minFraud Release Notes

MaxMind Sandbox has Launched

We've launched a new Sandbox Environment for technical validation and testing of your integration with our minFraud and GeoIP web services. The Sandbox environment is available for all paying MaxMind customers.

Learn more about the Sandbox environment on our Knowledge Base.

You can also read more about testing minFraud web services on the Sandbox.

Changes to Registered Country data

We have made some changes to how we determine the registered country associated with an IP address. We estimate that this change will affect around 1% of IP addresses with a registered country value. The following databases and web services will be affected:

• GeoIP2 Country database
• GeoIP2 City database
• GeoIP2 Enterprise database
• GeoLite2 Country database
• GeoLite2 City database
• GeoIP2 Country web service
• GeoIP2 City Plus web service
• GeoIP2 Insights web service
• GeoLite2 Country web service
• GeoLite2 City web service
• minFraud Insights web service
• minFraud Factors web service

In some cases where we are no longer confident in the registered country for an IP, it will be removed. In other cases, the value may be changed.

You can learn more about the /registered_country output in the API schema for GeoIP2 web services.

You can learn more about the difference between registered country and the IP geolocation on our Knowledge Base.

Change to Time Zone Name for Ukraine

The time zone name for Kyiv, Ukraine, which covers most of the country, has been updated.

Previously, the time zone was named Europe/Kiev. It has been updated to be named Europe/Kyiv following updated naming conventions from version 2022b of the IANA time zone database.

The following products and services will see the updated time zone name:

• GeoIP2 City database
• GeoIP2 Enterprise database
• GeoIP2 City Plus web service
• GeoIP2 Insights web service
• minFraud Insights
• minFraud Factors
• GeoLite2 City database
• GeoLite2 City web service

Geolocation Bug Fix Complete

We have completed work to fix a geolocation bug affecting some IPv6 addresses. All databases and web services should now have the updated data.

See the release note below for more information about this bug.

Geolocation Coordinate Bug Fix

We are aware of a bug in which databases and web services have been returning geolocation location coordinates of 0,0 for IPv6 addresses which are geolocated only down to the country-level.

The following databases and web services are affected:

• GeoIP2 City database
• GeoIP2 Enterprise database
• GeoIP Legacy City web service
• GeoIP Legacy Omni/Insights web service
• GeoIP2 City Plus web service
• GeoIP2 Insights web service
• minFraud Insights web service
• minFraud Factors web service

We have a fix, and it will be released later today.

The updated GeoIP2 City database is now available for download.

Web service users will see the corrected data as soon as the fix has been implemented.

We apologize for any inconvenience this may have caused.

Data changes to minFraud Legacy web services

In line with the announcement on our blog from 2020, there will be several changes to the data in our GeoIP Legacy web services beginning today. The following web services are affected:

• minFraud Legacy Standard or Premium

The following data changes have been made:

1. Region codes: The legacy web services historically returned region codes in the FIPS 10-4 standard (for all countries except for the US and Canada). Now, region codes worldwide will be returned in the ISO 3166-2 standard.
2. Area codes: Area code fields will now return blank.
3. Country/Region/City names: Country, region, and city names will now come from GeoNames.
4. IPv6: The minFraud Legacy services will now provide GeoIP Location Check outputs for IPv6 addresses.

For more information, read the full announcement on our blog from 2020.

Please note that associated changes to the GeoIP Legacy web services are also being made.

Expanded filtering options in the account portal for minFraud transactions

The transaction review screen in your MaxMind account portal now has expanded options to filter your transactions. You may now filter transactions by:

• Account user ID: the user ID of the end-user who initiated the transaction
• Shop ID: used to identify the storefront or merchant associated with the transaction
• Credit card issuer ID: the issuer ID number (IIN), sometimes called a bank ID number (BIN) of the card used in the transaction
• Custom rule ID: the ID for the custom rule that was triggered for the transaction

You can learn more about how to filter and search transactions using your MaxMind account portal on our Knowledge Base.

minFraud services now handle 8 digit IINs

We have updated the minFraud service to handle 8 digit credit card issuer ID numbers (IINs). These are non-breaking changes.

• The credit_card/issuer_id_number input can now receive 6 or 8 digits.
• The credit_card/last_4_digits input has been renamed credit_card/last_digits, and receives 2 or 4 of the last digits of the credit card.
  • The credit_card/last_4_digits input will continue to work as an alias for the new credit_card/last_digits input.
• In some cases with longer IINs we will truncate the credit_card/last_digits input so that we process only the data required for risk scoring. If we truncate the last digits, the minFraud service will return a warning message.
• If you send 8 digits for the credit_card/issuer_id_number, but we do not recognize an 8 digit IIN, we will truncate the input to 6 digits. If we truncate the IIN, the minFraud service will return a warning message.

Learn more about how to pass the correct number of digits for credit card inputs in our developer portal:

• credit_card/issuer_id_number
• credit_card/last_digits

You can read more about these changes in the announcement on our blog.

If you would like to learn more about how to properly handle credit card numbers, you can read more at pcisecuritystandards.org.

minFraud alerts webhook now supports signed requests

minFraud alerts now support signed requests for webhook delivery. You can now set a secret, which can be used to verify the authenticity of a minFraud alert delivered via webhook. See our minFraud Alert documentation for instructions.

minFraud subscores are now minFraud risk factor scores

We have renamed minFraud subscores to be "risk factor scores" to make it clearer that the scores returned in our minFraud Factors web service are actionable risk scores in their own right, similar to the IP risk score. You can learn more about all of minFraud's risk scores on our knowledge base.

Nothing has changed about how to use our web services, and no changes are required to your current integration. Specifically, the JSON response for minFraud Factors queries will continue to return risk factor scores in the subscores object. Learn more about the subscores object.