minFraud Release Notes
Several Spectrum Business networks reclassified
December 3, 2024In data released today, Tuesday, December 3, 2024, we are updating a large
number of Spectrum Business networks to be classified as Spectrum residential
networks. For these networks, the ISP name will change from Spectrum Business
to Spectrum
. This change has been reviewed, and is accurate.
This change will be reflected in the following products and services:
- minFraud Factors web service
- minFraud Insights web service
- GeoIP Enterprise database
- GeoIP ISP database
- GeoIP Insights web service
- GeoIP City Plus web service
Updates to Risk Score Reasons (beta)
November 12, 2024On November 13, 2024, we will release a number of updates to risk score reasons:
- All reasons will be updated to say
[reason] raised the overall risk score
or[reason] lowered the overall risk score
to more clearly indicate the effect of a reason. - The
EMAIL_ADDRESS_NEW
reason code will be removed and replaced with three distinct and more specific codes and reasons:EMAIL_FIRST_SEEN
EMAIL_TENURE
EMAIL_TENURE_NO_ACTIVITY
- The
CUSTOMER_ID
reason code will be renamed toCUSTOMER_ID_ACTIVITY
to better fit its reason description.
Please email product@maxmind.com if you have any questions.
Deprecation of risk factor scores/subscores
October 22, 2024On Monday, November 4, 2024, we will be deprecating the risk factor scores/ subscores data in the minFraud Factors service. Risk factor scores/subscores will be removed from the API response in March, 2025.
Risk factor scores have been replaced by risk score reasons, to help you more deeply understand your risk patterns and make more informed decisions. Please review the risk score reasons for specific and understandable insights into why a risk score is high or low. Learn more about risk score reasons on our Knowledge Base.
Submit a support ticket request if you have questions or concerns.
Upcoming improvements to user count data
October 9, 2024On Tuesday, October 22, 2024, we will release an improvement to our user count data to better detect IPs with multiple end users.
Many IP addresses with multiple end users that previously had a user count value of 0 or 1 will now have a value of 2.
If you have applications of the data that rely on user count values with a threshold of 0, 1, or 2, you may want to increase the thresholds by 1. For example, if you currently consider user count values of greater than 1 to be high volume, you may wish to consider user count values of greater than 2 to be high volume when this update goes live.
The following services will be impacted:
- minFraud Insights web service
- minFraud Factors web service
Learn more about user count data on our Knowledge Base.
Submit a support ticket request if you have questions or concerns.
Increase in slightly elevated IP risk and proxy scores and remediation
September 12, 2024On September 10, 2024 we pushed a model update to IP risk scoring that increased a large volume of IP risk scores (also referred to as proxy score for legacy services) at the lower end of the scale (between 0.01 and 1).
While these IP risk scores remained low (less than 1), this shifted the score distribution and may have impacted your systems depending on your score thresholds.
On September 12, 2024, we implemented an update that will decrease most of these low IP risk scores again. To remediate this sort of issue in the future, we will be increasing the sensitivity of our monitoring for scores on the lower end of the distribution before releasing model updates.
Introducing Risk Score Reasons beta for minfraud Factors customers
August 27, 2024Today, we have released a new beta feature that will help minfraud Factors customers more deeply understand risk patterns and make more informed decisions.
Risk score reasons are a set of data that provide users with specific and understandable reasons for why a risk score is high or low. This data is exclusive to the minFraud Factors service.
Watch this 2-minute video to learn more.
For full details, including how to access and test this feature, check out the Risk Score Reasons knowledge base article.
To provide feedback on Risk Score Reasons, please email customersuccess@maxmind.com to schedule a feedback session.
MaxMind minFraud alert emails now include instant feedback links
August 15, 2024MaxMind minFraud alert emails now include links that allow you to provide instant feedback on each request. Providing transaction feedback helps improve the risk scoring for your account.
You can mark a request as risky and we will raise the risk for similar requests.
Or, you can mark a request as not risky and we will lower the risk for similar requests.
Here is an example of the links in the minFraud alerts email body.
Please continue to report chargebacks and fraud on your account portal or via API.
Additional filtering options now available for minFraud transactions
August 8, 2024The transactions screen in your MaxMind account portal now has expanded filtering options, giving you added ability to discover trends in your transactions and adjust risk strategies.
You can now filter transactions by:
- Risk score range: the likelihood that a transaction is fraudulent, scored between a minimum of 0.01 and a maximum of 99
- IP risk score range: the riskiness of an IP address, scored between a minimum of 0.01 and a maximum of 99
- ISP: the internet service provider of the end-user who initiated the transaction
- IP Country: the country for the IP address associated with the transaction
New phone outputs released for minFraud® Insights and minFraud Factors
July 9, 2024We have released additional outputs for our minFraud Insights and minFraud Factors web services. Insights and Factors customers that pass phone numbers can now make use of the following additional outputs:
/shipping_phone/country
– A two-character ISO 3166-1 country code for the country associated with the shipping phone number./shipping_phone/is_voip
– This is true if the shipping phone number is a Voice over Internet Protocol (VoIP) number allocated by a regulator. It is false if the shipping phone number is not a VoIP number allocated by a regulator. The key is only present when a valid shipping phone number has been provided and we have data for it./shipping_phone/network_operator
– The name of the original network operator associated with the shipping phone number. This field does not reflect phone numbers that have been ported from the original operator to another, nor does it identify mobile virtual network operators./shipping_phone/number_type
– Indicates whether the phone number is mobile or fixed./billing_phone/country
– A two-character ISO 3166-1 country code for the country associated with the billing phone number./billing_phone/is_voip
– This is true if the billing phone number is a Voice over Internet Protocol (VoIP) number allocated by a regulator. It is false if the billing phone number is not a VoIP number allocated by a regulator. The key is only present when a valid billing phone number has been provided and we have data for it./billing_phone/network_operator
– The name of the original network operator associated with the billing phone number. This field does not reflect phone numbers that have been ported from the original operator to another, nor does it identify mobile virtual network operators./billing_phone/number_type
– Indicates whether the phone number is mobile or fixed.
These values are particularly helpful to identify mismatches between data points, such as a mismatch between the billing country as indicated by the IP address and the country as indicated by the billing phone number. Another strong signal for fraud is a phone carrier that does not operate in the country indicated by the IP address.
Our client APIs have been updated to support these outputs so may need to refresh yours if you are not interfacing directly with our REST API.
Email first seen can be used as a parameter for custom rules
April 8, 2024minFraud Insights and Factors customers can now use the
/email/first_seen
output
in minFraud custom rules.
The minFraud service retains a record of when an email address or email domain was first seen on the minFraud Network. An email address that has been conducting transactions for a long time across the minFraud Network may be more trustworthy than a new email address created within the last 30 days.
You can select the email first seen output as a parameter in custom rules by selecting minFraud outputs > Email first seen when defining a new condition for a custom rule.
Upcoming changes to our TLS certificates may impact customers with unusual server configuration
April 8, 2024Starting in May, Let’s Encrypt will no longer use a cross-signed root
certificate, and the primary TLS certificate handling the *.maxmind.com
domains will be impacted by this change.
Most customers will see no impact from this change.
This change should only be of concern if the servers interacting with MaxMind domains are running a very old or out of date operating system, or if you manage your own local Certificate Authority store.
API policies are now permanently enforced
March 13, 2024To improve our server infrastructure and allow for better performance and efficiency, our API policies are now being permanently enforced as of March 13, 2024.
What are the policies?
- MaxMind only accepts API and database download requests sent with the more secure HTTPS protocol.
- MaxMind only accepts API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).
What do I need to do? Ensure that you are using the correct hostname for your API requests, and that you are using HTTPS. Failure to do so will result in web service or database download requests failing.
You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:
- minFraud Score, Insights, and Factors web services
- minFraud Device Tracking
- minFraud Transaction Reporting
- Legacy minFraud web services
- Legacy Proxy Detection web service
Please note: This enforcement will also affect GeoIP web service and database download requests. If you are also a GeoIP user, see our GeoIP release note on this issue.
API policies - temporary enforcement on February 7, 2024
January 25, 2024To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin enforcing our policies around our API and database download requests on March 13, 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of these policies on February 7, 2024.
What are the policies?
- MaxMind will only accept API and database download requests sent with the more secure HTTPS protocol.
- MaxMind will only accept API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).
What do I need to do? To ensure that your MaxMind service is not interrupted, please ensure ensure that you are using the correct hostname for your API requests, and that you are using HTTPS, prior to February 7, 2024.
If you have not made the requested changes before Wednesday, February 7, 2024, you might experience a period where web service or database download requests fail.
You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:
- minFraud Score, Insights, and Factors web services
- minFraud Device Tracking
- minFraud Transaction Reporting
- Legacy minFraud web services
- Legacy Proxy Detection web service
Please note: This enforcement also affects GeoIP API requests. If you are also a GeoIP user, see our GeoIP release note on this issue.
minFraud no longer accepts event times more than one year in the past
January 22, 2024Starting tomorrow, January 23, 2024, minFraud will no longer accept
/event/time
inputs with values more than one year in the past. Most customers
do not need to send the /event/time
input and will not be impacted by this
change.
Learn more about this input and how to use it to score historical transactions on our Knowledge Base.
If you send the /event/time
inputs with values more than one year in the past,
minFraud will:
- replace the event time with the current time
- score the transaction and return a score
- return an
INPUT_INVALID
warning with its response