minFraud Release Notes

Data changes to minFraud Legacy web services

In line with the announcement on our blog from 2020, there will be several changes to the data in our GeoIP Legacy web services beginning today. The following web services are affected:

• minFraud Legacy Standard or Premium

The following data changes have been made:

1. Region codes: The legacy web services historically returned region codes in the FIPS 10-4 standard (for all countries except for the US and Canada). Now, region codes worldwide will be returned in the ISO 3166-2 standard.
2. Area codes: Area code fields will now return blank.
3. Country/Region/City names: Country, region, and city names will now come from GeoNames.
4. IPv6: The minFraud Legacy services will now provide GeoIP Location Check outputs for IPv6 addresses.

For more information, read the full announcement on our blog from 2020.

Please note that associated changes to the GeoIP Legacy web services are also being made.

Expanded filtering options in the account portal for minFraud transactions

The transaction review screen in your MaxMind account portal now has expanded options to filter your transactions. You may now filter transactions by:

• Account user ID: the user ID of the end-user who initiated the transaction
• Shop ID: used to identify the storefront or merchant associated with the transaction
• Credit card issuer ID: the issuer ID number (IIN), sometimes called a bank ID number (BIN) of the card used in the transaction
• Custom rule ID: the ID for the custom rule that was triggered for the transaction

You can learn more about how to filter and search transactions using your MaxMind account portal on our Knowledge Base.

minFraud services now handle 8 digit IINs

We have updated the minFraud service to handle 8 digit credit card issuer ID numbers (IINs). These are non-breaking changes.

• The credit_card/issuer_id_number input can now receive 6 or 8 digits.
• The credit_card/last_4_digits input has been renamed credit_card/last_digits, and receives 2 or 4 of the last digits of the credit card.
  • The credit_card/last_4_digits input will continue to work as an alias for the new credit_card/last_digits input.
• In some cases with longer IINs we will truncate the credit_card/last_digits input so that we process only the data required for risk scoring. If we truncate the last digits, the minFraud service will return a warning message.
• If you send 8 digits for the credit_card/issuer_id_number, but we do not recognize an 8 digit IIN, we will truncate the input to 6 digits. If we truncate the IIN, the minFraud service will return a warning message.

Learn more about how to pass the correct number of digits for credit card inputs in our developer portal:

• credit_card/issuer_id_number
• credit_card/last_digits

You can read more about these changes in the announcement on our blog.

If you would like to learn more about how to properly handle credit card numbers, you can read more at pcisecuritystandards.org.

minFraud alerts webhook now supports signed requests

minFraud alerts now support signed requests for webhook delivery. You can now set a secret, which can be used to verify the authenticity of a minFraud alert delivered via webhook. See our minFraud Alert documentation for instructions.

minFraud subscores are now minFraud risk factor scores

We have renamed minFraud subscores to be "risk factor scores" to make it clearer that the scores returned in our minFraud Factors web service are actionable risk scores in their own right, similar to the IP risk score. You can learn more about all of minFraud's risk scores on our knowledge base.

Nothing has changed about how to use our web services, and no changes are required to your current integration. Specifically, the JSON response for minFraud Factors queries will continue to return risk factor scores in the subscores object. Learn more about the subscores object.