (optional)
        • Deploy Card Vault
          • Production ready deployment on AWS
          • Cloud setup guide
    • Deploy on Kubernetes
      • Deploy on GCP Using Helm Charts
      • Deploy on Azure Using Helm Charts
    • Account setup
      • Using Hyperswitch Control Center
      • Test a payment
      • Using postman
    • Troubleshooting
  • Testing Payments
  • Check list for Production
    • Going live
      • For SaaS Setup
      • For On-Prem Setup
        • Monitoring
        • PCI compliance
          • Get started
          • Completing the SAQ
        • Data Security
        • Updates
  • Learn more
    • API Reference
    • Connectors Supported
    • SDK Reference
      • React
      • JS
      • Custom Events
    • Hyperswitch architecture
      • Router
      • Storage
      • A Payments Switch with virtually zero overhead
    • Payment flows
    • Blog
  • Community Guidelines
Powered by GitBook

Compliance

  • Vulnerability Disclosure
  • PCI DSS 4.0
  • ISO 27001:2022

Community

  • Slack
  • Discord
  • GitHub Discussion
On this page
  • What is Blocklist?
  • Blocking Specific Fingerprints:
  • Blocking Card Bins
  • Listing Blocklists
  • Specifying Blocklist Types:
  • Unblocking
  • How does Blocklist work at Hyperswitch?
  • For Card Bin and Extended Card Bin:
  • For Payment Instrument:
  • How to enable Blocklist Guard on Hyperswitch?
  • How to configure Blocklist on Hyperswitch using API?

Was this helpful?

  1. Explore Hyperswitch
  2. Payment Orchestration
  3. Fraud & Risk Management

Fraud Blocklist

What is Blocklist?

A blocklist in the context of payment processing refers to a security feature that allows merchants to restrict specific fingerprints associated with payment methods or block certain card bins. A fingerprint is a unique identifier linked to a particular payment method, and a card bin encompasses the first six digits of a credit card number, with an extended card bin covering the first eight digits.

Merchants can utilize the blocklist functionality to enhance security and control over their payment processing systems. This capability enables them to thwart transactions from identified problematic sources or potentially fraudulent payment methods. Here's how the blocklist feature works:

Blocking Specific Fingerprints:

Merchants can identify and block specific fingerprints associated with payment methods. This is particularly useful in preventing transactions from certain payment instruments (card in our case) that may have a history of suspicious activity.

Blocking Card Bins

The blocklist also allows merchants to block entire card bins, focusing on the first six digits of credit card numbers. Additionally, they can extend this restriction to cover the first eight digits(extended_card_bin), providing a more comprehensive control mechanism.

Listing Blocklists

To manage and monitor these security measures, merchants have the option to list their specified blocklists. They can categorize these blocklists based on the type of restriction, such as payment method, card bin, or extended card bin.

Specifying Blocklist Types:

Merchants can define the type of blocklist they want to view, allowing for a granular understanding of the restrictions in place. This categorization may include payment method blocklists, card bin blocklists, or extended card bin blocklists.

Unblocking

Should the need arise, merchants can selectively unblock specific fingerprints, or card bins from the blocklist. This flexibility ensures that legitimate transactions are not inadvertently hindered by the security measures in place.

In summary, a blocklist feature empowers merchants to proactively manage the security of their payment processing systems by blocking specific fingerprints, card bins, or extended card bins. This not only safeguards against potential fraud but also provides a customizable and flexible approach to control and monitor payment transactions effectively.

How does Blocklist work at Hyperswitch?

Currently we support blocking three types of resources i.e. card numbers (payment instrument), card bin, and extended card bin. A prerequisite to use this feature is to enable it using the /blocklist API as mentioned below.

For Card Bin and Extended Card Bin:

  • Setup a Merchant Account and any Connector account.

  • Make a payment with a certain card (ensure it succeeds).

  • Block the card's card bin or extended card bin.

  • Try the payment again (should fail this time with an API response saying that the payment was blocked)

For Payment Instrument:

  • Repeat steps 1 and 2 of previous section.

  • In the payment confirm response, there will be an additional field called "fingerprint". This

    is the fingerprint id that can be used to block a particular payment method. Use this to

    block the card.

  • Try the payment again (should fail)

How to enable Blocklist Guard on Hyperswitch?

curl --location --request POST '{{base_url}}/blocklist/toggle?status=true' \
--header 'api-key: dev_xxxxxxxxxxxxxxxx'

How to configure Blocklist on Hyperswitch using API?

  1. Create and confirm a card payment through Hyperswitch by passing raw card details

{
   "amount": 150,
   "currency": "USD",
   "confirm": true,
   "profile_id": "PROFILE-ID",
   "capture_method": "automatic",
   "customer_id": "CUSTOMER-ID",
   "amount_to_capture": 150,
   "email": "guest@example.com",
   "name": "John Doe",
   "phone": "999999999",
   "payment_method": "card",
   "payment_method_data": {
       "card": {
           "card_number": "4242424242424242",
           "card_exp_month": "03",
           "card_exp_year": "2030",
           "card_holder_name": "joseph Doe",
           "card_cvc": "737"
       }
   },
   "phone_country_code": "+65",
   "authentication_type": "no_three_ds",
   "description": "Its my first payment request",
   "return_url": "https://google.com",
   "metadata": {
   }
}
  1. Make note of the "fingerprint" field from payments/confirm response which is the unique fingerprint for a card passed to Hyperswitch:

{
   "payment_id": "pay_Gbc5vC0SF4UMGXUm3yvl",
   "merchant_id": "merchant_1705052192",
   "status": "succeeded",
   "amount": 150,
   "net_amount": 150,
   "currency": "USD",
   "amount_received": 150,
   "connector": "stripe",
   "payment_method": "card",
   "payment_method_data": {
       "card": {
           "last4": "4242",
           "card_type": null,
           "card_network": null,
           "card_issuer": null,
           "card_issuing_country": null,
           "card_isin": "424242",
           "card_extended_bin": "42424242",
           "card_exp_month": "03",
           "card_exp_year": "2030",
           "card_holder_name": "joseph Doe"
       }
   },
  
  ...
  
  
   "fingerprint": "CKz5s9W4FX03eydwgGun"
}
curl --location 'https://sandbox.hyperswitch.io/blocklist' \
--header 'Content-Type: application/json' \
--header 'api-key: YOUR_API_KEY' \
--data '{
    "type": "fingerprint",
    "data": "CKz5s9W4FX03eydwgGun"
}
curl --location 'https://sandbox.hyperswitch.io/blocklist?data_kind=payment_method' \
--header 'api-key: YOUR_API_KEY'
  1. Now create and confirm a payment using the same card details. The payment will fail with error:

   "error": {
       "type": "invalid_request",
       "message": "The payment is blocked",
       "code": "HE_03"
   }
curl --location --request DELETE 'https://sandbox.hyperswitch.io/blocklist' \
--header 'Content-Type: application/json' \
--header 'api-key: YOUR_API_KEY' \
--data '{
    "type": "fingerprint",
    "data": "FtYY2OGsTokIrLN7TE9Y"
}
  1. Block a Card BIN/ISIN (First 6 digits)

curl --location 'https://sandbox.hyperswitch.io/blocklist' \
--header 'Content-Type: application/json' \
--header 'api-key: YOUR_API_KEY' \
--data '{
    "type": "card_bin",
    "data": "424242"
}
  1. Block an ExtendedCardBin (First 8 digits)

curl --location 'https://sandbox.hyperswitch.io/blocklist' \
--header 'Content-Type: application/json' \
--header 'api-key: YOUR_API_KEY' \
--data '{
    "type": "extended_card_bin",
    "data": "42424242"
}

Last updated 1 year ago

Was this helpful?

Block a fingerprint using the :

Blocklist endpoint
Show Blocked fingerprints
Unblock a fingerprint