Purpose

Each tenant can manage two IBAN lists in the Sharing module: whitelist and blacklist.

When a new fraud event is created, Qombo checks the IBAN against these lists first:

• if the IBAN is in the blacklist, Qombo auto-qualifies it as fraudulent.
• if the IBAN is in the whitelist, Qombo auto-qualifies it with the configured rejected holder qualification

If no list entry matches, Qombo then falls back to history-based auto-qualification.

This feature is designed for PSPs managing a significant volume of internally identified fraudulent IBANs. In such cases, automating the creation of entries via Qombo’s API is strongly recommended.

When to use the Whitelist?

The whitelist allows you to mark IBANs as trusted, before they may appear in alerts. It is particularly useful to reduce false positives and avoid unnecessary investigations on known entities.

Typical use cases: Merchant accounts with legitimate dispute activity

Some merchants (e.g. e-commerce platforms, marketplaces, ticketing services) may generate:

• A high volume of incoming transfers
• Customer complaints or chargebacks
• Occasional fraud reports from other PSPs

Example:

A large online marketplace receives multiple payments daily and may be reported due to commercial disputes (e.g. undelivered goods). These cases are not necessarily fraud → Whitelisting helps prevent unnecessary blocking or escalation.

How to share an internal fraudulent IBAN?

Qombo provides two approaches to declare a fraudulent IBAN associated with your organisation’s BIC:

1. Create an alert

This follows the standard reporting process (similar to external fraud cases). The IBAN is immediately shared with all Banque de France (FNC-RF) participants.