> For the complete documentation index, see [llms.txt](https://docs.hyperswitch.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.hyperswitch.io/integration-guide/workflows/fraud-and-risk-management/detection-and-prevention-rules.md). # Detection and Prevention Rules ### Card <> IP Blocking for Profile Condition: If a single IP address is used to make X number of unsuccessful payment attempts for a specific profile, the combination of Card <> IP will be blocked for that profile for a specified duration. Purpose: Fraudsters often use a single IP address while testing multiple stolen card details. By blocking the IP-card combination after multiple failed attempts, we prevent repeated attacks from the same source. ### Card Blocking for Guest Users for Profile Condition: If a single card is used for X number of unsuccessful payment attempts, then guest user payments for that card will be blocked for that profile for a particular duration. Purpose: Guest checkouts are frequently targeted for card testing since they do not require user authentication. By restricting guest transactions for a card that has exceeded the failure threshold, we prevent further misuse while allowing logged-in customers to continue using the card. ### Customer ID Blocking for Merchant Condition: If a single Customer ID reaches X number of unsuccessful payment attempts, that customer ID will be blocked from making any further payments for a specified duration. Purpose: In cases where fraudsters have access to customer accounts, they might repeatedly test different cards under the same user ID. Blocking the customer ID upon exceeding the failed attempt threshold prevents further fraudulent actions. ### IP-Only Blocking for Profile Condition: If a single IP address reaches X number of unsuccessful payment attempts (regardless of card number or customer ID), that IP will be blocked for that profile for a specified duration. Purpose: In guest checkout flows where customer\_id is absent, fraudsters can rotate card numbers from the same IP to bypass Card IP Blocking and Guest User Card Blocking. IP-Only Blocking catches this by tracking all failed attempts from a single IP, preventing card testing attacks even when different cards are used. Note: This check is applied to all payment attempts, not just guest checkouts. #### Configurable Parameters The following parameters can be configured to suit different merchant requirements: * Threshold of Unsuccessful Payment Attempts: The number of failed transactions allowed before triggering a block. * Blocking Duration: The period for which a card, IP, or customer ID is blocked. Rule Enablement per Merchant: Merchants can decide whether they want each rule to be enabled or disabled. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.hyperswitch.io/integration-guide/workflows/fraud-and-risk-management/detection-and-prevention-rules.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.