PaylobbyGuidesFraud management › Blacklisting and Whitelisting

Blacklisting & Whitelisting in Payment – how does it work and why does it matter?

Blacklists and whitelists are among the common mechanisms for fraud management among e-commerce companies. Customers on the blacklist are generally classified as unsafe. In contrast, the whitelist contains all customers, which are called safe.

What does blacklisting means in e-payment?

In payment, blacklisting is a fraud management method intended to protect against payment fraud. May other methods, apart from blacklists, are used to protect data in online payment. Nevertheless, it is one of the most efficient. The goal of a blacklist is to detect fraudulent and high-risk customers to minimize payment loss or chargebacks.

How does blacklisting works?

Blacklisting is performed primarily by fraud screening software. These monitor customer data through a variety of filters, such as region, IP address, credit card number and e-mail address. Customers are automatically placed on the blacklist, intervening before the transaction is completed. In order to protect honest customers, the system compares the aforementioned criteria with the data of a Blacklist customer. If the comparison is positive, the transaction is rejected and other programs send the fraudulent details to the relevant cyber security authorities.

Internal blacklist

A blacklist can be administered internally by a company, for example, by a payment provider. This has the advantage of listing precisely the customers who have negatively affected the company and therefore offers a good overview.

External blacklist

Credit card companies such as Visa and MasterCard also use blacklists to identify buyers who have violated the rules of the company. The Member Alert to Control High-Risk (MATCH) also lists customers who were caught doing fraud or money laundering. Additionally, customers who provoked a noticeably high number of chargebacks or who were insolvent will be registered. Who is on the list is not determined by the credit card companies, but by the respective acquiring banks.

How is the blacklist created?

A series of information about the source of the order and the order itself are needed for a sophisticated fraud prevention, at the end of which the blacklist is available. The customer’s IP address, device fingerprinting and velocity check (transaction control per end customer on their account data or credit card number) are criteria on which different order patterns can be analyzed. The most important is to know the following: Where was the order triggered. Does the data make sense in connection with the purchase? Does a source contain multiple identities or payment information? What was ordered and which delivery address is given? Were there extremely many orders placed in a short time? Since more than 85% of the stolen identity data is used in the first 24 hours, it is advisable to use a real-time analysis.
In the shortest possible time, appropriate decisions must be taken to counter fraud. In addition, customer histories and experience from internal data collections can be used values for analysis.

How should companies use blacklists?

If a Blacklist mechanism exists, traders can individually control it and draw various conclusions from it. For example, customers who are often negatively noticed or have still open invoices are only supplied against prepayment.
Merchants can adapt these flexible rules. If, for example, it is a matter of introducing or promoting a product, it can make sense not to see the blacklist too strictly, in order not to lose potential buyers incorrectly and thus not to dampen the market penetration rate of the product.

Request a free quote?


  • I accept the terms and condition and privacy policy