minFraud Release Notes

New phone outputs released for minFraud® Insights and minFraud Factors

July 9, 2024

We have released additional outputs for our minFraud Insights and minFraud Factors web services. Insights and Factors customers that pass phone numbers can now make use of the following additional outputs:

  • /shipping_phone/country – A two-character ISO 3166-1 country code for the country associated with the shipping phone number.

  • /shipping_phone/is_voip – This is true if the shipping phone number is a Voice over Internet Protocol (VoIP) number allocated by a regulator. It is false if the shipping phone number is not a VoIP number allocated by a regulator. The key is only present when a valid shipping phone number has been provided and we have data for it.

  • /shipping_phone/network_operator – The name of the original network operator associated with the shipping phone number. This field does not reflect phone numbers that have been ported from the original operator to another, nor does it identify mobile virtual network operators.

  • /shipping_phone/number_type – Indicates whether the phone number is mobile or fixed.

  • /billing_phone/country – A two-character ISO 3166-1 country code for the country associated with the billing phone number.

  • /billing_phone/is_voip – This is true if the billing phone number is a Voice over Internet Protocol (VoIP) number allocated by a regulator. It is false if the billing phone number is not a VoIP number allocated by a regulator. The key is only present when a valid billing phone number has been provided and we have data for it.

  • /billing_phone/network_operator – The name of the original network operator associated with the billing phone number. This field does not reflect phone numbers that have been ported from the original operator to another, nor does it identify mobile virtual network operators.

  • /billing_phone/number_type – Indicates whether the phone number is mobile or fixed.

These values are particularly helpful to identify mismatches between data points, such as a mismatch between the billing country as indicated by the IP address and the country as indicated by the billing phone number. Another strong signal for fraud is a phone carrier that does not operate in the country indicated by the IP address.

Our client APIs have been updated to support these outputs so may need to refresh yours if you are not interfacing directly with our REST API.

Email first seen can be used as a parameter for custom rules

April 8, 2024

minFraud Insights and Factors customers can now use the /email/first_seen output in minFraud custom rules.

The minFraud service retains a record of when an email address or email domain was first seen on the minFraud Network. An email address that has been conducting transactions for a long time across the minFraud Network may be more trustworthy than a new email address created within the last 30 days.

You can select the email first seen output as a parameter in custom rules by selecting minFraud outputs > Email first seen when defining a new condition for a custom rule.

Upcoming changes to our TLS certificates may impact customers with unusual server configuration

April 8, 2024

Starting in May, Let's Encrypt will no longer use a cross-signed root certificate, and the primary TLS certificate handling the *.maxmind.com domains will be impacted by this change.

Most customers will see no impact from this change.

This change should only be of concern if the servers interacting with MaxMind domains are running a very old or out of date operating system, or if you manage your own local Certificate Authority store.

API policies are now permanently enforced

March 13, 2024

To improve our server infrastructure and allow for better performance and efficiency, our API policies are now being permanently enforced as of March 13, 2024.

What are the policies?

  • MaxMind only accepts API and database download requests sent with the more secure HTTPS protocol.
  • MaxMind only accepts API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).

What do I need to do? Ensure that you are using the correct hostname for your API requests, and that you are using HTTPS. Failure to do so will result in web service or database download requests failing.

You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:

Please note: This enforcement will also affect GeoIP web service and database download requests. If you are also a GeoIP user, see our GeoIP release note on this issue.

API policies - temporary enforcement on February 7, 2024

January 25, 2024

To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin enforcing our policies around our API and database download requests on March 13, 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of these policies on February 7, 2024.

What are the policies?

  • MaxMind will only accept API and database download requests sent with the more secure HTTPS protocol.
  • MaxMind will only accept API and database download requests that are sent to the appropriate hostname as documented in the integration instructions on our Developer Portal (see direct links below).

What do I need to do? To ensure that your MaxMind service is not interrupted, please ensure ensure that you are using the correct hostname for your API requests, and that you are using HTTPS, prior to February 7, 2024.

If you have not made the requested changes before Wednesday, February 7, 2024, you might experience a period where web service or database download requests fail.

You can view the appropriate URIs for minFraud services on our Developer Portal using the links below:

Please note: This enforcement also affects GeoIP API requests. If you are also a GeoIP user, see our GeoIP release note on this issue.

minFraud no longer accepts event times more than one year in the past

January 22, 2024

Starting tomorrow, January 23, 2024, minFraud will no longer accept /event/time inputs with values more than one year in the past. Most customers do not need to send the /event/time input and will not be impacted by this change. Learn more about this input and how to use it to score historical transactions on our Knowledge Base.

If you send the /event/time inputs with values more than one year in the past, minFraud will:

  • replace the event time with the current time
  • score the transaction and return a score
  • return an INPUT_INVALID warning with its response

This page was last updated on July 17, 2024.