Lists & Flagging overview
Updated on 25.06.24
3 minutes to read
Copy link
Overview
You can manage all blacklisted, whitelisted and flagged values in your account from the Lists page. In order to add new values to the blacklist or whitelist, you can either enter the fields and values manually or upload a CSV file for faster action.
Adding values to lists
- Open the Blacklist/Whitelist/Custom lists tab on the top where you want to add new values to and click Add value in the top right corner.
- Here, you can add your value(s) manually or go to batch import to upload a .csv file. When opting for the latter, you'll be taken to the Batch Import tab, but more on that later.
- Add a field type to your value(s) a select which list(s) you want to add it to.
- You can add a comment and an expiration date to the value(s).
- Use the Create more like this toggle if you want to add further values with the same parameters after adding this one.
- When you're done, click Add to list. The value(s) will appear on all lists you added it to.
Editing, moving, exporting, and deleting values
Click the pencil icon next to a value on the Blacklist/Whitelist tab to add or edit the expiration date or comment. Click the bin icon the delete the value.
Tick the box next to one or more values and go to Delete at the bottom of the screen to delete multiple values at once. From here, you can also export the selected values or move them to another list. Choose the list(s) you want to move your value(s) to in the popup window and click Move.
Blacklist
Blacklisting a value will set the score to 100 for every transaction in the future containing the given data point. Only blacklist anything if you are certain that all related transactions are suspicious.
We recommend blacklisting browser hashes, IPs for a limited time (90 days maximum recommended) as well as user IDs, emails, phone numbers and cookie hashes.
Whitelist
Whitelisting a value will set the score to 0 for every transaction in the future containing the same data field.
As with the blacklist, we suggest only whitelisting values that are more specific, such as user IDs, email addresses, card hashes, etc., as some more general data points can cause false negatives (such as an ISP or card’s bank name).
Custom Lists
With Custom Lists, you can watchlist certain transactions and interactions without creating new rules with layers of parameters. Use this tab to monitor accounts, transactions, or users and test assumptions before making any changes.
Monitor suspicious activity: When you notice a sudden spike in suspicious behavior from a certain location, you can create a watchlist that monitors IPs from that specific area.
Test assumptions: No need to comb through the logs manually when you need to check something. Filter customers and transactions using the available data fields and save your search as a Custom List.
Update rules: Once you validate your watchlist, you can easily add a new rule to SEON and assign a risk score to these transactions automatically.
How to use it
1. Open SEON and head to Lists.
2. Click the Custom Lists tab.
3. Click Create new list.
4. Name your list. You can also add a unique identifier to it.
5. Click Create list.
7. From the Custom Lists tab, you can also add new values and manage your list. Click Manage lists to open a popup window where you can rename and delete lists or copy list IDs (the IDs cannot be modified after you created them).
You’re all done! Now you can reference this list when you set up Custom Rules.
Batch Import
From the Batch Import tab, you can import a .csv file with a maximum of 10 000 values. Upload your file, then select a field type and the list(s) you want to add the values to. You can also add a comment and an expiration date to the values. When you're done, click Add values to list.
Flagging as Suspicious
If flagging is turned on, you can flag the phone number, email address, IP address and the browser hash from the Transaction Details page by clicking the “Flag as suspicious” label under the value.
Flagged values are shared across SEON clients (like a shared pool of suspicious data-points) and can be seen when the value appears in a transaction. Rules can be set up based on these values.