minFraud Release Notes - 2023 Archive
Session age input can be used as a parameter for custom rules
December 11, 2023You can now use the /device/session_age
input in minFraud custom rules.
Session age can be used to detect patterns of device usage across multiple
sessions to help determine risk. For example, short sessions may be a higher
indicator of risk.
You can select the session age input as a parameter in custom rules by selecting minFraud inputs > Session age when defining a new condition for a custom rule.
ISP output can be used as a parameter for custom rules
December 4, 2023You can now use the /ip_address/traits/isp
output in minFraud custom rules,
with the following operators: matches, does not match, contains, does not
contain.
Filtering transactions by ISP can be especially helpful if you notice certain ISPs are more likely to be associated with fraudulent behavior.
You can select the ISP output as a parameter in custom rules by selecting minFraud outputs > ISP when defining a new condition for a custom rule.
Updated static IP scoring for IPv6 addresses
November 29, 2023We are releasing a bug fix to our static IP scoring system today.
Previously we were returning higher static IP scores for cellular IPv6 addresses when the networks were actually more dynamic.
minFraud Insights and Factors customers will see the static IP score for cellular IPv6 addresses reduce. This should also result in improved risk scoring for these networks for all minFraud customers.
Learn more about static IP scores in minFraud on our Knowledge Base.
Free email output can be used as a parameter for custom rules
November 16, 2023You can now use the /email/is_free
output in minFraud custom rules. This
output is available for transactions submitted through minFraud Insights and
minFraud Factors when you pass the /email/address
input as plaintext, or when
you pass an MD5 hash of the /email/address
and the plaintext /email/domain
input.
Use of free email providers (e.g. Gmail, Yahoo, Outlook, etc.) by consumers is the norm, so filtering transactions on this data point is often useful only in business-to-business contexts where you expect transactions to be conducted using a business email domain.
You can select the free email output as a parameter in custom rules by selecting minFraud outputs > Is free email when defining a new condition for a custom rule.
Create stored lists of email addresses to use in minFraud custom rules
November 15, 2023You can now add up to 2000 emails to a stored list and use it within minFraud custom rules to automatically apply a disposition to all matching transactions. Previously, you would have to create a custom rule for each separate email address.
Improvements to IP risk score
September 29, 2023We have made some improvements to the IP risk score, and minFraud customers may see an average increase of 1.5% in their risk scores beginning Monday, October 2. These changes to risk scoring should improve the accuracy of risk scoring. This change will apply to the following data:
- Overall risk score (available in all current and Legacy minFraud services)
- IP risk score (available in minFraud Score, Insights, and Factors)
- Proxy score (available in our Legacy Proxy detection web service)
Group and join up to 20 conditions in minFraud custom rules
September 26, 2023When using minFraud’s custom rules, you can now group and join up to 20 conditions. The previous limit was 4 conditions.
More Virtual Payment Cards Flagged in minFraud
August 30, 2023Effective September 1, 2023 we will be flagging more virtual payment cards from select digital banks in minFraud. In transactions where the IIN is submitted, the minFraud services will be able to accurately tag more payment cards as virtual. Virtual cards do not have a physical card associated with the card number. Customers may use virtual cards for added security, though they are also popular with resellers who use them to attempt to bypass order limits.
To benefit from increased virtual payment card detection, you must pass the IIN
or BIN (credit_card/issuer_id_number
) of the payment card:
- Learn more about the IIN input on our Knowledge Base.
- See the documentation for this input in the API schema on our Developer Portal.
Users of the minFraud Insights and Factors services will be able to see whether
a submitted payment card is virtual using the credit_card/is_virtual
output:
API policies - temporary enforcement on October 17, 2023
August 17, 2023To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin enforcing our policies around our API and database download requests in March 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of these policies on October 17, 2023.
What are the policies?
- MaxMind will only accept API and database download requests sent with the more secure HTTPS protocol.
- MaxMind will only accept API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).
What do I need to do? To ensure that your MaxMind service is not interrupted, please ensure ensure that you are using the correct hostname for your API requests, and that you are using HTTPS, prior to October 17, 2023. You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:
- minFraud Score, Insights, and Factors web services
- minFraud Device Tracking
- minFraud Transaction Reporting
- Legacy minFraud web services
- Legacy Proxy Detection web service
Please note: This enforcement will also effect GeoIP API requests. If you are also a GeoIP user, see our GeoIP release note on this issue.
Expanded filtering options in minFraud Interactive
July 20, 2023Within minFraud Interactive, the interface provided in your account portal for searching, filtering, reviewing, and submitting minFraud transactions, you can now click to filter on more transaction data.
From the log of your minFraud transactions you can click on a number of transaction inputs and immediately get a filtered log of your transactions with matching data. For example, if you have a transaction with a billing phone number of +1 123 555 7698, you could click on that transaction’s billing phone number and immediately see a list of all transactions submitted with the same billing phone number over the past four months.
You can click to filter on the following transaction inputs (newly filterable inputs with this release are marked with an asterix):
- Device ID
- IP address
- Credit card - Issuer Identification Number (IIN)*
- Credit card - IIN + Last 4 digits*
- Email address or domain
- Shipping address*
- Billing phone number*
You can learn more about minFraud Interactive’s log of your transactions on our Knowledge Base.
Data retention increased for minFraud Interactive
July 17, 2023Effective immediately, we will begin to retain data in minFraud Interactive for up to 5 months. Although this change is already in place, you will not notice the increased retention period until early August.
Previously, we retained data in minFraud Interactive for up to 4 months.
minFraud Interactive is the interface for searching, filtering, and viewing minFraud transactions through your account portal. Learn more about minFraud Interactive on our Knowledge Base.
Correction regarding London boroughs in our geolocation data
June 12, 2023On June 6, we announced that more networks would be mapped to London boroughs beginning on Friday, June 9.
This change has been delayed. It should be present in our products and services beginning on Friday, June 16.
In addition, for networks in the greater London area we will be returning the name of the town for city-level name data instead of the borough. The borough will be populated in the second level subdivision.
For example, a network that maps to the Walthamstow town will return Walthamstow for the city_name, and Walthamstow Forest for the second level subdivision.
More networks mapped to London boroughs
June 6, 2023When a network geolocates to London, we will often return the borough for the city, rather than returning London. Beginning this Friday, June 9, we will be mapping more networks to London boroughs.
This change will apply to all products and services with city-level geolocation data:
- GeoIP City database
- GeoIP City Plus web service
- GeoIP Insights web service
- GeoIP Enterprise database
- minFraud Insights web service
- minFraud Factors web service
- GeoLite City web service
- GeoLite City database
minFraud Transactions searchable by email domain
May 30, 2023We have updated the minFraud Transactions interface in the account portal to allow users to search for and filter transactions by email domain.
minFraud Alerts will be restored
May 15, 2023We are aware of an issue in which some minFraud Alerts were not being sent or were delayed.
We expect to restore full functionality to minFraud Alerts by the end of the day.
Improvements to minFraud Interactive
March 29, 2023We have made a number of improvements to the user interface for minFraud Interactive, the interface used to view minFraud transactions through your account portal.
The functionality of the interface is not changed, but some of the features now appear in a different place on the screen, and the transaction information is now displayed differently.
Learn how to navigate the new interface on our Knowledge Base.
Velocity Checking on User ID
March 21, 2023We have enabled velocity tracking on the account/user_id
input for all
minFraud customers.
If you send a user ID associated with your transactions, minFraud will now factor the velocity of the user’s transactions into the risk score.
The account/user_id
input allows you to pass a unique identifier for each of
your users so that the minFraud service can group transactions by user in order
to identify fraud signals attached to specific users.
Learn more about the account/user_id
input on our Developer Portal.
New License Key Format
March 16, 2023We have updated the format of our license keys. New license keys will be longer, with a six character prefix.
The new license keys can be used in all current versions of our Client APIs and in version 3.1.1 and higher of our GeoIP Update program.
No action is required for minFraud users. Existing license keys will still be valid and will continue to function normally.
New license keys will have the following changes:
- The character set is changing from
[a-zA-Z0-9]
to[a-zA-Z0-9_]
. - The length of the license key will now be 40 characters.
- License keys will have a
_mmk
suffix.
Please note that the length of license keys may be increased in the future.