minFraud Release Notes - 2023 Archive

Session age input can be used as a parameter for custom rules

December 11, 2023

You can now use the /device/session_age input in minFraud custom rules. Session age can be used to detect patterns of device usage across multiple sessions to help determine risk. For example, short sessions may be a higher indicator of risk.

You can select the session age input as a parameter in custom rules by selecting minFraud inputs > Session age when defining a new condition for a custom rule.

ISP output can be used as a parameter for custom rules

December 4, 2023

You can now use the /ip_address/traits/isp output in minFraud custom rules, with the following operators: matches, does not match, contains, does not contain.

Filtering transactions by ISP can be especially helpful if you notice certain ISPs are more likely to be associated with fraudulent behavior.

You can select the ISP output as a parameter in custom rules by selecting minFraud outputs > ISP when defining a new condition for a custom rule.

Updated static IP scoring for IPv6 addresses

November 29, 2023

We are releasing a bug fix to our static IP scoring system today.

Previously we were returning higher static IP scores for cellular IPv6 addresses when the networks were actually more dynamic.

minFraud Insights and Factors customers will see the static IP score for cellular IPv6 addresses reduce. This should also result in improved risk scoring for these networks for all minFraud customers.

Learn more about static IP scores in minFraud on our Knowledge Base.

Free email output can be used as a parameter for custom rules

November 16, 2023

You can now use the /email/is_free output in minFraud custom rules. This output is available for transactions submitted through minFraud Insights and minFraud Factors when you pass the /email/address input as plaintext, or when you pass an MD5 hash of the /email/address and the plaintext /email/domain input.

Use of free email providers (e.g. Gmail, Yahoo, Outlook, etc.) by consumers is the norm, so filtering transactions on this data point is often useful only in business-to-business contexts where you expect transactions to be conducted using a business email domain.

You can select the free email output as a parameter in custom rules by selecting minFraud outputs > Is free email when defining a new condition for a custom rule.

Create stored lists of email addresses to use in minFraud custom rules

November 15, 2023

You can now add up to 2000 emails to a stored list and use it within minFraud custom rules to automatically apply a disposition to all matching transactions. Previously, you would have to create a custom rule for each separate email address.

Learn more about stored lists on our Knowledge Base.

Improvements to IP risk score

September 29, 2023

We have made some improvements to the IP risk score, and minFraud customers may see an average increase of 1.5% in their risk scores beginning Monday, October 2. These changes to risk scoring should improve the accuracy of risk scoring. This change will apply to the following data:

Group and join up to 20 conditions in minFraud custom rules

September 26, 2023

When using minFraud’s custom rules, you can now group and join up to 20 conditions. The previous limit was 4 conditions.

Learn more about custom rules on our Knowledge Base.

More Virtual Payment Cards Flagged in minFraud

August 30, 2023

Effective September 1, 2023 we will be flagging more virtual payment cards from select digital banks in minFraud. In transactions where the IIN is submitted, the minFraud services will be able to accurately tag more payment cards as virtual. Virtual cards do not have a physical card associated with the card number. Customers may use virtual cards for added security, though they are also popular with resellers who use them to attempt to bypass order limits.

To benefit from increased virtual payment card detection, you must pass the IIN or BIN (credit_card/issuer_id_number) of the payment card:

Users of the minFraud Insights and Factors services will be able to see whether a submitted payment card is virtual using the credit_card/is_virtual output:

API policies - temporary enforcement on October 17, 2023

August 17, 2023

To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin enforcing our policies around our API and database download requests in March 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of these policies on October 17, 2023.

What are the policies?

  • MaxMind will only accept API and database download requests sent with the more secure HTTPS protocol.
  • MaxMind will only accept API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).

What do I need to do? To ensure that your MaxMind service is not interrupted, please ensure ensure that you are using the correct hostname for your API requests, and that you are using HTTPS, prior to October 17, 2023. You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:

Please note: This enforcement will also effect GeoIP API requests. If you are also a GeoIP user, see our GeoIP release note on this issue.

Expanded filtering options in minFraud Interactive

July 20, 2023

Within minFraud Interactive, the interface provided in your account portal for searching, filtering, reviewing, and submitting minFraud transactions, you can now click to filter on more transaction data.

From the log of your minFraud transactions you can click on a number of transaction inputs and immediately get a filtered log of your transactions with matching data. For example, if you have a transaction with a billing phone number of +1 123 555 7698, you could click on that transaction’s billing phone number and immediately see a list of all transactions submitted with the same billing phone number over the past four months.

You can click to filter on the following transaction inputs (newly filterable inputs with this release are marked with an asterix):

  • Device ID
  • IP address
  • Credit card - Issuer Identification Number (IIN)*
  • Credit card - IIN + Last 4 digits*
  • Email address or domain
  • Shipping address*
  • Billing phone number*

You can learn more about minFraud Interactive’s log of your transactions on our Knowledge Base.

Data retention increased for minFraud Interactive

July 17, 2023

Effective immediately, we will begin to retain data in minFraud Interactive for up to 5 months. Although this change is already in place, you will not notice the increased retention period until early August.

Previously, we retained data in minFraud Interactive for up to 4 months.

minFraud Interactive is the interface for searching, filtering, and viewing minFraud transactions through your account portal. Learn more about minFraud Interactive on our Knowledge Base.

Correction regarding London boroughs in our geolocation data

June 12, 2023

On June 6, we announced that more networks would be mapped to London boroughs beginning on Friday, June 9.

This change has been delayed. It should be present in our products and services beginning on Friday, June 16.

In addition, for networks in the greater London area we will be returning the name of the town for city-level name data instead of the borough. The borough will be populated in the second level subdivision.

For example, a network that maps to the Walthamstow town will return Walthamstow for the city_name, and Walthamstow Forest for the second level subdivision.

More networks mapped to London boroughs

June 6, 2023

When a network geolocates to London, we will often return the borough for the city, rather than returning London. Beginning this Friday, June 9, we will be mapping more networks to London boroughs.

This change will apply to all products and services with city-level geolocation data:

  • GeoIP City database
  • GeoIP City Plus web service
  • GeoIP Insights web service
  • GeoIP Enterprise database
  • minFraud Insights web service
  • minFraud Factors web service
  • GeoLite City web service
  • GeoLite City database

minFraud Transactions searchable by email domain

May 30, 2023

We have updated the minFraud Transactions interface in the account portal to allow users to search for and filter transactions by email domain.

Learn how to search and filter minFraud Transactions through the account portal on our Knowledge Base.

minFraud Alerts will be restored

May 15, 2023

We are aware of an issue in which some minFraud Alerts were not being sent or were delayed.

We expect to restore full functionality to minFraud Alerts by the end of the day.

Improvements to minFraud Interactive

March 29, 2023

We have made a number of improvements to the user interface for minFraud Interactive, the interface used to view minFraud transactions through your account portal.

The functionality of the interface is not changed, but some of the features now appear in a different place on the screen, and the transaction information is now displayed differently.

Learn how to navigate the new interface on our Knowledge Base.

Velocity Checking on User ID

March 21, 2023

We have enabled velocity tracking on the account/user_id input for all minFraud customers.

If you send a user ID associated with your transactions, minFraud will now factor the velocity of the user’s transactions into the risk score.

The account/user_id input allows you to pass a unique identifier for each of your users so that the minFraud service can group transactions by user in order to identify fraud signals attached to specific users.

Learn more about the account/user_id input on our Developer Portal.

Learn more about velocity tracking on our Knowledge Base.

New License Key Format

March 16, 2023

We have updated the format of our license keys. New license keys will be longer, with a six character prefix.

The new license keys can be used in all current versions of our Client APIs and in version 3.1.1 and higher of our GeoIP Update program.

No action is required for minFraud users. Existing license keys will still be valid and will continue to function normally.

New license keys will have the following changes:

  • The character set is changing from [a-zA-Z0-9] to [a-zA-Z0-9_].
  • The length of the license key will now be 40 characters.
  • License keys will have a _mmk suffix.

Please note that the length of license keys may be increased in the future.