Maxmind Fraud Prevention for Magento 2

MAXMIND FRAUD PREVENTION MINFRAUD FOR MAGENTO2.

About MaxMind Fraud Prevention minFraud For Magento 2.

Detect fraud and minimize risks, with this extension your Magento orders will be evaluated and receive a risk score, using MaxMind's Score, Insights and Factors Services, depending on which best suits your business.

Fraud detection is very important, and our Fraud Prevention and Risk Scoring module for Magento 2 will assist you in monitoring, detecting, and preventing fraud in your online store. This extension uses real-time fraud analysis from Maxmind , an industry-leading provider of IP intelligence and online fraud detection tools. The module determines the chance that a transaction is fraudulent based on multiple factors, including whether an online transaction comes from a high risk IP address, high risk email, high risk device, or anonymizing proxy.

The extension also comes with the possibility of reporting Chargebacks, which helps MaxMind detect about 10-50% more fraud specifically tailored to your company.

The MaxMind Fraud Prevention minFraud extension for Magento 2 is recommended by MaxMind.

How does the minFraud service work?

Separate from this extension, a Maxmind account is necessary, you can create one here. The module integrates Maxmind Risk Scoring service (from only $0.005 an order) with your Magento 2 store and identifies risky orders to be held for further review. For example, what if an order was placed from a computer in a suspicious country but the shipping address is in Germany? If this happens you should be able to identify those kind of orders. Suspicious orders will be flagged automatically by our extension. All your orders will be verified and scored for fraud risk using MaxMind minFraud service. Every order will get a score up to 100, which is the higher risk of fraud.

For example, what if an order was placed from a computer in a suspicious country but the shipping address is in Germany? If this happens you should be able to identify those kind of orders. Suspicious orders will be flagged automatically by our extension. All your orders will be verified and scored for fraud risk using MaxMind minFraud service. Every order will get a score up to 100, which is the higher risk of fraud.

Easy integration in your Magento 2 store

The module installs into your Magento store without having to modifying your code. Order scores are displayed in the summary Sales Order view and detailed information about the order score (and elements that contributed to it) is visible in each individual order.

Easy to use

After installation you just need to create a MaxMind account, fill in the credentials and your orders will be reviewed for fraud detection based on the risk threshold you set in admin, all orders which get a score above the threshold will appear in red and placed on hold for further review.

Features:

Prevent fraud by automatically placing On Hold orders with high score risk
Obtain important risk information about orders such as the IP address, email, device, or anonymizing proxy based on the selected MinFraud Service used
Instant fraud score check when order is placed
Cut costs by choosing specific Payment Methods on which you'd like the MaxMind scoring to apply
Granular Device Tracking capabilities
NEW: Defer JS option for increased performance
Minimize Chargeback costs
Customisable fraud score limit, set your own fraud score limit
Check only orders with a specified minimum order ammount
Automatic Email notification when an order is placed on hold due to high risk score.
IP exceptions, do not check fraud score from excepted IPs.
Force IP, possibility to use MaxMind services on local installations.
Includes support for the new Maxmind API, as well as for the Legacy API.
Includes the possibility of reporting Chargebacks, in order to help MaxMind detect more fraud for your company.

1 MINUTE INSTALLATION GUI.

Step 1:
Before installing please check the extension compatibility. This extension is currently compatible with the following Magento versions 2.0.X. - 2.4.5. It is recommended to install the extension first on a testing server before you install it on a live (production) server.
Step 2:
Copy the extension files to below paths of your magento 2 instance. If ‘app/code/WeltPixel’ folder is missing, please create it manually:
app/code/WeltPixel/Backend
app/code/WeltPixel/Maxmind

Optional
Copy the extension files into the below path of your Magento 2 instance. If the ‘app/code/WeSupply’ folder is missing, please create it manually:
app/code/WeSupply/Toolbox

Step 3:
Copy the installation GUI folder 'weltpixel-extension-installation' in the root of your Magento installation. In some Magento configurations the public root folder may be under 'pub' directory.
www.yourmagentostore.com/weltpixel-extension-installation/
Step 4:
In your browser go to www.yourmagentostore.com/weltpixel-extension-installation/ and simply follow the installation steps from the graphical interface, presented in your browser. See the installation video: 1 Minute Module Installation via browser GUI.
Step 5:
Wooohooo! The extension is now installed on your Magento store! Congrats!

Troubleshooting

If you experienced any issues or limitations with this quick GUI installation, see also SSH Installation below. SSH installation does the same thing but you are required to issue the commands step by step via CLI. Some servers may have high security configurations and may limit the functionality of this GUI Installer.

How to Install via SSH.

Step 1:
Before installing MaxMind Fraud Prevention Extension on a Magento 2 store please check the extension compatibility. This extension is currently compatible with the following Magento versions 2.0.X. - 2.4.5. It is recommended to install the extension first on a testing server before you install it on a live (production) server.
Step 2:
Copy the extension files to below paths of your magento 2 instance. If ‘app/code/WeltPixel’ folder is missing, please create it manually:
app/code/WeltPixel/Backend
app/code/WeltPixel/Maxmind

Optional
Copy the extension files into the below path of your Magento 2 instance. If the ‘app/code/WeSupply’ folder is missing, please create it manually:
app/code/WeSupply/Toolbox

Step 3:
Access the root of your magento 2 project from command line and run the following commands:
php bin/magento module:enable WeltPixel_Backend --clear-static-content
php bin/magento module:enable WeltPixel_Maxmind --clear-static-content
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy -f
Step 4:
Flush any cache that you might still have enabled on your server or in Magento.
Step 5:
Woohoo, the extension is installed!

How to Upgrade the extension.

Step 1. Remove extension code under app/code/WeltPixel/Maxmind before adding the new extension files. The extension may be refactored and old unused files may cause random issues so it's best to only keep the latest version of the files.
Step 2. Follow normal installation instructions above.

Magento Marketplace Installation.

If the extension was purchased from the Magento Marketplace, follow the instructions in this article: How to install extension if purchased from the Magento Marketplace
If asked for a license, follow the steps presented in section 7 of this article: License key for local / staging / development environment. Multi-store licensing.

CONFIGURATION.

In Admin > WeltPixel > Maxmind configuration > General Configuration, you can find the following settings:

Enable [Yes / No] - Enable/disable the Maxmind module.
Enable for Payment - Choose the Payment Methods for which you'd like the MaxMind scoring to apply. Hold CTRL to select multiple methods.
minFraud API Service - Select the right Maxmind minFraud Service for your business. For more details about the available services, check out the official Maxmind minFraud Service page.
Enable Chargeback Reporting - If Enabled, you can report Chargebacks to Maxmind. Go to an order and click on Chargeback to report chargeback.
Enable Device Tracking - If Enabled, Maxmind Device tracking javascript snippet is added to the pages. More info on Device Tracking Add-on for minFraud Services.
Initialize Device Tracking Script on - Choose specific pages on which you'd like to enable the Device Tracking functionality. Device Tracking is enabled by default on the Checkout, if the main option is set to Yes.
Score Threshold - Set the risk score threshold. All orders which receive a Maxmind Score above this threshold will appear in red (in the Order Grid and on the Order Page) in order to get your attention.
Hold Order [Yes / No] - Allows you to place on hold all orders that have been scored above the Score Threshold in order to allow you to decide upon the next steps.
Send email when order status is 'On Hold' [Yes / No]
Email address - Email address for notifications
Email Subject - Customize email subject
Email Content - Customize email content
Force IP - For debug only, this IP will overwrite the order IP address. Leave this field blank when you are using the module on a live store. If you are testing on a local installation or in an environment using a private IP, make sure to enable this option and add here a Public IP address in order to be able to use Maxmind Services on local environments.
IP Exceptions - Add IPs separated by comma. Orders placed from these IPs will not be checked for possible fraud.
Minimum Order Amount - Minimum amount for order to be checked for possible fraud. All orders above this threshold will be checked for possible fraud. Leave the field blank if you want all orders to be checked.
Defer the Maxmind JS - If enabled, the attribute “defer“ is added to the Maxmind JS script in order to speed up page loading.

CONNECTION CONFIGURATION.

In Admin > WeltPixel > Maxmind configuration > General Configuration, you can find the following settings:

Api Hostname - MaxMind automatically picks the data center geographically closest to you. In some cases, this data center may not be the one that provides you with the best service. You can explicitly try the following hostnames to see which one provides the best performance for you.
MaxMind License Key - The license key obtained from maxmind.com. In case you're using the Legacy minFraud services, please ask for this to be enabled on your MaxMind account.
Disable cURL Server Certificate Check - For temporary server certificate issue. You can set cURL to accept any server(peer) certificate.

How to use.

In Admin > Sales > Orders > you can check in the last column “Fraud Estimation” the risk score othe every order.

If an order has a risk score above the set threshold, you can view the score with red color. Depending on settings set, the order are automatically set ON HOLD

In Admin > Sales > Orders >View > Maxmind Fraud Detection you can check the entire report data.

In this tab you can find more information (depending on your MaxMind API service) about:

Risk score - The risk score assigned to the order.
Chargeback Reporting - Ability to report the current order as a Chargeback.
MaxMind Account information - Information about your account (Request type, ID, remaining credit).
IP Address Checks - Information regarding the location where the order was placed.
Email Checks - Information about the email address used.
Billing/Shipping Addres checks - Information about billing and shipping addresses used.
Subscores Checks - Numerical evaluation of the risk associated with each factor.
minFraud Inputs - A series of inputs sent to MaxMind in order to calculate the risk score.

All this information is visible for the administrator. Based on this information you can decide what to do with the orders which are above the threshold score and are set automatically ON HOLD, if the Hold order option is set to Yes.

Note: There may be certain pieces of information missing in this section. This is very likely because Magento does not store this information, and is therefore unable to send it to MaxMind.

Change Log.

What’s new in v.1.11.15 - March 22, 2023

Fixed an error that would sometimes be thrown in the WeltPixel Debugger, depending on various server permissions.
Added compatibility with the latest Magento 2.4.6 and 2.4.5-p2 versions.

What’s new in v.1.11.11 - November 23, 2022

Confirmed compatibility with the latest Magento Security Patch releases 2.4.5-p1 and 2.4.4-p2.

What’s new in v.1.11.7 - September 1, 2022

Performed various code cleanups related to PHP 8.1.
Confirmed compatibility with the latest Magento 2.4.5 and 2.4.4-p1 versions.
Updated installation/upgrade scripts to use data patches.

What’s new in v.1.11.1 - April 25, 2022

Fixed an incorrect licensing message on B2B Magento Enterprise instances which would display when an invalid license was entered.
Confirmed compatibility with the latest Magento 2.4.4 and 2.3.7-p3 versions as well as PHP 8.1.

What’s new in v.1.10.17 - October 22, 2021

Confirmed compatibility with the latest Magento 2.4.3-p1 and 2.3.7-p2 versions.

What’s new in v.1.10.15 - August 31, 2021

New Feature: Added a new admin option that can be used to defer JS in order to improve page loading performance.
Confirmed compatibility with the newly released Magento 2.4.3, 2.4.2-p2 and 2.3.7-p1 versions.
Added .localhost as an accepted domain termination for the licensing process.

What’s new in v.1.10.11 - July 7, 2021

Set scoring of all Payment Methods to be enabled by default.
Added improvments to the WeltPixel Developer Magento Admin section. Latest Cron Jobs now lists the last 100 executed Cron Jobs.

What’s new in v.1.10.9 - May 18, 2021

Confirmed compatibility with the newly released Magento 2.3.7 and 2.4.2-p1 versions.

What’s new in v.1.10.7 - March 26, 2021

New Feature: Added options for including/excluding Device Tracking from specific page types. This granularity ensures the tracking script only initializes where it needs to and avoids performance issues.
New Feature: Added options for including/excluding MaxMind scoring for specific Payment Methods. This ensures MaxMind credits are only used for required Payment Methods and saves costs.
New Feature: Added the possibility of enabling/disabling Device Tracking from the Magento Admin options.
Removed time zone from device tracking data. This prevented the device tracking from functioning in certain cases.
Excluded Magento 2.0.x - 2.2.x from new features and fixes starting with this release.
Adjusted WeltPixel Developer section comments.

What’s new in v.1.10.5 - February 12, 2021

Confirmed compatibility with the newly released Magento 2.4.2 version.
Added additional backend versioning verifications.
Backend module code optimizations.

What’s new in v.1.10.1 - October 22, 2020

New Feature: Added Device Tracking functionality based on MaxMind Services.
Added the possibility of including multiple email senders for the Hold Order email via the backend settings.
Confirmed compatibility with the newly released Magento 2.4.1 version.

What’s new in v.1.10.0 - August 10, 2020

Confirmed compatibility with the newly released Magento 2.4.0 version.

What’s new in v.1.9.8 - July 6, 2020

Fixed an issue that prevented the Exclude IP configuration option from working correctly. Orders from IPs listed here still received scoring from MaxMind. This should now function correctly.
Added an option to choose the desired email sender for the Hold Order Email functionality.
Whitelisted domain for Content Security Policies introduced in Magento 2.3.5.

What’s new in v.1.9.7 - May 7, 2020

Confirmed compatibility with Magento 2.3.5.
Implemented small Backend performance optimizations.
Added nxcli.net (Nexcess temporary URL) as a valid domain in the licensing process.
Added an option in the Developer section to allow for switching Magento's CSP between "report-only" and "restrict".

What’s new in v.1.9.6 - April 9, 2020

Added MaxMind scoring to orders placed via API.
Fixed a Backend issue on Magento Commerce whereby the Category Schedule functionality was not working properly.

What’s new in v.1.9.5 - March 10, 2020

Added backend Google reCaptcha compatibility for Magento 2.3.x

What’s new in v.1.9.4 - February 5, 2020

Fixed an error that occurred when creating orders via the Admin Section - the module no longer scores these orders.
Added translations.
Code enhancements for increased security. Changed User Group info collection method.
Confirmed compatibility for Magento 2.3.4.

What’s new in v.1.9.3 - January 15, 2019

Added support for the new Maxmind minFraud API (Score, Insights, Factors).
Added the possibility of reporting Chargebacks.

What’s new in v.1.9.2 - November 27, 2019

Fixed an error which occured upon module upgrade, in certain scenarios depending on the previous version.
Added Magento and PHP version in the WeltPixel Developer section.

What’s new in v.1.9.1 - October 16, 2019

Confirmed compatibility with the latst Magento 2.3.3 version.
Included the WeSupply Toolbox integration extension - Proactive Notifications Email & SMS, Returns & RMA, Store Locator, Delivery Date Estimate, Logistics Analytics, NPS & CSAT score. Get Free on-boarding and launch within 24 hours.

What’s new in v.1.9.0 - July 18, 2019

Confirmed compatibility with Magento 2.3.2.
Added HTTPS endpoint for licensing process.

What’s new in v.1.8.5 - June 7, 2019

Small performance improvements.

What’s new in v.1.8.4 - April 25, 2019

Added PHP version in the WeltPixel Developer Section.

What’s new in v.1.8.3 - April 3rd, 2019

Confirmed compatibility for Magento 2.3.1.

What’s new in v.1.8.2 - January 24, 2019

Helpcenter adjustment, removed zendesk iframe and added a simple link to our Support Center in order to avoid any potential conflicts with other admin js added by 3rd party extensions.
Fix for multiple rewritten ImageFactory classes, rewrite check validity, rewrite checks optimizations.

What’s new in v.1.8.0 - December 8, 2018

Compatibility adjustments for Magento 2.1.16/2.2.7/2.3.0.
PHP 7.2 compatibility added.
As Magento 2.3 comes with major core changes, we have provided a different set of files in order to achieve the best performance on each version.

What’s new in v.1.7.5 - October 24, 2018

Added detailed error messages for invalid licenses for an easier identification of the cause.
License improvements, added *.magento.cloud as a valid test domain for Enterprise Cloud environments. Now both ‘magentosite.cloud’ and ‘magneto.cloud’ can be used for testing purpose with the production domain license.

What’s new in v.1.7.4 - September 25, 2018

Admin menu styling to fit screen size 1366px.
Fix for production mode with merged JS - missing color pallet display now fixed.

What’s new in v.1.7.3 - August 23, 2018

License improvements, adding *.magento.cloud as a valid test domain.

What’s new in v.1.7.2 - August 2, 2018

Fixed admin random logout issue.
Licensing improvements, allowing 3 letter domain as valid domain.

What’s new in v.1.7.1 - July 12, 2018

Compatibility with Magento 2.2.5 both Open Source & Commerce Cloud B2B.
Added domain.test & [any_subdomain].domain.test to the list of valid urls for staging/development environments. Added domain validation with port number included for licensing purpose.
Added licensing compatibility with Magento B2B.

What’s new in v.1.7.0 - July 5, 2018

Added option to enable/disable WeltPixel admin notifications.
Show store and server related information under debugging tab: Magento Mode, Magento Edition, Server User, Magento Installation Path, Current server time, Latest cron jobs.
Added licensing, license key needs to be generated under weltpixel.com account for purchased product, based on domain name and added under your magento installation.

What’s new in v.1.1.1 - May 16, 2018

Compatibility with Magento 2.2.4, logger broken reference fix, changed to rewrite from plugin.

What’s new in v.1.1.0 - February 13, 2018

Added email notification functionality. Now you can configure to receive an email once an order is placed "On Hold" due to high risk fraud score.

What’s new in v.1.0.7 - January 12, 2018

Added version control for installed WeltPixel modules, including latest version check.

What’s new in v.1.0.6 - December 14, 2017

Added Support Center functionality in Magento Admin.
Added Debugger functionality, checks for rewrites and points potential issues.
Unserialization UTF8 decode fix.

What’s new in v.1.5.3 - September 20, 2017

Checked compatibility with Magento 2.2 and PHP7.1 - all ok, updated composer.
Updated documentation.

What’s new in v.1.0.4 - 04/10/2016

Composer dependency version changes

What’s new in v.1.0.2 - 02/09/2016

Added admin notifications

What’s new in v.1.0.1 - 05/05/2016

Removing the unnecessary dependency