minFraud Release Notes

March 17, 2017

The minFraud Transaction History page was replaced by the minFraud Transactions Screen in support of showing dispositions. In addition, it is now possible to set dispositions from the transaction details screen.

December 5, 2016
Effective December 5th, 2016, minFraud’s is_postal_in_city, cityPostalMatch, and shipCityPostalMatch outputs are available for non-US locations.
December 1, 2016
The responses for minFraud Score, Insights, and Factors may now include a disposition object. This object contains information about custom rules that were applied to the request.
November 17, 2016
We have added a new /credit_card/token input to the minFraud Score, minFraud Insights, and minFraud Factors request bodies. The token must uniquely identify the credit card and must be different from the account number.
October 10, 2016
We have added two new event types to the /event/type field for all minFraud requests, email_change and password_reset.
September 6, 2016

Effective September 6th, 2016, we will be returning more proxyScores between 0 and 1.8 and 1.8 and 3. Such scores typically represent “medium” risk transactions which have some risk of fraud but may be legitimate. The higher the proxyScore, the riskier the transaction.

The proxyScore is a score from 0.00-4.00 indicating the likelihood that the user’s IP address is high risk.

This change has also been implemented for the IP Risk Score provided with minFraud Score, minFraud Insights, and minFraud Factors. The IP Risk Score is a score from 0.01 to 99 indicating the likelihood that the user’s IP address is high risk. We will return more positive IP Risk Scores between 0 and 45 and 45 and 75. Such scores typically represent “medium” risk transactions which have some risk of fraud but may be legitimate. The higher the IP Risk Score, the riskier the transaction.

June 9, 2016
/device/confidence and /device/last_seen have been added to the minFraud Insights and minFraud Factors response. These fields are only available for customers using our Device Tracking Add-on. Please see our API documentation for more information.
June 6, 2016
credits_remaining is deprecated in the minFraud Score, minFraud Insights, and minFraud Factors response. It will be removed before the final release. It has been replaced with queries_remaining, which also returns the number of queries available. An additional field, funds_remaining, containing the US dollar value of the funds remaining will be added before the final release.
February 18, 2016

All minFraud services now include an updated machine learning algorithm that takes order amount into consideration when calculating the risk score.

Merchants may want to update their rules if the rule is a combination of risk score and order amount. For example, if a custom rule rejects transactions with a high order amount and a risk score above 10, the merchant may want to adjust the risk score to a higher number, as the high order amount itself may cause the risk score to increase.

In general, orders $500 or above may have a higher risk score than before.

January 29, 2016

The following outputs have been added to minFraud Insights:

  • /credit_card/brand – The card brand, such as “Visa”, “Discover”, “American Express”, etc.
  • /credit_card/type – A string representing the card’s type. The possible values are charge, credit, or debit.
  • /device/id – A UUID that MaxMind uses for the device associated with this IP address. This is only available if you are using the Device Tracking Add-on.
  • /email/is_free – This field is true if MaxMind believes that this email is hosted by a free email provider such as Gmail or Yahoo! Mail.
  • /email/is_high_risk – This field is true if MaxMind believes that this email is likely to be used for fraud.

Also, for both minFraud Score and minFraud Insights, the input property in the warning objects has been removed and replaced with an input_pointer property. This new property is a JSON pointer to the value in the input object causing the warning.

All of our client APIs have been updated to reflect these changes.

For more information on these outputs, please see our minFraud Score and minFraud Insights API documentation.

November 30, 2015
We are pleased to announce expanded coverage of prepaid cards in minFraud. We should return prepaid=Yes in minFraud premium and is_prepaid=true in minFraud Insights for a larger range of prepaid cards.
June 29, 2015

We’ve released the beta versions of two new minFraud services, minFraud Score and minFraud Inisghts.

To use either service, you must upgrade to version 2.0 of the client API. Please refer to the minFraud Score and minFraud Insights API documentation for more details.

Changes in version 2.0 of the minFraud APIs include:

  • Request data validation
  • Model classes for return data
  • .NET client API now available
  • Python client API now available

minFraud version 2.0 provides the following new inputs:

In association with billing address:

  • First name
  • Last name
  • Company
  • Address line 1
  • Address line 2
  • Phone number
  • Phone country code

In association with shipping address:

  • First name
  • Last name
  • Company
  • Address line 2
  • Phone number
  • Phone country code
  • Delivery speed

User data:

  • Customer ID
  • Hashed or unhashed email address

Credit card information:

  • Last four digits
  • Authorization outcome
  • Decline reason
  • Processor name

Transaction information:

  • Transaction type
  • Timestamp
  • Discount code
  • Affiliate ID
  • Subaffiliate ID
  • Referrer URI

Shopping cart:

  • Item category
  • Item ID or URL
  • Item quantity
  • Item price

minFraud Insights provides the following new outputs (note that minFraud Score returns the riskScore only):

All geolocation outputs provided by the GeoIP2 Precision Insights service.

Billing and shipping related outputs:

  • Billing is in IP country
  • Shipping is in IP country
  • Distance between IP and shipping address
  • Billing address longitude
  • Billing address latitude
  • Shipping address longitude
  • Shipping address latitude
  • Billing address to shipping address distance

Local date/time of user using IP

ProxyScore is now IP risk score. (/ip_address/risk). Whereas the ProxyScore was expressed on a scale of 0.00-4.00, the IP risk score uses a scale of 0.01 to 99.

The following fields are deprecated in version 2.0:

  • Anonymous Proxy (anonymousProxy)
  • Corporate Proxy (ip_corporateProxy)
  • Free Email (freeMail)
  • High Risk Email (carderEmail)
  • High risk username and high risk password (highRiskUsername, highRiskPassword)
  • Phone number check against billing postal code (custPhoneInBillingLoc)

Country Match (countryMatch) has been replaced by billing country is in IP country and shipping country is in IP country

March 27, 2015

On April 28th, 2015, we will deactivate the /app/ws_ipaddr endpoint. This endpoint returns a list of IP addresses for use when making minFraud or GeoIP web service requests to MaxMind servers.

If you use this endpoint, you need to take action in order to continue accessing MaxMind services. Please switch and make requests using the minfraud.maxmind.com hostname for minFraud webservice requests and geoip.maxmind.com for GeoIP webservice requests.

If you use a minFraud client API we provided, please update to the latest API, available on http://dev.maxmind.com/minfraud/. Our newest API versions use hostnames instead of /app/ws_ipaddr.

If you use a third-party plugin that makes requests to MaxMind web services, you may need to update it.

August 4, 2014

On August 11, 2014, we will discontinue serving requests to port 8005. Users of WSDL version 2 and 4 must take action to ensure continuation of service. We ask that you upgrade your WSDL:

  • To access the latest inputs and outputs, we recommend you upgrade to our latest WDSL and upgrade to minfraud version 1.3. Note that the old score and explanation outputs are no longer supported in the latest WDSL.
  • If your system requires score and explanation for backwards compatibility, you may upgrade to WSDL version 5.

In addition, on August 5, we will disable the web services on port 8005 for one hour starting at 1pm UTC.

Please email us at support@maxmind.com if you have any questions.

September 17, 2013

We’re excited to roll out IPv6 access for our web endpoints over the next few months. The rollout will be gradual to ensure a minimum of disruption for clients. We will be adding AAAA records for hostnames on the dates specified below. Most clients aren’t yet using IPv6 and should notice no issues. Clients with properly configured IPv6 should also notice no issues. If you have any questions or issues, please email us at support@maxmind.com.

The AAAA address for US West servers will be 2607:f0d0:3:7::4.
The AAAA address for US East servers will be 2607:f0d0:3:8::4.

2013-09-23 device.maxmind.com
2013-09-23 download.maxmind.com
2013-09-23 www.maxmind.com
2013-09-30 geolite.maxmind.com
2013-10-14 sitecore1.maxmind.com
2013-11-11 geoip-us-east.maxmind.com
2013-11-11 maxmind.com
2013-11-18 geoip.maxmind.com
2013-11-18 geoip-us-west.maxmind.com
2013-11-25 minfraud-us-east.maxmind.com
2013-12-02 minfraud-us-west.maxmind.com
2013-12-09 api.maxmind.com
2013-12-09 api-us-east.maxmind.com
2013-12-09 api-us-west.maxmind.com
2013-12-09 minfraud.maxmind.com
2013-12-09 update.maxmind.com
2013-12-09 updates.maxmind.com