minFraud Release Notes - 2023 Archive

Session age input can be used as a parameter for custom rules

December 11, 2023

You can now use the /device/session_age input in minFraud custom rules. Session age can be used to detect patterns of device usage across multiple sessions to help determine risk. For example, short sessions may be a higher indicator of risk.

You can select the session age input as a parameter in custom rules by selecting minFraud inputs > Session age when defining a new condition for a custom rule.

ISP output can be used as a parameter for custom rules

December 4, 2023

You can now use the /ip_address/traits/isp output in minFraud custom rules, with the following operators: matches, does not match, contains, does not contain.

Filtering transactions by ISP can be especially helpful if you notice certain ISPs are more likely to be associated with fraudulent behavior.

You can select the ISP output as a parameter in custom rules by selecting minFraud outputs > ISP when defining a new condition for a custom rule.

Updated static IP scoring for IPv6 addresses

November 29, 2023

We are releasing a bug fix to our static IP scoring system today.

Previously we were returning higher static IP scores for cellular IPv6 addresses when the networks were actually more dynamic.

minFraud Insights and Factors customers will see the static IP score for cellular IPv6 addresses reduce. This should also result in improved risk scoring for these networks for all minFraud customers.

Learn more about static IP scores in minFraud on our Knowledge Base.

Free email output can be used as a parameter for custom rules

November 16, 2023

You can now use the /email/is_free output in minFraud custom rules. This output is available for transactions submitted through minFraud Insights and minFraud Factors when you pass the /email/address input as plaintext, or when you pass an MD5 hash of the /email/address and the plaintext /email/domain input.

Use of free email providers (e.g. Gmail, Yahoo, Outlook, etc.) by consumers is the norm, so filtering transactions on this data point is often useful only in business-to-business contexts where you expect transactions to be conducted using a business email domain.

You can select the free email output as a parameter in custom rules by selecting minFraud outputs > Is free email when defining a new condition for a custom rule.

Improvements to IP risk score

September 29, 2023

We have made some improvements to the IP risk score, and minFraud customers may see an average increase of 1.5% in their risk scores beginning Monday, October 2. These changes to risk scoring should improve the accuracy of risk scoring. This change will apply to the following data:

More Virtual Payment Cards Flagged in minFraud

August 30, 2023

Effective September 1, 2023 we will be flagging more virtual payment cards from select digital banks in minFraud. In transactions where the IIN is submitted, the minFraud services will be able to accurately tag more payment cards as virtual. Virtual cards do not have a physical card associated with the card number. Customers may use virtual cards for added security, though they are also popular with resellers who use them to attempt to bypass order limits.

To benefit from increased virtual payment card detection, you must pass the IIN or BIN (credit_card/issuer_id_number) of the payment card:

Users of the minFraud Insights and Factors services will be able to see whether a submitted payment card is virtual using the credit_card/is_virtual output:

API policies - temporary enforcement on October 17, 2023

August 17, 2023

To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin enforcing our policies around our API and database download requests in March 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of these policies on October 17, 2023.

What are the policies?

  • MaxMind will only accept API and database download requests sent with the more secure HTTPS protocol.
  • MaxMind will only accept API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).

What do I need to do? To ensure that your MaxMind service is not interrupted, please ensure ensure that you are using the correct hostname for your API requests, and that you are using HTTPS, prior to October 17, 2023. You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:

Please note: This enforcement will also effect GeoIP API requests. If you are also a GeoIP user, see our GeoIP release note on this issue.

Expanded filtering options in minFraud Interactive

July 20, 2023

Within minFraud Interactive, the interface provided in your account portal for searching, filtering, reviewing, and submitting minFraud transactions, you can now click to filter on more transaction data.

From the log of your minFraud transactions you can click on a number of transaction inputs and immediately get a filtered log of your transactions with matching data. For example, if you have a transaction with a billing phone number of +1 123 555 7698, you could click on that transaction's billing phone number and immediately see a list of all transactions submitted with the same billing phone number over the past four months.

You can click to filter on the following transaction inputs (newly filterable inputs with this release are marked with an asterix):

  • Device ID
  • IP address
  • Credit card - Issuer Identification Number (IIN)*
  • Credit card - IIN + Last 4 digits*
  • Email address or domain
  • Shipping address*
  • Billing phone number*

You can learn more about minFraud Interactive's log of your transactions on our Knowledge Base.

Data retention increased for minFraud Interactive

July 17, 2023

Effective immediately, we will begin to retain data in minFraud Interactive for up to 5 months. Although this change is already in place, you will not notice the increased retention period until early August.

Previously, we retained data in minFraud Interactive for up to 4 months.

minFraud Interactive is the interface for searching, filtering, and viewing minFraud transactions through your account portal. Learn more about minFraud Interactive on our Knowledge Base.

Correction regarding London boroughs in our geolocation data

June 12, 2023

On June 6, we announced that more networks would be mapped to London boroughs beginning on Friday, June 9.

This change has been delayed. It should be present in our products and services beginning on Friday, June 16.

In addition, for networks in the greater London area we will be returning the name of the town for city-level name data instead of the borough. The borough will be populated in the second level subdivision.

For example, a network that maps to the Walthamstow town will return Walthamstow for the city_name, and Walthamstow Forest for the second level subdivision.

More networks mapped to London boroughs

June 6, 2023

When a network geolocates to London, we will often return the borough for the city, rather than returning London. Beginning this Friday, June 9, we will be mapping more networks to London boroughs.

This change will apply to all products and services with city-level geolocation data:

  • GeoIP City database
  • GeoIP City Plus web service
  • GeoIP Insights web service
  • GeoIP Enterprise database
  • minFraud Insights web service
  • minFraud Factors web service
  • GeoLite City web service
  • GeoLite City database

minFraud Alerts will be restored

May 15, 2023

We are aware of an issue in which some minFraud Alerts were not being sent or were delayed.

We expect to restore full functionality to minFraud Alerts by the end of the day.

Velocity Checking on User ID

March 21, 2023

We have enabled velocity tracking on the account/user_id input for all minFraud customers.

If you send a user ID associated with your transactions, minFraud will now factor the velocity of the user's transactions into the risk score.

The account/user_id input allows you to pass a unique identifier for each of your users so that the minFraud service can group transactions by user in order to identify fraud signals attached to specific users.

Learn more about the account/user_id input on our Developer Portal.

Learn more about velocity tracking on our Knowledge Base.

New License Key Format

March 16, 2023

We have updated the format of our license keys. New license keys will be longer, with a six character prefix.

The new license keys can be used in all current versions of our Client APIs and in version 3.1.1 and higher of our GeoIP Update program.

No action is required for minFraud users. Existing license keys will still be valid and will continue to function normally.

New license keys will have the following changes:

  • The character set is changing from [a-zA-Z0-9] to [a-zA-Z0-9_].
  • The length of the license key will now be 40 characters.
  • License keys will have a _mmk suffix.

Please note that the length of license keys may be increased in the future.

This page was last updated on February 13, 2024.