Maxmind Minfraud API Wrapper

Maxmind Minfraud API Wrapper

Prevent online payment fraud using the Maxmind Minfraud service. This component provides an API wrapper for PHP that handles most of the manual process and integrates with the PHP Paypal API class.

  • Language: PHP
  • Released: Aug 8, 2012
    Last Update: Aug 12, 2012

Online payment fraud is a common and painful problem for eCommerce services and websites. The good news is that fraud can minimized and prevented using user data that is readily available before processing a transaction.

This class provides an API wrapper for the Maxmind Minfraud service for estimating the chance of fraud, and also automates some of the data gathering:

  • Finds potential proxy addresses using a list of known proxy headers
  • Hashes and splits domain of provided Email address
  • Adds various environment parameters if they are available
  • Communicates with the Minfraud service and formats the response as an easy to use associative array (instead of a query string)
  • Integrates with the PHP Paypal API component and provides methods to accept data directly from it.

Bundle: If you need Paypal integration with PHP as well, checkout the bundle of this component and the PHP Paypal API class component.

Hide

How it works

There are several indicators of possible fraud that are readily accessible:

  • User location (via geolocation) - distance between user location and billing location indicates possible fraud. In addition, several countries are considered high-risk for online payments.
  • Email address - free Email service address (such as Gmail, Hotmail and so forth) are much more likely to be used in fraud than private domain names.
  • Usage of a proxy - proxies are used to camouflage the indicators in the previous point, by attempting to disguise the real location of the user. It is not always easy to detect proxies, but Maxmind has a large database of known proxies and high-risk proxies to match against.
  • Credit-card security checks - such as AVS and CVC. Failure of those checks is a high risk of fraud.

For more in depth information, you should definitely read 8 steps to preventing online fraud (I am the author of that article).

Using the information gathered and by comparing to historical fraud data, Maxmind calculates a Risk Score that indicates the chance of fraud (from 0.01 to 100).

Hide

Usage

API Key

In order to use the service, you must obtain an API key from Maxmind.

Usage

Include the class, and call one of the testing methods, according to your needs.

include_once('Minfraud.php');
$minfraud = new Lionite_Minfraud();
$result = $minfraud - check($data);

Where $data includes the information you collect from your credit-card form or Paypal.

This class integrates with the PHP Paypal API class, and provides two methods for it.

For Express Checkout (transactions and recurring profiles):

include_once('Minfraud.php');
$minfraud = new Lionite_Minfraud();
$result = $minfraud - checkExpressCheckout($data);

Where $data is the information returned from getCheckoutDetails()

For Direct Payment:

include_once('../library/Lionite/Minfraud.php');
$minfraud = new Lionite_Minfraud();
$result = $minfraud - checkDirectPayment($data);

Where $data is the information submitted by the example form included in the component. You can add / modify some of the parameters if you have somewhat different field names.

SSL Certificate

The component includes the Mozilla SSL certificate used to authenticate the endpoint (Maxmind's service in this case). You can always obtain the latest version at the official cURL site.

The certificate is located inside the /Cert folder in the library folder. If you put the certificate in a different location, you need to adjust the $_SSLcertificate variable inside the class.

You need to log-in or create an account
  • Create an account
  • Log-in
Please use your real name.
Activation link will be sent to this address.
Minimum 8 characters
Enter your password again

Clicking this button confirms you read and agreed to the terms of use and privacy policy.

X

Save your watchlist

Fill your details below to receive project updates from your watch list - including new versions, price changes and discounts.

I agree to the terms of use and privacy policy.

2 licenses, starting from From » $19.99 14 day money-back guarantee View Licenses
or Get a quote

for customization or integration services

Post a comment

Or enter your name and Email
  • N Nathan 8 months ago
    Hi, The class has avs_result and cvv_result in the $_params array and the Minfraud documentation says: "To provide these fields you must run the AVS and/or CVV checks before calling minFraud." How are the AVS and CVV checks supposed to be run with the API? Thanks, Nate
    • Lionite Developer 8 months ago
      Hi Nathan, AVS and CVV checks are run by the credit-card processor. If you run it before calling minfraud, you can pass those results to Minfraud for more accurate risk scoring.
  • N Nathan 8 months ago
    Hi, I have two questions for you, if you don't mind. 1. Once I start using minfraud, I assume I should turn off PayPal's risk controls, correct? I'm referring to Profile->My Selling Tools->Managing risk and fraud 2. What threshold do you suggest using for declining orders with regards to the score returned by Minfraud? Thank you!
    • Lionite Developer 8 months ago
      Hi Nathan, 1. You shouldn't turn off Paypal's risk controls - it's an extra layer of security that covers stuff Minfraud does not have access to - such as suspicious Paypal account activity. 2 layers of security are better than one. 2. I usually allow transactions under risk score of 30. Above that, I approve manually up to 50. Anything above 50 I reject as fraud, and instruct the user to contact sales. If they do, I ask for additional proof, such as a copy of their ID with a name that matches their account.
  • N Nathan 10 months ago
    How does this compare to PayPal's built in fraud detection tools, such as the CVV and AVS checks?
    • Lionite Developer 10 months ago
      Hi Nathan, Paypal has its own fraud detection scoring, which involves CVV and AVS, which are both 2 separate systems used by banks and CC companies. Minfraud incorporates some additional factors, most notably its database of reported IP address to create a different scoring system that is very reliable. I can't comment much on Paypal's scoring algorithm, since there is no information available on it - but I know that Minfraud detects fraud that Paypal doesn't (from personal experience).