Skip to content

Radar Lists Fresh

Create and manage lists of values used in Radar rules to block, allow, or review matching payments.

What lists are for

Instead of writing many individual rules, group similar values into a list and reference the list in a single rule. Examples:

  • Email addresses tied to fraud → block list
  • Trusted customer IDs → allow list
  • Suspicious IP addresses → review list

Default lists

Stripe provides built-in allow and block lists for common data types. You can add and remove items but cannot edit or delete the default lists themselves.

Cards

List typeDescription
Card BINFirst 6 digits of card number (e.g., 424242)
Card country2-letter issuer country code (e.g., US)
Card fingerprintUnique Stripe identifier for a specific card number
Charge descriptionThe description field on the payment
Client IP country2-letter code for the IP geolocation
Client IP addressThe payment's originating IP address
Customer IDThe customer ID on the payment
EmailEmail from the Charge, Card, or Customer object (in that order)
Email domainDomain portion of the email

ACH Direct Debit

List typeDescription
ACH fingerprintUnique Stripe identifier for a bank account
Charge descriptionThe description field
Client IP country / addressGeolocation and IP data
Customer IDCustomer on the payment
Email / Email domainEmail from Charge, Bank Account, or Customer

SEPA Direct Debit

Same structure as ACH, using SEPA fingerprint instead of ACH fingerprint.

Custom lists

Create your own lists for use in custom rules. Available types:

  • String
  • Case-sensitive string
  • Card fingerprint
  • Card BIN
  • Customer ID
  • Email
  • IP address
  • Country
  • SEPA Direct Debit fingerprint
  • ACH Direct Debit fingerprint

Create a list

Dashboard → Radar → Lists → New:

  1. Name the list (an alias is auto-generated for use in rules)
  2. Select the list type
  3. Click Add

Reference in rules using @alias_name:

Block if :email: in @fraud_emails
Review if :ip_country: in @suspicious_countries
Allow if :customer: in @trusted_customers

Add items via API

bash
# Create a list
curl https://api.stripe.com/v1/radar/value_lists \
  -u "sk_test_YOUR_KEY:" \
  -d name="Fraud email list" \
  -d alias=fraud_emails \
  -d item_type=email

# Add an item to the list
curl https://api.stripe.com/v1/radar/value_list_items \
  -u "sk_test_YOUR_KEY:" \
  -d value_list=rsl_YOUR_LIST_ID \
  -d value=fraudster@example.com

List limits and expiration

  • Maximum 50,000 items per list
  • String list items in the Dashboard can have expiration dates
  • Default fingerprint allowlist items have a maximum lifespan of 30 days (to prevent fraudsters from becoming permanently whitelisted)
  • Custom payment method fingerprint lists can have longer or indefinite windows

Auto-populate from fraud reports

When you refund and report a payment as fraudulent, Stripe automatically:

  • Adds the card fingerprint to your default card fingerprint block list
  • Adds all card fingerprints attached to the associated Customer object
  • Adds the payment's receipt_email, Customer email, and any emails in description/card name fields to your email block list

Via API:

bash
curl https://api.stripe.com/v1/charges/{{CHARGE_ID}} \
  -u "sk_test_YOUR_KEY:" \
  -d "fraud_details[user_report]=fraudulent"

Best practices

  • Keep allow lists short — they override all other rules including Stripe's AI
  • Set expiration dates on allow list items for card fingerprints
  • Regularly audit lists for stale entries
  • Use email domain lists when a specific domain keeps appearing in fraud patterns
  • Combine list membership with risk level in rules to reduce false positives:
Block if :email: in @fraud_emails and :risk_level: != 'normal'

Stripe API Reference - Self-contained docs reference, refreshed 2026-05-18