- December 5, 2016
Effective December 5th, 2016, minFraud’s
shipCityPostalMatchoutputs are available for non-US locations.
- December 1, 2016
The responses for minFraud Score, Insights, and Factors may now include a
dispositionobject. This object contains information about custom rules that were applied to the request.
- November 17, 2016
We have added a new
/credit_card/tokeninput to the minFraud Score, minFraud Insights, and minFraud Factors request bodies. The token must uniquely identify the credit card and must be different from the account number.
- October 10, 2016
We have added two new event types to the
/event/typefield for all minFraud requests,
- September 6, 2016
Effective September 6th, 2016, we will be returning more proxyScores between 0 and 1.8 and 1.8 and 3. Such scores typically represent “medium” risk transactions which have some risk of fraud but may be legitimate. The higher the proxyScore, the riskier the transaction.
The proxyScore is a score from 0.00-4.00 indicating the likelihood that the user’s IP address is high risk.
This change has also been implemented for the IP Risk Score provided with minFraud Score, minFraud Insights, and minFraud Factors. The IP Risk Score is a score from 0.01 to 99 indicating the likelihood that the user’s IP address is high risk. We will return more positive IP Risk Scores between 0 and 45 and 45 and 75. Such scores typically represent “medium” risk transactions which have some risk of fraud but may be legitimate. The higher the IP Risk Score, the riskier the transaction.
- June 9, 2016
/device/last_seenhave been added to the minFraud Insights and minFraud Factors response. These fields are only available for customers using our Device Tracking Add-on. Please see our API documentation for more information.
- June 6, 2016
credits_remainingis deprecated in the minFraud Score, minFraud Insights, and minFraud Factors response. It will be removed before the final release. It has been replaced with
queries_remaining, which also returns the number of queries available. An additional field,
funds_remaining, containing the US dollar value of the funds remaining will be added before the final release.
- February 18, 2016
All minFraud services now include an updated machine learning algorithm that takes order amount into consideration when calculating the risk score.
Merchants may want to update their rules if the rule is a combination of risk score and order amount. For example, if a custom rule rejects transactions with a high order amount and a risk score above 10, the merchant may want to adjust the risk score to a higher number, as the high order amount itself may cause the risk score to increase.
In general, orders $500 or above may have a higher risk score than before.
- January 29, 2016
The following outputs have been added to minFraud Insights:
/credit_card/brand– The card brand, such as “Visa”, “Discover”, “American Express”, etc.
/credit_card/type– A string representing the card’s type. The possible values are
/device/id– A UUID that MaxMind uses for the device associated with this IP address. This is only available if you are using the Device Tracking Add-on.
/email/is_free– This field is
trueif MaxMind believes that this email is hosted by a free email provider such as Gmail or Yahoo! Mail.
/email/is_high_risk– This field is
trueif MaxMind believes that this email is likely to be used for fraud.
Also, for both minFraud Score and minFraud Insights, the
inputproperty in the warning objects has been removed and replaced with an
input_pointerproperty. This new property is a JSON pointer to the value in the input object causing the warning.
All of our client APIs have been updated to reflect these changes.
For more information on these outputs, please see our minFraud Score and minFraud Insights API documentation.
- November 30, 2015
- We are pleased to announce expanded coverage of prepaid cards in minFraud. We should return prepaid=Yes in minFraud premium and is_prepaid=true in minFraud Insights for a larger range of prepaid cards.
- June 29, 2015
We’ve released the beta versions of two new minFraud services, minFraud Score and minFraud Inisghts.
To use either service, you must upgrade to version 2.0 of the client API. Please refer to the minFraud Score and minFraud Insights API documentation for more details.
Changes in version 2.0 of the minFraud APIs include:
- RESTful HTTP API
- Request data validation
- Model classes for return data
- .NET client API now available
- Python client API now available
minFraud version 2.0 provides the following new inputs:
In association with billing address:
- First name
- Last name
- Address line 1
- Address line 2
- Phone number
- Phone country code
In association with shipping address:
- First name
- Last name
- Address line 2
- Phone number
- Phone country code
- Delivery speed
- Customer ID
- Hashed or unhashed email address
Credit card information:
- Last four digits
- Authorization outcome
- Decline reason
- Processor name
- Transaction type
- Discount code
- Affiliate ID
- Subaffiliate ID
- Referrer URI
- Item category
- Item ID or URL
- Item quantity
- Item price
minFraud Insights provides the following new outputs (note that minFraud Score returns the riskScore only):
All geolocation outputs provided by the GeoIP2 Precision Insights service.
Billing and shipping related outputs:
- Billing is in IP country
- Shipping is in IP country
- Distance between IP and shipping address
- Billing address longitude
- Billing address latitude
- Shipping address longitude
- Shipping address latitude
- Billing address to shipping address distance
Local date/time of user using IP
ProxyScore is now IP risk score. (/ip_address/risk). Whereas the ProxyScore was expressed on a scale of 0.00-4.00, the IP risk score uses a scale of 0.01 to 99.
The following fields are deprecated in version 2.0:
- Anonymous Proxy (anonymousProxy)
- Corporate Proxy (ip_corporateProxy)
- Free Email (freeMail)
- High Risk Email (carderEmail)
- High risk username and high risk password (highRiskUsername, highRiskPassword)
- Phone number check against billing postal code (custPhoneInBillingLoc)
Country Match (countryMatch) has been replaced by billing country is in IP country and shipping country is in IP country
- March 27, 2015
On April 28th, 2015, we will deactivate the
/app/ws_ipaddrendpoint. This endpoint returns a list of IP addresses for use when making minFraud or GeoIP web service requests to MaxMind servers.
If you use this endpoint, you need to take action in order to continue accessing MaxMind services. Please switch and make requests using the minfraud.maxmind.com hostname for minFraud webservice requests and geoip.maxmind.com for GeoIP webservice requests.
If you use a minFraud client API we provided, please update to the latest API, available on http://dev.maxmind.com/minfraud/. Our newest API versions use hostnames instead of /app/ws_ipaddr.
If you use a third-party plugin that makes requests to MaxMind web services, you may need to update it.
- August 4, 2014
On August 11, 2014, we will discontinue serving requests to port 8005. Users of WSDL version 2 and 4 must take action to ensure continuation of service. We ask that you upgrade your WSDL:
- To access the latest inputs and outputs, we recommend you upgrade to our latest WDSL and upgrade to minfraud version 1.3. Note that the old score and explanation outputs are no longer supported in the latest WDSL.
- If your system requires score and explanation for backwards compatibility, you may upgrade to WSDL version 5.
In addition, on August 5, we will disable the web services on port 8005 for one hour starting at 1pm UTC.
Please email us at firstname.lastname@example.org if you have any questions.
- September 17, 2013
We’re excited to roll out IPv6 access for our web endpoints over the next few months. The rollout will be gradual to ensure a minimum of disruption for clients. We will be adding AAAA records for hostnames on the dates specified below. Most clients aren’t yet using IPv6 and should notice no issues. Clients with properly configured IPv6 should also notice no issues. If you have any questions or issues, please email us at email@example.com.
The AAAA address for US West servers will be 2607:f0d0:3:7::4.
The AAAA address for US East servers will be 2607:f0d0:3:8::4.
- July 3, 2013
In the coming weeks, we will be changing the IP addresses of our web service servers. If you hardcode any of our IPs in your application or your firewall, then please read the information below. If you don’t hardcode our IPs, then you can stop reading now, as this change should have no effect on you.
Currently, we use the following IPs for a variety of hostnames:
US East: 22.214.171.124
US West: 126.96.36.199
On Tuesday, July 16th, 2013, DNS for our US West servers will change from 188.8.131.52 to 184.108.40.206.
On Tuesday, July 30th, 2013, DNS for our US East servers will change from 220.127.116.11 to 18.104.22.168.
This will affect all of the hostnames listed below.
If you hardcode our IPs, we encourage you to add the new IPs to your firewall or application before the switchover date. If you don’t, you may experience an interruption in service. The new IPs are live now, and though we won’t change DNS until the dates specified above, you may begin directing traffic to them now if you wish.
If you have any questions please don’t hesitate to email us at firstname.lastname@example.org.
List of affected hostnames: