Prevent online payment fraud using the Maxmind Minfraud service. This component provides an API wrapper for PHP that handles most of the manual process and integrates with the PHP Paypal API class.
Online payment fraud is a common and painful problem for eCommerce services and websites. The good news is that fraud can minimized and prevented using user data that is readily available before processing a transaction.
This class provides an API wrapper for the Maxmind Minfraud service for estimating the chance of fraud, and also automates some of the data gathering:
Bundle: If you need Paypal integration with PHP as well, checkout the bundle of this component and the PHP Paypal API class component.
There are several indicators of possible fraud that are readily accessible:
For more in depth information, you should definitely read 8 steps to preventing online fraud (I am the author of that article).
Using the information gathered and by comparing to historical fraud data, Maxmind calculates a Risk Score that indicates the chance of fraud (from 0.01 to 100).
In order to use the service, you must obtain an API key from Maxmind.
Include the class, and call one of the testing methods, according to your needs.
include_once('Minfraud.php'); $minfraud = new Lionite_Minfraud(); $result = $minfraud - check($data);
$data includes the information you collect from your credit-card form or Paypal.
This class integrates with the PHP Paypal API class, and provides two methods for it.
For Express Checkout (transactions and recurring profiles):
include_once('Minfraud.php'); $minfraud = new Lionite_Minfraud(); $result = $minfraud - checkExpressCheckout($data);
$data is the information returned from
For Direct Payment:
include_once('../library/Lionite/Minfraud.php'); $minfraud = new Lionite_Minfraud(); $result = $minfraud - checkDirectPayment($data);
$data is the information submitted by the example form included in the component. You can add / modify some of the parameters if you have somewhat different field names.
The component includes the Mozilla SSL certificate used to authenticate the endpoint (Maxmind's service in this case). You can always obtain the latest version at the official cURL site.
The certificate is located inside the
/Cert folder in the library folder. If you put the certificate in a different location, you need to adjust the
$_SSLcertificate variable inside the class.