minFraud Release Notes - 2023 Archive

Session age input can be used as a parameter for custom rules

You can now use the /device/session_age input in minFraud custom rules. Session age can be used to detect patterns of device usage across multiple sessions to help determine risk. For example, short sessions may be a higher indicator of risk.

You can select the session age input as a parameter in custom rules by selecting minFraud inputs > Session age when defining a new condition for a custom rule.

• Learn more about setting custom rule conditions on our Knowledge Base.
• Learn more about session inputs on our Knowledge Base.

ISP output can be used as a parameter for custom rules

You can now use the /ip_address/traits/isp output in minFraud custom rules, with the following operators: matches, does not match, contains, does not contain.

Filtering transactions by ISP can be especially helpful if you notice certain ISPs are more likely to be associated with fraudulent behavior.

You can select the ISP output as a parameter in custom rules by selecting minFraud outputs > ISP when defining a new condition for a custom rule.

• Learn more about setting custom rule conditions on our Knowledge Base.

Updated static IP scoring for IPv6 addresses

We are releasing a bug fix to our static IP scoring system today.

Previously we were returning higher static IP scores for cellular IPv6 addresses when the networks were actually more dynamic.

minFraud Insights and Factors customers will see the static IP score for cellular IPv6 addresses reduce. This should also result in improved risk scoring for these networks for all minFraud customers.

Learn more about static IP scores in minFraud on our Knowledge Base.

Free email output can be used as a parameter for custom rules

You can now use the /email/is_free output in minFraud custom rules. This output is available for transactions submitted through minFraud Insights and minFraud Factors when you pass the /email/address input as plaintext, or when you pass an MD5 hash of the /email/address and the plaintext /email/domain input.

Use of free email providers (e.g. Gmail, Yahoo, Outlook, etc.) by consumers is the norm, so filtering transactions on this data point is often useful only in business-to-business contexts where you expect transactions to be conducted using a business email domain.

You can select the free email output as a parameter in custom rules by selecting minFraud outputs > Is free email when defining a new condition for a custom rule.

• Learn more about setting custom rule conditions on our Knowledge Base.
• Learn more about free email detection on our Knowledge Base.
• Learn more about passing email inputs on our Knowledge Base.

Create stored lists of email addresses to use in minFraud custom rules

You can now add up to 2000 emails to a stored list and use it within minFraud custom rules to automatically apply a disposition to all matching transactions. Previously, you would have to create a custom rule for each separate email address.

Learn more about stored lists on our Knowledge Base.

Improvements to IP risk score

We have made some improvements to the IP risk score, and minFraud customers may see an average increase of 1.5% in their risk scores beginning Monday, October 2. These changes to risk scoring should improve the accuracy of risk scoring. This change will apply to the following data:

• Overall risk score (available in all current and Legacy minFraud services)
• IP risk score (available in minFraud Score, Insights, and Factors)
• Proxy score (available in our Legacy Proxy detection web service)

Group and join up to 20 conditions in minFraud custom rules

When using minFraud's custom rules, you can now group and join up to 20 conditions. The previous limit was 4 conditions.

Learn more about custom rules on our Knowledge Base.

More Virtual Payment Cards Flagged in minFraud

Effective September 1, 2023 we will be flagging more virtual payment cards from select digital banks in minFraud. In transactions where the IIN is submitted, the minFraud services will be able to accurately tag more payment cards as virtual. Virtual cards do not have a physical card associated with the card number. Customers may use virtual cards for added security, though they are also popular with resellers who use them to attempt to bypass order limits.

To benefit from increased virtual payment card detection, you must pass the IIN or BIN (credit_card/issuer_id_number) of the payment card:

• Learn more about the IIN input on our Knowledge Base.
• See the documentation for this input in the API schema on our Developer Portal.

Users of the minFraud Insights and Factors services will be able to see whether a submitted payment card is virtual using the credit_card/is_virtual output:

• Learn more about prepaid and virtual card detection on our Knowledge Base.
• See the documentation for this output in the API schema on our Developer Portal.

API policies - temporary enforcement on October 17, 2023

To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin enforcing our policies around our API and database download requests in March 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of these policies on October 17, 2023.

What are the policies?

• MaxMind will only accept API and database download requests sent with the more secure HTTPS protocol.
• MaxMind will only accept API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).

What do I need to do? To ensure that your MaxMind service is not interrupted, please ensure ensure that you are using the correct hostname for your API requests, and that you are using HTTPS, prior to October 17, 2023. You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:

• minFraud Score, Insights, and Factors web services
• minFraud Device Tracking
• minFraud Transaction Reporting
• Legacy minFraud web services
• Legacy Proxy Detection web service

Please note: This enforcement will also effect GeoIP API requests. If you are also a GeoIP user, see our GeoIP release note on this issue.

Expanded filtering options in minFraud Interactive

Within minFraud Interactive, the interface provided in your account portal for searching, filtering, reviewing, and submitting minFraud transactions, you can now click to filter on more transaction data.

From the log of your minFraud transactions you can click on a number of transaction inputs and immediately get a filtered log of your transactions with matching data. For example, if you have a transaction with a billing phone number of +1 123 555 7698, you could click on that transaction's billing phone number and immediately see a list of all transactions submitted with the same billing phone number over the past four months.

You can click to filter on the following transaction inputs (newly filterable inputs with this release are marked with an asterix):

• Device ID
• IP address
• Credit card - Issuer Identification Number (IIN)*
• Credit card - IIN + Last 4 digits*
• Email address or domain
• Shipping address*
• Billing phone number*

You can learn more about minFraud Interactive's log of your transactions on our Knowledge Base.

Data retention increased for minFraud Interactive

Effective immediately, we will begin to retain data in minFraud Interactive for up to 5 months. Although this change is already in place, you will not notice the increased retention period until early August.

Previously, we retained data in minFraud Interactive for up to 4 months.

minFraud Interactive is the interface for searching, filtering, and viewing minFraud transactions through your account portal. Learn more about minFraud Interactive on our Knowledge Base.

Correction regarding London boroughs in our geolocation data

On June 6, we announced that more networks would be mapped to London boroughs beginning on Friday, June 9.

This change has been delayed. It should be present in our products and services beginning on Friday, June 16.

In addition, for networks in the greater London area we will be returning the name of the town for city-level name data instead of the borough. The borough will be populated in the second level subdivision.

For example, a network that maps to the Walthamstow town will return Walthamstow for the city_name, and Walthamstow Forest for the second level subdivision.

More networks mapped to London boroughs

When a network geolocates to London, we will often return the borough for the city, rather than returning London. Beginning this Friday, June 9, we will be mapping more networks to London boroughs.

This change will apply to all products and services with city-level geolocation data:

• GeoIP City database
• GeoIP City Plus web service
• GeoIP Insights web service
• GeoIP Enterprise database
• minFraud Insights web service
• minFraud Factors web service
• GeoLite City web service
• GeoLite City database

minFraud Transactions searchable by email domain

We have updated the minFraud Transactions interface in the account portal to allow users to search for and filter transactions by email domain.

Learn how to search and filter minFraud Transactions through the account portal on our Knowledge Base.

minFraud Alerts will be restored

We are aware of an issue in which some minFraud Alerts were not being sent or were delayed.

We expect to restore full functionality to minFraud Alerts by the end of the day.

Improvements to minFraud Interactive

We have made a number of improvements to the user interface for minFraud Interactive, the interface used to view minFraud transactions through your account portal.

The functionality of the interface is not changed, but some of the features now appear in a different place on the screen, and the transaction information is now displayed differently.

Learn how to navigate the new interface on our Knowledge Base.

Velocity Checking on User ID

We have enabled velocity tracking on the account/user_id input for all minFraud customers.

If you send a user ID associated with your transactions, minFraud will now factor the velocity of the user's transactions into the risk score.

The account/user_id input allows you to pass a unique identifier for each of your users so that the minFraud service can group transactions by user in order to identify fraud signals attached to specific users.

Learn more about the account/user_id input on our Developer Portal.

Learn more about velocity tracking on our Knowledge Base.

New License Key Format

We have updated the format of our license keys. New license keys will be longer, with a six character prefix.

The new license keys can be used in all current versions of our Client APIs and in version 3.1.1 and higher of our GeoIP Update program.

No action is required for minFraud users. Existing license keys will still be valid and will continue to function normally.

New license keys will have the following changes:

• The character set is changing from [a-zA-Z0-9] to [a-zA-Z0-9_].
• The length of the license key will now be 40 characters.
• License keys will have a _mmk suffix.

Please note that the length of license keys may be increased in the future.