Leader of the Pack in Miva Merchant Hosting, Zen Cart Hosting, Miva to Zen Cart Conversion and Custom Module Development and Programming    
Miva Hosting Zen Cart Hosting Dedicated Servers Non-eCom Hosting Reseller Program Modules Other Services  
Control Panel Support About Us Legal Notices

Wolfpaw Fraud Screening and Detection Module - MaxMind Integration - Miva Merchant Version

Documentation

Note: Versions of this module are available for Miva Merchant version 4 compiled (V4.14 and later) and version 5. The instructions provided below show screen shots for the V5 module. The V4 module is similar.

Wolfpaw has teamed up with MaxMind, makers of the GeoIP® location database, to bring the minFraud fraud screening and detection system to Miva Merchant. For less than one-half cent per query the minFraud system provides a risk score indicating the probability that a customer order is fraudulent. The risk score is based on a number of factors including: the geographical distance between the location of the customer's browser to the claimed billing address; high risk IP address analysis; location of customer's telephone number; free and high-risk e-mail analysis; open proxy detection; shipping remailer detection, etc.

For more information on the minFraud system and risk scoring

To signup for a minFraud account

To purchase this module

How the module works

In order to insure that all potential customer orders are checked for possible fraud we have integrated the fraud checking into Miva Merchant just before payment gateway authorization. Thus all orders are checked - even COD, Simple Credit Card Validation and offsite credit card entry gateways such as PayPal and Amazon. This allows fraudulent orders to be dropped prior to credit card authorization thereby reducing authorization fees, improving your merchant decline ratio, refund ratio and chargebacks - and possibly qualifying you for lower credit card fees.

To protect against false negatives (loss of legitimate orders) we have provided for extensive logging, decline and email notification thresholds and custom screens allowing merchants to notify customers to check their billing and shipping address entries and/or call to place their orders manually.

To prevent module processing or minFraud server connections errors from halting your store the module can be configured to email the merchant and accept all orders in the event of an error (this is the default). Also, to prevent an over-sized log file from halting Miva Merchant the module rotates the antifraud log file after it has reached 20MB's.

Until you become familiar with the module we recommend that you leave logging turned on, email notification threshold set to '0%', and the decline threshold set to 100%. This will insure that all legitimate orders are accepted and you can manually review suspect orders before you ship. Afterwards you can raise the email notification threshold and lower the decline threshold to numbers you are comfortable with.

Module Installation

1. Download the module from MivaCentral and unzip on your local PC. The name of the file is 'wp_antifraudv4.mvc' or 'wp_antifraudv5.mvc' depending on your Miva Merchant version. Note the location of the module file on your local PC.

2. Open your Miva Merchant admin control panel and navigate to Global Settings > Module (Add). Click on 'Add'.

3. Click on Upload - an upload window will open.

4. Click on 'Browse' to locate the wp-antifraud.mvc module in your local PC.

5. Browse to the location of the module. Click on the file name to select and then click 'Open'.

6. In the 'Upload File' window click on 'Upload'.

7. Now click on 'Add' to install the module.

8. The Antifraud - MaxMind Integration module is now installed.

Module Configuration

1. Open your store settings menu and click on 'Payment Settings'.

2. In the 'Payment Settings' window enable the Antifraud module by checking the box to its right and clicking on 'Update'.

3. The module is enabled. Click on the tab 'Antifraud - MaxMind Integration'.

4. Enter your License Key and read the License Agreement. If you accepts the Terms and Conditions of the License Agreement check the box and click 'Update'.

5. The license key is accepted. Now click on the 'Antifraud - MaxMind Integration' tab again to begin configuration of the module settings.

6. The module settings are shown in the above image. A description of each setting follows.

7. Enable Fraud Checking: Checking this box turns fraud checking on - otherwise it is off.

8. MaxMind License Key: This module integrates with the MaxMind minfraud system. You will need a minFraud account and license key. Enter the license key here. You can obtain a minFraud license at this URL http://www.maxmind.com/app/ccv_buynow.

9. MaxMind Service Type: Select 'Standard'. The 'Premium' service is not used in this version of the module.

10. MaxMind Primary and Secondary URL: These are the URLs for the MaxMind servers. The default selections are the current URLs. If MaxMind changes the URLs in the future you can make an adjustment here.

11. Enable Fraud Analysis Logging: This should be checked. The log provides a complete record of the queries sent to the MaxMind server and the responses sent back. The log is automatically rotated after it reaches 20MB's - approximately 20,000 queries.

12. Log File: Name of the log file. You can leave this as is.

13. A note about risk thresholds. The MaxMind minFraud system calculates the probability that an order is fraudulent. Please read the information here and here to understand how the minFraud system works.

13. Risk Threshold for Email Notification. You can set this to 0% and get a fraud analysis email for every order or minimize the emails by raising the threshold slightly. You should set this to 0% at the outset so you can develop an understanding of how the system works and the risk scores for normal orders.

Click on the thumbnails below for examples of merchant notification emails.

suspicious order

normal order

14. Email Subject: The subject line that will be used for email notifications. The risk score and whether the order was accepted or declined will also appear on the subject line of the email.

15. Risk Threshold for Order Decline: The risk score (probability the order is fraudulent) at which you will decline an order. You may wish to set this 100% and decline orders later based upon the email notifications or set it to a lower number in the 50 - 60% range and minimize your credit card decline ratio, chargebacks and dings to your Merchant reputation.

16. Screen Message on Order Decline: Message that appears on the screen notifying the user his order is declined. You can add html tags. Our default message asks the user to call a telephone number for asistance. If you will be using this message be sure to add your correct phone number.

17. Email Notifications Address: Enter the addresses you want notifications sent to and the address to appear on the 'From' line of these emails. Separate multiple email addresses with commas.

18. On Processing Error: In the event the module encounters a processing error or cannot reach the MaxMind servers you can either accept or decline orders and send an email notifcation. The recommended default is to accept orders and send an email. You can also specify the subject to appear on the email.

19. Screen Message on Processing Errors: Message that appears on the screen when the modules encounters a processing error.

Tips:

Change the 'email-to' address for notifications to your email address and put your phone number in the screen decline and processing error messages.

The default email notification and decline threshold settings are very conservative. The risk score for email notifications is set to 0% - this means you'll get a fraud analysis email for every order attempt. The risk score for order decline is set to 100%. This means no orders will be declined by the module.

After you get used to the email notifications try raising the risk score for email notifications to 3%. We find that most legitimate orders have risk scores under 2%.

If you want to block fraudulent orders from passing to your payment gateway then reduce the risk score for order declines to 40% and make sure the 'decline message' in the module's configuration says what you want (correct phone number, etc) - so a legit customer will call you if he accidently gets blocked.

Mathematically you can calculate the risk score to use. You'll want to make sure that the average profit gained by accepting an order is greater than the average cost of accepting it. Here's a simplified formula to help you with this calculation. Please note that this is a generalization and does not apply in every case

If (profit on the order) * (100 - riskScore) > (fraud loss) * riskScore, then process the order.

Here the 'profit on the order' is the money you would make if the order is legitimate and the 'fraud loss' is how much you would lose if the order were fraudulent (e.g. shipping, chargeback fees, cost of goods, etc.).

On a very simplified basis if you assume no shipping cost or chargeback fees then if your gross margin is 25% you would decline any order with a fraud probability higher then 25%.

 

 
- copyright © 1998-2013 Wolfpaw Hosting LLC., all rights reserved -