What This Module Does
WolfPaw's Fraud Screening and Detection module integrates MaxMind's minFraud service with your Miva Merchant store. For approximately a half a cent per query, minFraud analyzes each potential order and returns a risk score indicating the probability that the order is fraudulent.
The module uses this risk score to:
- Decline high-risk orders before they reach your payment gateway
- Send you detailed email alerts for orders above your notification threshold
- Protect your business from chargebacks, excessive gateway fees, and reputation damage
- Prevent fraud orders from reserving or depleting inventory
MaxMind's risk scoring considers over 80 data points including:
- Geographic distance between the customer's IP location and billing address
- High-risk IP address analysis and open proxy detection
- Free and high-risk email provider analysis
- Phone number location verification
- Shipping address remailer detection
Learn more about minFraud risk scoring →
Sign up for a MaxMind minFraud account →
Purchase the WolfPaw Antifraud Module →
New in Version 10.5
Version 10.5 is a major update with significant improvements to the user interface, email system, and overall functionality:
Professional HTML Email Notifications
Beautiful, responsive email templates with color-coded alerts. Red for declined orders, green for accepted, teal for whitelisted. Emails includes detailed order basket information, customer data, shipping/billing addresses, and the MaxMind analysis results. In addition, MaxMind's complete technical response is provided in a drop-down section.
Redesigned Admin Interface
Modern card-based layout with clear visual organization. Settings are grouped into logical sections with helpful descriptions. Includes a Test Connection button to verify your MaxMind credentials.
CIDR Notation for IP Whitelisting
Unified whitelist field supporting both IPv4 and IPv6 with standard CIDR notation. Whitelist entire networks with entries like 192.168.1.0/24 or 2001:db8::/32.
Enhanced IP Detection
Automatically detects customer IP addresses even when your site is behind CloudFlare, Akamai, nginx, or other CDN/proxy services. Checks include CF-Connecting-IP, True-Client-IP, X-Real-IP, and X-Forwarded-For headers.
Improved Logging
Pretty-printed JSON output for MaxMind API requests and responses. Consistent timestamp formatting makes it easy to troubleshoot issues.
Query Caching
Save money on MaxMind queries. When customers shop around your site (adding items, checking shipping, etc.), the module caches query results. Subsequent checks reuse cached data - unless the customer changes their billing or shipping address - thereby eliminating unnecessary MaxMind queries and merchant notification emails.
How the Module Works
The module integrates with Miva Merchant's checkout flow at the payment/shipping selection page (OSEL). This ensures every potential order is screened—including COD orders, Simple Credit Card Validation, and offsite payment methods like PayPal. And ensures that fraudulent orders are blocked before they can reserve or deplete your inventory.
Here's what happens when a customer checks out:
- Customer enters shipping and billing information
- Module sends connection and customer data to MaxMind's minFraud API
- MaxMind returns a risk score (0-100%)
- Based on your threshold settings:
- If risk score ≥ your decline threshold → Order is declined
- If risk score ≥ your email threshold → You receive an alert email
- If risk score is below both thresholds → Order proceeds normally
The module includes fail-safe handling: if there's a connection error or MaxMind is unavailable, you can configure whether to accept or decline orders (default: accept). You can always receive an email notification when errors occur.
Recommended Starting Settings: Set the email threshold to 0% (get notified of every order) and the decline threshold to 100% (don't auto-decline anything). This lets you learn how the system works before enabling automatic blocking.
System Extension or Component Module?
The module package includes two versions. Choose based on your store's setup:
System Extension Version
Best for: Standard Miva stores with default checkout flow
How it works: Automatically activates at the OSEL page during checkout
File: wp_antifraudv10512_module.mvc
|
Component/Item Version
Best for: Custom checkouts, one-page checkouts, or heavily modified stores
How it works: You place a template tag on any page where the customer's billing and shipping address is known
File: wp_antifraudv10512_component.mvc
|
If you're unsure, start with the System Extension version. It works automatically for most stores.
Installation: System Extension Version
Follow these steps to install the system extension module:
1 Download and unzip the module package. Locate the file wp_antifraudv10512_module.mvc on your computer.
2 Open your Miva admin panel and click Settings in the main menu.
3 Click Domain Settings.
4 Click Modules in the top tabs.
5 Click the Add Module button.
6 Click Upload.
7 Click Choose File and navigate to your downloaded module file.
8 Select wp_antifraudv10512_module.mvc and click Open.
9 Click Upload to upload the module to your store.
10 Click Add to add the module to Miva Merchant.
11 Click Update. You'll see a confirmation message.
12 Go to Settings → Modules.
13 Find WolfPaw's Fraud Screening and Detection in the module list and click Install.
14 The configuration screen appears. Continue to the Configuration Guide below.
Installation: Component/Item Version
Use this version if you have a custom checkout or one-page checkout where the system extension doesn't fire correctly.
1 Download and unzip the module package. Locate the file wp_antifraudv10512_component.mvc.
2 Open your Miva admin and click Settings.
3 Click Domain Settings.
4 Click Modules, then Add Module.
5 Click Upload.
6 Click Choose File.
7 Find the module file wp_antifraudv10512_component.mvcclick to select and then click on Open.
8 Click Upload, then Add to install the module.
9 A message appears indicating that the module has been installed. Now click on Information and insure the Active box is checked. Then select Settings and then Modules.
10 Scroll through your installed modules and find WolfPaw's Fraud Screening and Detection. Click Install. This will install the module and display the configuration screen. Instructions for configuring the component module are provided below.
11 Now we'll add the component item to your checkout page (OSEL). Click on User Interface.
12 Navigate to Templates → Pages → OSEL Checkout: Shipping/Payment Selection (or your custom checkout page).
13 Add this code at the top of the template:
<mvt:item name="wp_antifraud" param="fraud_check" />
Click Update to save and then Items at the top.
14 Scroll down the list of items and find wp_antifraud. Turn the switch to On. It should turn green.
15 That completes the installation! Continue to the Configuration Guide below.
Configuration Guide
Configuration is the same for both module versions. To access the configuration screen:
- Go to Settings → Payment Settings
- Click WolfPaw's Fraud Screening and Detection in the module tabs
- If you don't see it, click the ... (more) button to reveal additional modules
Fraud Screening Status
Enable Fraud Checking
Master switch to turn fraud checking on or off. Uncheck to temporarily disable without removing the module.
Wolfpaw License
Module Registration Code
Enter the registration code you received when purchasing the module. This is tied to your Miva Domain License.
Accept License Agreement
Check this box to accept the End User License Agreement. Required to use the module.
MaxMind Configuration
MaxMind Account ID
Your numeric account ID from MaxMind. Find this in your MaxMind account dashboard.
MaxMind License Key
Generate a license key in your MaxMind account under Account → Manage License Keys. The field is masked for security; click the eye icon to reveal.
Test Connection
Click this button to verify your MaxMind credentials are working correctly. The result will show your account status and remaining risk score queries.
MinFraud Service Type
Choose your desired minFraud service tier:
- Score - Basic risk score only
- Insights - Score plus detailed risk factors
- Factors - Most detailed analysis with all contributing factors and reasons
Query Caching
Enable minFraud Query Caching
When enabled, minFraud queries and order accept/decline results are cached. Customers can browse and modify their cart without triggering additional queries unless their billing/shipping information changes ( thereby saving you money).
Cache Expiration
How long to keep cached queries (0-60 minutes). After this time, a new query will be sent. Set to 0 to clear the cache.
Email Notification Settings
Email From Address
The "From" address for notification emails (e.g., orders@yourstore.com).
Email To Address
Where to send notification emails. Separate multiple addresses with commas.
Cart Behind Proxy/CDN
Cart is Behind a Proxy or CDN
Enable this if your site uses CloudFlare, Akamai, a load balancer, or any proxy service and the module will check HTTP headers to find the customer's real IP address.
The results of the modules IP detection are shown. If the IP of the first connecting device to your server differs from the derived customers IP then you're behind a Proxy or CDN and you should check the box.
Whitelisting
Whitelisted IPs (CIDR Notation)
IP addresses or networks that should bypass fraud checking. Use standard CIDR notation:
- Single IPv4: 192.168.1.100
- IPv4 network: 10.0.0.0/8
- Single IPv6: 2001:db8::1
- IPv6 network: 2001:db8::/32
Separate multiple entries with commas. Useful for whitelisting your office IP for manual/phone orders.
Send Email Notification for Whitelisted Order
Check to receive notification emails when orders are received from whitelisted IPs.
Whitelisted Order Email Subject
What you would like to have appear as the subject for whitelisted email notifications.
Logging
Enable Logging
Records all MaxMind queries and responses to a log file. Essential for troubleshooting. The log auto-rotates at 100MB to one .bak file and then deleted.
Log File Name
Name of the log file. Default is fine for most stores.
Risk Thresholds
Risk Threshold for Email Notifications
You'll receive an email for any order with a risk score at or above this value. Set to 0% to get notified of every order (recommended when starting out).
Email Subject for Risk Notification Email
Subject line template for notification emails. The risk score and order status will be appended automatically.
Risk Threshold for Order Decline
Potential orders with risk scores at or above this value will be automatically declined. MaxMind recommends 3-5%, but start at 100% (no auto-decline) until you're familiar with the system.
Screen Message on Decline
Message shown to customers when their order is declined. Include your phone number so legitimate customers can contact you. HTML is allowed. Use [STORE_NAME] as a placeholder for your store name.
On Processing Error
Order Diposition on Processing Error
What to do if the module can't reach MaxMind or encounters an error:
- Accept Orders (recommended) - Let the order through, send you an alert
- Decline Orders - Block the order until the issue is resolved
Error Email Notification
Check to receive emails when processing errors occur. Email will include information on the nature of the error.
Processing Error Email Subject
Subject line for processing error notification emails.
Error Screen Message
Message shown to customers if their order is declined due to a processing error. Use [STORE_NAME] as a placeholder.
How to Find Your Miva Domain License
Your WolfPaw registration code is tied to your Miva Domain License number. You'll need this when purchasing the module.
1 Open your Miva admin and click Settings.
2 Click Domain Settings.
3 Your Miva Domain License is shown in the Information section on the line labeled License #.
Upgrading from Prior Versions
Upgrading from version 10.4.x or earlier? Follow these steps:
Important: Make a copy of your current configuration settings before upgrading. During the upgrade, the new version should find and use the configuration settings from the previous version. But to be safe taking a screen shot of your settings makes good sense.
- Record your current settings - Screenshot or write down your current configuration
- Upgrading to the new version - Go to Settings → Domain Settings → Modules. Scroll down, find and click on the old antifraud module to be upgraded. Then click on Information and uncheck Active.
Important:: Be sure to upgrade to the correct version - system extension or component - of the new module. To find out which you have check the module features on the information box. If it lists component as a feature then you are using the component version, otherwise the system extension module version.
Then click on Files → Upload. Click Choose File, find the version (system extension or component) of the v10.5 you want to install, click on it and then click on Open → Upload → Update. Click on Information and check Active and click on Update again. The new version of the module should be now be installed
- Check your settings - Verify the migration of your settings to the upgraded version and review the configuration instructions above to enter any new settings.
Whitelist Migration: If you had separate IPv4 and IPv6 whitelist fields in the old version, they will be automatically merged into the new unified field. Old prefix notation (like "192.168.1") will be converted to CIDR format (like "192.168.1.0/24").
Uninstalling and Deleting the Module
If the upgrade fails or you want to start fresh follow these steps to uninstall and delete the module:
Important: You'll need to know whether you're using the system extension or component version of the module. Easy way to find out - go to Settings --> Domain Settings --> Modules. Find and click on Wolfpaw's Fraud Screening and Detection module (or WP Fraud Screening and Detection). Then click on Information. If the Module Features include component, then you have the component version of the module. Otherwise you have the system extension version.
Uninstalling and Deleting the System Extension Version:
- Record your current settings - Screenshot or write down your current configuration
- Uninstall the old module - Go to Settings → Modules. Scroll down and find the WolfPaw's Fraud Screening and Detection module (may also be called WP Fraud Screening and Detection). Click on the three dots in the box with the module and then click on Uninstall.
- Delete the old module - Go to Settings → Domain Settings → Modules. Find and click on the old antifraud module, then click on Information and uncheck Active. Then click on the three dots next to Update, select Delete Module and then click on Delete.
Uninstalling and Deleting the Component Version:
- Record your current settings - Screenshot or write down your current configuration
- Identify the pages that are using the component item - Go to Settings → User Interface → Templates → click on Items. Scroll down to find Wolfpaw's Fraud Screening and Detection and click on it. Then select Pages. Scroll down and note which pages have the switch turned on ( to green). These are pages that have the component installed.
- Removing the item (component) from the page - From the Pages list click on the title of the page that has the component/item installed. Find the line in the page that uses the parameter 'Fraud Check'. It will look like this:
<mvt:item name="wp_antifraud" param="fraud_check" />
Delete the line or just replace the line with blanks. Then click Update.
- Unassign the item (component) from the page After removing the item code from the page click 'Items' above. Scroll down, locate Wolfpaw's Fraud Screening and Detection and turn the green switch off. Continue to remove the component/item from any other pages it might be on. When done, click on Settings lower left so the module can be uninstalled and deleted from your store.
- Uninstall the module - Click on Settings → Modules. Scroll down and find the WolfPaw's Fraud Screening and Detection module (may also be called WP Fraud Screening and Detection). Click on the three dots in the box with the module and then click on Uninstall. You will get a warning message alerting you it the component/item is still assigned to any pages. Go back and remove the component/item from the listed pages, if necessary. Otherwise the warning will confirm that the component/item is not assigned. Click Uninstall in the warning dialog.
- Delete the module - Go to Settings → Domain Settings → Modules. Find and click on WolfPaw's Fraud Screening and Detection module, then click on Information and uncheck Active. Then click on the three dots next to Update, select Delete Module and then click on Delete.
Tips & Best Practices
Getting Started
- Start conservative: Set email threshold to 0% and decline threshold to 100%. Review emails for a week or two before enabling automatic declining.
- Update your contact info: Make sure the decline message includes your real phone number so legitimate customers can reach you.
- Whitelist your office: Add your office IP to the whitelist so phone and manual orders don't trigger fraud checks.
Understanding Risk Scores
- Most legitimate orders have risk scores under 2%
- MaxMind recommends declining orders above 3-5%
- Start with a higher decline threshold (30-40%) and lower it as you gain confidence
Country Blocking
You can block orders from specific countries through your MaxMind account:
- Log into your MaxMind account at maxmind.com
- Go to minFraud → Country Block List
- Change any country to "Block" to automatically assign a 100% risk score
Calculating Your Optimal Decline Threshold
Use this formula to find a mathematically optimal threshold:
If (profit X (100 - riskScore)) > (fraudLoss X riskScore), accept the order
Where:
- profit = your margin if the order is legitimate
- fraudLoss = total cost if the order is fraudulent (product cost + shipping + chargeback fees)
Example: If your gross margin is 25% and fraud costs equal the order value, you'd decline orders with risk scores above 25%.
Query Caching
You can minimize MaxMind queries and unnecessary merchant notification emails by turning on query caching. When turned on the module will store a fingerprint (hash) of a customer's details so that it only queries MaxMind once for a risk score even though the customer may move back and forth through your store adding and removing items from the basket to check shipping cost and order totals unless, of course, he changes something like the shipping address, in which case, a new query would be generated. Merchant notification emails are likewise minimized. Here are some additional notes on Query Caching:
- All query caching activity is noted in the antifraud.log. That includes the customer details of baskets that were cached, those that matched cached entries and the disposition of baskets that matched a cached query.
- If query caching is turned on the module will cache queries that are declined, accepted and whitelisted.
- If the decline threshold is changed all cached declined and accepted queries will be cleared.
- If the IP whitelist is changed any cached whitelisted queries will be cleared.
- 10 to 15 minutes seems generally reasonable for the pruning TTL.
Default Screen Messages
The default screen messages for order decline and processing error have been redesigned. Here's what they look like. Unfortunately you have to do a complete re-install to get the defaults. Just updating the module will re-use your existing screen messages. If you'd like the new defaults we've provided the html code below. Just copy and paste the code in the screen text field on the module's admin screen.
Copy and paste the following HTML into your module configuration. These styled messages will be displayed to customers when orders are declined or when processing errors occur.
Screen Message on Order Decline:
<div style="max-width: 480px; margin: 30px auto; padding: 24px 32px; background: linear-gradient(135deg, #fff9f9 0%, #ffffff 100%); border: 1px solid #e8d4d4; border-left: 4px solid #983230; border-radius: 8px; box-shadow: 0 2px 12px rgba(152, 50, 48, 0.08);"><h2 style="margin: 0 0 12px 0; font-size: 18px; font-weight: 600; color: #983230;">Unable to Process Order</h2><p style="margin: 0 0 16px 0; color: #555; font-size: 15px; line-height: 1.6;">We are sorry, but we were unable to process your order at this time.</p><p style="margin: 0 0 16px 0; color: #555; font-size: 15px; line-height: 1.6;">Please verify that your billing and shipping information is correct, then try again. If you continue to experience issues, please contact us for assistance.</p><div style="margin-top: 16px; padding-top: 16px; border-top: 1px solid #e8d4d4; font-size: 14px; color: #666;"><span style="font-weight: 600; color: #444;">[STORE_NAME]</span> Customer Service</div></div>
Screen Message on Processing Error:
<div style="max-width: 480px; margin: 30px auto; padding: 24px 32px; background: linear-gradient(135deg, #fff5f5 0%, #ffffff 100%); border: 1px solid #f5d4d4; border-left: 4px solid #c9302c; border-radius: 8px; box-shadow: 0 2px 12px rgba(201, 48, 44, 0.08);"><h2 style="margin: 0 0 12px 0; font-size: 18px; font-weight: 600; color: #c9302c;">Temporary Processing Issue</h2><p style="margin: 0 0 16px 0; color: #555; font-size: 15px; line-height: 1.6;">We apologize for the inconvenience. Our order verification system is temporarily unavailable.</p><p style="margin: 0 0 16px 0; color: #555; font-size: 15px; line-height: 1.6;">Please wait a moment and try again. If the problem persists, please contact us and we will be happy to assist you with your order.</p><div style="margin-top: 16px; padding-top: 16px; border-top: 1px solid #f5d4d4; font-size: 14px; color: #666;"><span style="font-weight: 600; color: #444;">[STORE_NAME]</span> Customer Service</div></div>
Troubleshooting
- Orders not being checked: Make sure "Enable Fraud Checking" is turned on and you've accepted the license agreement
- Connection errors: Use the Test Connection button to verify your MaxMind credentials
- IP detection issues: If your site is behind a CDN, enable "Cart Behind Proxy/CDN"
- Check the log file: Enable logging and review the log for detailed error information
Need Help?
Email: antifraud@wpcomp.com
Website: www.wpcomp.com
WolfPaw's Fraud Screening and Detection Module
© 2009-2025 WolfPaw Hosting and Development LLC
Documentation updated December 2025
