minFraud Release Notes

February 22, 2021

The client APIs for minFraud Score, Insights, and Factors now normalize emails prior to hashing them for improved risk scoring. Email normalization ensures that minor, inconsequential differences in the email input (i.e., jadoeisonline@yahoo.com and jadoeisonline-12345@yahoo.com) do not result in minFraud treating these as different email addresses.

Our client APIs for minFraud Score, Insights, and Factors have been updated to support email normalization so you may need to refresh yours in order to get automatic email normalization. If you interface directly with our REST API or use minFraud Legacy, we recommend that you normalize email addresses prior to hashing. Please see our developer’s site for guidance on how to normalize emails.

February 3, 2021
The ip_address/risk_reasons output is now available. minFraud Insights and minFraud Factors customers can now see reason codes associated with the IP risk score for high risk IP addresses. When the IP risk score is high, the field may be populated with one or more of the following reason codes:
  • ANONYMOUS_IP – The IP address belongs to an anonymous network. See /ip_address/traits for more information.
  • HIGH_RISK_DEVICE – A high risk device was seen on this IP address in your past transactions.
  • HIGH_RISK_EMAIL – A high risk email address was seen on this IP address in your past transactions.
  • BILLING_POSTAL_VELOCITY – Many different billing postal codes have been seen on this IP address in your past transactions.
  • EMAIL_VELOCITY – Many different email addresses have been seen on this IP address in your past transactions.
  • ISSUER_ID_NUMBER_VELOCITY – Many different issuer ID numbers have been seen on this IP address in your past transactions.
  • MINFRAUD_NETWORK_ACTIVITY – Suspicious activity has been seen on this IP address across minFraud customers.
If the IP risk score is low, the risk_reasons field will be blank. Our client APIs have been updated to support this output so you may need to refresh yours in order to see the new output if you are not interfacing directly with our REST API.
January 22, 2021

On Monday, January 25 we will be updating MaxMind products and services with ISP data to consolidate naming conventions for Vodafone Germany. We will now return either Vodafone Germany Cable, Vodafone Germany DSL, Vodafone Germany Business, or Vodafone Germany. Previous values were Vodafone GmbH, Vodafone Germany, and Vodafone DSL. We are updating these values to more accurately reflect the type of connection that the IP address is associated with.

The following GeoIP databases and services are affected by this change:

  • GeoIP2 ISP database
  • GeoIP2 Enterprise database
  • GeoIP Legacy ISP and Organization databases
  • GeoIP2 Precision and Legacy City Service
  • GeoIP2 Precision and Legacy Insights Service
  • minFraud Insights
  • minFraud Factors
December 30, 2020

Effective January 5, 2021, the is_in_european_union flag will no longer be marked true for locations in the United Kingdom. This change will be reflected in the data in GeoLite2 databases and web services, GeoIP2 databases, GeoIP2 Precision web services, and minFraud Insights and Factors services.

October 20, 2020

We have released an additional output for our web services. GeoIP2 Precision Insights, minFraud Insights, and minFraud Factors customers can now see whether an IP address is likely a residential proxy:

  • /traits/is_residential_proxy – This is true if the IP address is on a suspected anonymizing network and belongs to a residential ISP. Otherwise, the key is not included in the traits object.

Our client APIs have been updated to support these outputs so may need to refresh yours if you are not interfacing directly with our REST API.

October 12, 2020

Effective October 12, 2020 we are making the IP address input optional for all minFraud Score, Insights, and Factors queries. If you use these minFraud services for transactions where the IP address is not relevant (e.g. a phone order placed through a call center), you no longer need to include an IP address with your request. Note that the more data you send (including IP addresses, when applicable), the better the scoring the minFraud service will provide. See the relevant FAQ on our Support Center for more information.

October 6, 2020

Effective October 12, 2020 we are making the IP address input optional for all minFraud Score, Insights, and Factors queries. If you use these minFraud services for transactions where the IP address is not relevant (e.g. a phone order placed through a call center), you no longer need to include an IP address with your request. Note that the more data you send (including IP addresses, when applicable), the better the scoring the minFraud service will provide. See the relevant FAQ on our Support Center for more information.

September 14, 2020

We have released an additional input parameter for use with custom rules. Customers of minFraud Score, minFraud Insights, and minFraud Factors can now use email address to serve as the basis when creating a custom rule:

  • Email address: /email/address – a valid email address or an MD5 of the lowercased email used in the transaction.

For more information on implementing custom rules, see the Custom Rules Guide on our Support Center.

September 10, 2020

We have added a new permission category for the Standard User type. The Product/Service permission grants a Standard User access to product and service related functionality in the account portal without having access to user management and billing functionality. For more information, consult our Multi-User Account Access Guide.

August 10, 2020
Effective August 17, 2020, we will no longer serve minFraud service queries from our London-area servers. These queries will automatically be re-routed to our US-East servers. You do not need to take any action as a result of this change. Customers who have previously had queries routed to these servers may see an increase of 100 – 150 ms in the response time for your queries.
August 6, 2020
We have released three additional subscore outputs. Customers of minFraud Factors can now access the following subscores:
  • /subscores/device – Risk associated with the device.
  • /subscores/email_local_part – Risk associated with the part of the email before the @ symbol.
  • /subscores/shipping_address – Risk associated with the shipping address.
Our client APIs have been updated to support these outputs so may need to refresh yours if you are not interfacing directly with our rest API.
June 24, 2020

The minFraud Score, Insights, and Factors client APIs now support sending transaction feedback to our Report Transaction endpoint. This will allow you to more easily report fraud, suspected fraud, spam/abuse, and false positives to improve scoring. You can find more details on using this functionality in the documentation for the specific client API you use.

June 22, 2020

We’ve updated our Two-Factor Authentication (2FA) implementation to the FIDO2 standard, which supports more web browsers and more types of security keys (e.g. supported biometrics keys). See our Two-Factor Authentication (2FA) User Guide for more information.

June 15, 2020

We are planning to make a number of data changes to the minFraud Legacy Standard and Premium, and GeoIP Legacy City and Insights (formerly Omni) web services at the end of May 2022. Please see our blog post for more information, and how to prepare.

Data Changes to GeoIP Legacy and minFraud Legacy Web Services in May 2022
May 14, 2020

Customers of minFraud Insights and minFraud Factors can now use the following Anonymous IP outputs as parameters to serve as the basis when creating a custom rule:

  • /ip_address/traits/is_anonymous
  • /ip_address/traits/is_anonymous_vpn
  • /ip_address/traits/is_hosting_provider
  • /ip_address/traits/is_public_proxy
  • /ip_address/traits/is_tor_exit_node