minFraud Release Notes

August 21, 2019

We have made improvements in how we detect business IPs for the user type field provided as part of the GeoIP2 Precision Insights web service and minFraud services. Approximately 1% of residential IPs were recently corrected to the appropriate business user type as a result of these improvements.

August 20, 2019

8-hour interruption of old TLS and unencrypted minFraud requests on August 28, 2019

There will be a planned service interruption for all requests to MaxMind services that use TLS versions 1.0 and 1.1, and for unencrypted HTTP requests to MaxMind legacy minFraud services (e.g. minFraud Standard, minFraud Premium, Proxy Detection web service, IIN service). This will take place for up to 8 hours from 14:00-22:00 UTC on August 28, 2019.

During the interruption, requests using TLS v1.0 and v1.1 and unencrypted HTTP requests to legacy minFraud endpoints will fail with an error.

To avoid service interruption, you may need to upgrade some part of your technology stack to a later version, or you may need to make code changes. If you have any questions, please do not hesitate to contact us. Additional info is available on our blog.

August 5, 2019

We are discontinuing the legacy IIN (BIN) API on January 31, 2020 in order to focus development and maintenance efforts on our core services. This means that the service will no longer function if you are querying the URL below:
https://minfraud.maxmind.com/app/bin_http

Please note that we continue to support the IIN (BIN) look-up form on our website [login required], so that remains an option for your use. If you require an API because of volume considerations, we recommend either using our minFraud Insights API (IP address is a required input field) or integrating an alternative commercially available solution.

July 24, 2019

There will be a planned service interruption for all requests to MaxMind services that use TLS versions 1.0 and 1.1, and for unencrypted HTTP requests to MaxMind legacy minFraud services (e.g. minFraud Standard, minFraud Premium, Proxy Detection web service, IIN service). This will take place for up to 2 hours starting at 14:00 UTC on the three dates below:

  • Monday, July 29, 2019
  • Wednesday, July 31, 2019
  • Friday, August 2, 2019

During the interruption, requests using TLS v1.0 and v1.1 and unencrypted HTTP requests to legacy minFraud endpoints will fail with an error.

To avoid service interruption, you may need to upgrade some part of your technology stack to a later version, or you may need to make code changes. If you have any questions, please do not hesitate to contact us. Additional info is available on our blog.

July 22, 2019

You can now manage a list of IP addresses and networks that you want to exempt from IP risk scoring. This is helpful when the IP address is known to be unrelated to the end-customer, such as when you have transactions coming from a call center or agent. Adding an IP address or network to the exclusion list will ensure IP risk is neither calculated nor considered when determining the riskScore for transactions associated with excluded IPs. Learn more.

June 14, 2019
We have added Node.js as a MaxMind Supported minFraud API (NPM, GitHub). It provides an API for the minFraud Score, Insights, and Factors services.
April 18, 2019

In order to ensure your data is as safe and secure as possible, we will be retiring support for TLS v1.0 and 1.1, unencrypted HTTP requests to our legacy minFraud services, and our legacy minFraud SOAP API in the coming months. Please see our blog for more info.

April 8, 2019

To enhance the security of your MaxMind account, Chrome users can enable two-factor authentication (2FA). You can now add and require a (FIDO U2F) security key on top of your account credentials for a more secure log-in. See our support center user guide for information on how to set up 2FA.

September 21, 2018

On Monday, October 1st, we will be changing a large amount of our U.S. coordinate (latitude & longitude) data* to use GeoNames coordinates for postal codes. This change will ensure greater consistency during our build processes. Around 95% of US coordinates will change with most moving about 1 mile. About 5 to 10% of US coordinates will move by more than 10 miles.

* Coordinate data is approximate and is not precise. It should not be used to identify a particular street address or household as it refers to a larger geographical area instead of a precise location.

July 17, 2018
We have released additional input parameters for use with custom rules. Customers of minFraud Score, minFraud Insights, and minFraud Factors can now use the following inputs to serve as the basis when creating a custom rule:

  • IIN: /credit_card/issuer_id_number – The issuer ID number for the credit card. This is the first 6 digits of the credit card number. It identifies the issuing bank.
  • Accept Language: /device/accept_language – The HTTP “Accept-Language” header of the device used in the transaction.
  • IP (CIDR block): /device/ip_address – A network CIDR block
May 25, 2018
Effective May 29, 2018, we will be adding Åland Islands, Martinique, Mayotte, Guadeloupe, French Guiana, Réunion, and Saint Martin to the list of European Union locations identified by minFraud Insights and minFraud Factors responses.
May 18, 2018

The HTTP request made by the Device Tracking Add-on now always uses HTTPS. Previously it used HTTP if your document was served over HTTP. This reduces compatibility with certain older versions of Internet Explorer, but will not cause errors.

We also recommend that you use an HTTPS URL when including the add-on in your site. We’ve updated the example code in our documentation to show how to do this.

April 10, 2018

We’ve added two new output fields to the minFraud Insights and Factors services. The outputs are:

  • Credit card is_virtual: /credit_card/is_virtual – A flag that is true if the credit card is a virtual card.
  • Device local_time: /device/local_time – A date-time indicating the local date and time of the transaction in the time zone of the device.

We’ve also added a new event type to the /event/type field for all minFraud requests: payout_change.

February 13, 2018
We have added additional outputs to the minFraud Insights and minFraud Factors services. The outputs are:

  • EU Country: /country/is_in_european_union – Country of the location of the IP address in an EU member state
  • EU Registered Country: /registered_country/is_in_european_union – Country registered by the ISP or organization is an EU member state

November 2, 2017

minFraud Insights and Factors services now include anonymizer-type outputs. These outputs are:

  • /ip_address/traits/is_anonymous – whether the IP address belongs to any sort of anonymous network.
  • /ip_address/traits/is_anonymous_vpn – whether the IP address belongs to an anonymous VPN system.
  • /ip_address/traits/is_hosting_provider – whether the IP address belongs to a hosting provider.
  • /ip_address/traits/is_public_proxy – whether the IP address belongs to a public proxy.
  • /ip_address/traits/is_tor_exit_node – whether the IP address is a Tor exit node.

As these are included via GeoIP2 Precision Insights, please see our GeoIP2 Precision Web Services documentation for more information.