Leader of the Pack in Miva Merchant Hosting, Zen Cart Hosting, Miva to Zen Cart Conversion and Custom Module Development and Programming    
Miva Hosting Zen Cart Hosting Dedicated Servers Non-eCom Hosting Reseller Program Modules Other Services  
Control Panel Support About Us Legal Notices

Wolfpaw Fraud Screening and Detection Module - Miva Merchant - v9.501

Installation and Configuration

Note: The system extension and component/item versions of this module work with Miva v5.5 and v9.x. Both versions are included in the package you've received. The instructions provided below show screen shots for the module installation on Miva v9.3. The screens for V5.5 are similar.

Description

New Features in Version 9.501

How the Module Works

Installation - System Extension Module Version

Installation - Component/Item Module Version

Module Configuration

Upgrading from Prior Versions

Switching Between System Extension and Component/Item Versions

Tips and tricks

Description

Wolfpaw has partnered with MaxMind, makers of the GeoIP® location database, to bring the minFraud fraud screening and detection system to Miva Merchant. For less than one-half cent per query the minFraud system provides a risk score indicating the probability that a order is fraudulent. The risk score is then used by the Wolfpaw Fraud Screening and Detection Module to accept or decline an order before sending the customer's information to the payment gateway for approval. Alternatively the merchant can use the notification emails to cancel orders after invoicing. This helps protect the merchant from chargebacks, excessive payment gateway fees, and reputation issues resulting from hackers testing card numbers, stolen cards, and various other forms of fraud.

The risk score is based on a number of factors including: geographical distance between the person placing the order and the customer billing address; high risk IP address analysis; location of customer's telephone number; free and high-risk e-mail analysis; open proxy detection; shipping remailer detection, etc.

For more information on the minFraud system and risk scoring

To signup for a minFraud account

To purchase this module

To update to v9.501

New features in Version 9.501

IP whitelisting - top asked-for feature. Take manual orders without triggering the module, damaging your IP's reputation or wasting MaxMind queries. Allows you to list IP addresses and networks to be whitelisted. Orders from whitelisted IPs will not trigger a fraud check.

Extracts customer IP from http headers - Allows the module to obtain the customer's IP address and check for fraud even when the website is behind a proxy, content delivery network (CDN), load balancer, or translation server (e.g. Global Nimbus).

Component/Item module version - we've included a second version of the module that installs as a component/item that you can add to any page in which the customer's shipping and billing address is known. Designed for use with one-page checkouts or heavily modified stores where the system extension module fires too often or not at all.

Uses Miva's global mailing configuration - module's merchant notifications are sent using the global mailing configuration in your domain settings.

Country blocking - uses the settings in your MaxMind account to allow or deny orders from any number of countries.

How the Module Works

The system extension version of the module is integrated into Miva Merchant at the start of the OSEL (payment/shipping method selection) page. This insures all orders are checked - even orders using COD, Simple Credit Card Validation and offsite credit card entry gateways such as PayPal and Amazon. Fraudulent orders can then be declined prior to credit card authorization. This can reduce your gateway fees, improve your merchant decline ratio, refund ratio and chargebacks and possibly qualifying you for lower credit card fees. This also works to help stop hackers testing credit cards.

The module collects data about the order - customer billing and shipping addresses, phone numbers, email addresses and most importantly the IP address being used - forwards it to MaxMind and instantly gets a response with a fraud score and information about the IP address and the order. That information includes the actual location of the person placing the order, the geographical distance between the IP address and the customers billing address, whether he/she is hiding behind anonymous proxy, whether he/she is using a free email account, whether the phone number matches the billing location, whether the shipping address matches the address of known remailers. The IP address is compared against a continually updated database of suspicious IPs. The fraud score that is returned represents MaxMind's determination of the probability that the order is fraudulent.

An email with the above information can be sent to you for all orders or only orders over a certain fraud score. Likewise, the module can automatically decline orders over a certain fraud score. This is extremely helpful if you're getting bombarded by credit card testers - it just cuts them off - and helps prevent reputation issues with payment gateways and off-site payment systems like PayPal and Amazon.

The module allows you to whitelist IP addresses. The module will not check fraud or generate a MaxMind query for an order from a whitelisted IP. Generally you'll want to whitelist your own IP and the IP's of your branch offices. That will also prevent fraud score issues when you process manual orders (e.g. geographical distance between you and your customer).

If your website is on a server that is behind a load balancer, a translation server, proxy server or content delivery network (CDN) you can select to have the module analyze the HTTP headers to find the customer's actual IP address and use that in the analysis. (Note: If this is turned on http headers are examined in the following order to extract the customer IP - http_client_ip, http_x_forwarded_for, http_x_forwarded, http_x_cluster_client_ip, http_forwarded_for, http_forwarded.)

The component/item version of the module works similarly but lets you place the 'item' that triggers the module anywhere on any page as long as the customer shipping and billing addresses are known and before payment authorization. Typically this would be the OSEL and OPAY pages but could also be any page added to the checkout process. This version is a little harder to install but is most useful for one-page checkouts or heavily modified stores where the system extension version either won't trigger or triggers too often during a single checkout.

To protect against false negatives (loss of legitimate orders) the module provides extensive logging, decline and email notification thresholds and custom screens allowing merchants to notify customers to check their billing and shipping address entries and/or call to place their orders manually.

To prevent module processing or minFraud server connection errors from halting the checkout process the module can be configured to email the merchant and accept all orders in the event of an error (this is the default). Also, to prevent an overly large log file from halting Miva Merchant the module rotates the antifraud log file after it has reached 50MB's.

Until you become familiar with the module we recommend that you leave logging turned on, email notification threshold set to '0%', and the decline threshold set to 100%. This will insure that all legitimate orders are accepted and you can manually review suspect orders before you ship. Afterwards you can raise the email notification threshold and lower the decline threshold to numbers you are comfortable with.

Installation - System Extension Module Version

1. Download the module from apps.miva.com and unzip on your local PC. The name of the file is 'wp_antifraudv9501_module.mvc'. Note the location of the module file on your local PC.

2. Open your Miva admin and select Modules from the main menu.

3. Click the plus sign to add a module.

4. In the Add Module window click Upload.

5. In the Upload File window check Overwrite and then click Browse.

6. Find the module file wp_antifraudv9501_module.mvc click it to highlight the file and then click Open.

7. The Upload File window will reappear. Click Upload to upload the module to your store.

8. Click Add to install the module in Miva Merchant.

9. A message appears indicating that the module has been installed. Now click Information.

10. Verify the Active box is checked and click Update.

11. Return to the Main Menu and click Payment.

12. In the Payment Settings window select Add/Remove Modules. Note: Although technically this is a system extension module all configuration is done from the Payment Settings.

13. Find the module in the Available Modules section and click Install.

14. Enter the license key you received from Miva Apps (or Miva Central). Then read the License Agreement and signify your agreement by checking the box. Then click Update.

15. The configuration screen appears. See Configuration below to continue.

Installation - Component/Item Version

1. Download the module from apps.miva.com and unzip on your local PC. The name of the file is 'wp_antifraudv9501_component.mvc'. Note the location of the module file on your local PC.

2. Open your Miva admin and select Modules from the main menu.

3. Click the plus sign to add a module.

4. In the Add Module window click Upload.

5. On the Upload File window check Overwrite and then click Browse.

6. Find the module file wp_antifraudv9501_component.mvc click it to highlight the file and then click Open.

7. The Upload File window will reappear. Click Upload and then Add to upload and install the module.

8. A message appears indicating that the module has been installed. Now click Information and insure the Active box is checked.

9. Return to the Main Menu and click Payment.

10. In the Payment Settings window select Add/Remove Modules. Note: Although this is a component/item module all configuration is done from the Payment Settings.

11. Find the module in the Available Modules section and click Install.

12. Enter the license key you received from Miva Apps (or Miva Central). Then read the License Agreement and signify your agreement by checking the box. Then click Update.

13. Return to the Main Menu and select User Interface.

14. Select Items and find the Wolfpaw Fraud Screening and Detection module. Click on the Edit icon.

15. Verify that the Item Code wp_antifraud has been setup for the module. If not create it and then be sure to click Update.

16. We'll demonstrate adding the item to the OSEL page. Click on Pages in the User Interface window. Find the OSEL page and click on the Edit icon.

17. The template information for the OSEL page appears. Find the window labeled Details and enter the following line at the top of the window as shown above:

<mvt:item name="wp_antifraud" param="fraud_check" />

This inserts the module at the start of the OSEL page so that it will be triggered in the checkout process when the OSEL page loads.

18. Click Items at the top of the OSEL page.

19. Find the module in the list of items available to the OSEL page and activate it for the OSEL page by hovering over the toggle switch until it moves to the right and turns green.

20. The module is now activated and assigned to the OSEL page. Pull down the Main Menu and select Payment so we can proceed with configuring the module.

Module Configuration

Configuration is the same for the system extension and component/item versions of the module. To get to the configuration screen pull down the Main Menu and click Payment. Then select Wolfpaw Fraud Screening and Detection from the top menu. If the name of the module does not appear in the top menu click the continuation icon (...) to see additional payment modules. The configuration screen appears as follows:

The module settings are shown in the above image. A description of each setting follows.

Enable Fraud Checking: Checking this box turns fraud checking on - otherwise it is off.

MaxMind License Key: This module integrates with the MaxMind minfraud system. You need a minFraud account and license key. Enter the license key here. You can obtain a minFraud license at this URL http://www.maxmind.com/app/ccv_buynow.

MaxMind Service Type: Select 'Standard'. The 'Premium' service is not required for this version of the module.

MaxMind Primary and Secondary URL: These are the URLs of the MaxMind servers. The default selections are the current URLs. If MaxMind changes the URLs in the future you can make an adjustment here.

Email Notifications - Email From Address: The module is designed to send you merchant notifications by email. Enter the address you would like to have appear in the 'From' line of these emails.

Email Notifications - Email To Address: Enter the address(es) you would like to have merchant notification emails sent to. Separate multiple email addresses with commas.

Cart Behind a Proxy, Load Balancer, CDN: If your website is behind a proxy server, load balancer, content delivery network (CDN), or translation server the IP address of the device communicating with the website will not be that of the customer's browser. Checking this box will cause the module to scan the http request headers for the forwarded IP address of the customer.

The test results shown on the configuration screen will help determine if you need to enable this feature. Shown on the configuration screen is the the IP address of the device communicating with your website and the IP of your browser as extracted from the http headers. If these IP's are different you should enable this feature. Also, if you're using a translation service such as Global Nimbus you'll want this feature enabled.

Whitelisted IP's: Enter the IP addresses you want whitelisted. Separate multiple IP addresses with commas. You can enter network octets such as 192.168.1 to whitelist blocks of IP's. Queries will not be sent to MaxMind for orders from whitelisted IPs.

On Whitelisted IP - Email Notification: Check this box to be notified if an order is received from a whitelisted IP address.

On Whitelisted IP - Email Subject: The subject line that will be used in merchant notifications emails for orders from a whitelisted IP addresses.

Enable Fraud Analysis Logging: This should be checked. The log provides a complete record of the queries sent to the MaxMind server and the responses sent back. The log is automatically rotated after it reaches 50MB's - approximately 50,000 queries.

Log File: Name of the log file. You can leave this as is.

Risk Threshold for Merchant Notification Emails: You can set this to 0% and get a fraud analysis email for every order or minimize the emails by raising the threshold slightly. You should set this to 0% at the outset so you can develop an understanding of how the system works and the risk scores for normal orders.

Click on the thumbnails below for examples of merchant notification emails.

 

suspicious order

normal order   whitelisted order

Email Subject for Merchant Notification Emails: The subject line that will be used for fraud analysis emails. The risk score and whether the order was accepted or declined will also appear on the subject line of the email.

Risk Threshold for Order Decline: The risk score (probability the order is fraudulent) at which an order should be declined. You should set this to 100% to start and then lower it as you become experienced. Generally legitimate orders will have a risk threshold of under 0.50%. MaxMind recommends setting the decline threshold at between 3% and 5%. However, every merchant's customer base is different and you'll need to decide what's best for you.

Screen Message on Order Decline: Message that appears on the screen notifying the customer his order is declined. You can add html tags. Our default message asks the user to call a telephone number for asistance. If you use this message be sure to include your correct phone number.

On Processing Error - Order Disposition: In the event the module encounters a processing error or cannot reach the MaxMind servers you can either accept or decline orders. The recommended default is to accept orders.

On Processing Error - Email Notification: Enables merchant notification in the case of a processing error.

On Processing Error - Email Subject: Email subject for merchant notification in the case of a processing error.

Screen Message on Processing Errors: Message that appears on the screen to the customer if the module encounters a processing error.

Upgrading from prior versions

You can follow the initial install instructions above. The module will update its database with new fields as necessary. If asked for your module's license key enter the original key received from Miva Apps/Central when you purchased the module.

Switching between system extension and component/items versions of the module

You should fully remove and delete the module before installing the alternate version. If you are switching from the component/item version be sure to remove the item from the page template, disable the item on the list of items available to the page, and delete the item itself before removing and deleting the module.

Tips and Tricks

You can block any number of countries from ordering on your website. Go into your MaxMind account and click on 'Country Block List.' All countries are listed. Change the radio button next to a country to 'Block' and the Risk Score for transactions originating from that country will be increased to 100.

Change the 'email-to' address for notifications to your email address and put your phone number in the screen decline and processing error messages.

The default email notification and decline threshold settings are very conservative. The risk score for email notifications is set to 0% - this means you'll get a fraud analysis email for every order attempt. The risk score for order decline is set to 100%. This means no orders will be declined by the module.

After you get used to the email notifications try raising the risk score for email notifications to 3%. We find that most legitimate orders have risk scores under 2%.

If you want to block fraudulent orders from passing to your payment gateway then reduce the risk score for order declines to 30% - 40% to start and make sure the 'decline message' in the module's configuration says what you want (correct phone number, etc) - so a legit customer will call you if he accidently gets blocked. MaxMind recommends using 3% - 5% as the decline threshold but you'll need to decide if that's right for you.

Mathematically you can calculate the risk score to use. You'll want to make sure that the average profit gained by accepting an order is greater than the average cost of accepting it. Here's a simplified formula to help you with this calculation. Please note that this is a generalization and does not apply in every case

If (profit on the order) * (100 - riskScore) > (fraud loss) * riskScore, then process the order.

Here the 'profit on the order' is the money you would make if the order is legitimate and the 'fraud loss' is how much you would lose if the order were fraudulent (e.g. shipping, chargeback fees, cost of goods, etc.).

On a very simplified basis if you assume no shipping cost or chargeback fees then if your gross margin is 25% you would decline any order with a fraud probability higher then 25%.

 

 
- copyright © 1998-2015 Wolfpaw Hosting LLC., all rights reserved -