Sorry, we didn't find any relevant articles for you.

Send us your queries using the form below and we will get back to you with a solution.

Security

Topics on Security

MinFraud

What should we set the Minfraud Value to? We default the value to 20 as that come ...

What should we set the Minfraud Value to?

We default the value to 20 as that comes from what Minfraud have suggested. The lower the number, the lower the risk tolerance and the more likely the Minfraud checks will fail a Payment. The higher the score, the higher your risk tolerance is and the more likely a transaction will be accepted.

Please see MaxMind Minfraud for some details about how the scoring works - please also go into the learn more on the Minfraud page. You may also wish to review their Understanding Risk Scoring page as well.

We have provided the ability for your organisation to change these values up or down. This will depend on the level of risk your organisation wishes to take and that is for you to determine. See the MinFraud Set Thresholds for the Risk Score for some guidance.

Minfraud is included as part of Payments2Us and provides an important role as one of the methods used to avoid fraud and card testing.

 
 

Can I disable Minfraud?

We have added MaxMind MinFraud risk scoring system to prevent fraudulent card testing activity on your Payment/Donation Form. It is not our recommendation to disable.

Additionally, some Payment Gateways such as Windcave charge on the basis of transaction attempts rather than successful transaction. Therefore if you were a target to Credit card washing attempts/fraudulent card testing activity, then in that case you will get charged for all these transaction attempts and you could be liable for these fees from the Payment Gateway. This is explained in 10(e) of our terms. Hence we do not recommend turning Minfraud off.

However, if you wish to disable, set the Minfraud Scores to 100 (hundred) on the Merchant Facility. Since no risk score can reach or exceed 100, configuring your threshold at 100 means the condition for fraud-based intervention will never trigger, allowing all transactions to pass through without minFraud influencing the outcome - effectively disabling its impact while keeping the integration in place.

 
 

What is the impact of disabling Minfraud

We do not recommend disabling Minfraud. It is an important security check. There are a lot of other checks as well and this is just one component.

You'll see some links and references in the “What should we set the Minfraud Value to?” FAQ above as to how the risk scoring works. At a high level it checks the data entered to see if all all matches and makes sense. This means, even if someone were to complete Captcha's successfully, they still could be pick up as fraudulent and stopped.

The risk of disabling is card testing or fraudulent transactions could be completed on your payment form. Therefore, we do not recommend turning Minfraud off. Rather we recommend that you inspect each transaction where the fraud risk is high and if it is a legit transaction then study patterns and increase risk score accordingly. 

 
 

Common Issues leading to High Score

Here are some of the common issues leading to a high fraud risk score:

  1. We noticed recently with our customer that they had chosen to not have "Country Field" on their checkout form and had a few overseas donors. Since City, Suburb i.e. address did not match the country - which was defaulting to Australia, MinFraud flagged this as HIGH RISK. This could have been easily avoided by having Country field on the form to cater for donors from all countries.
     
  2. Donor using a VPN could cause a high risk score as the details of data don't match and make sense e.g IP in Canada, address in Australia is likely a high score.
 
 

 

 

 

General Security related Questions

I have now allowed an IP Address, will the Transaction go through, or does the us ...

I have now allowed an IP Address, will the Transaction go through, or does the user need to re-submit

The card holder will need to resubmit the transaction.  The transaction was blocked.

 
 

I have marked an IP Address as allowed.  How long does it take until this comes into effect?

It should take effect straight away.

However, sometimes the forms are cached and it remembers previous settings. Doing a control+refresh should work to clear the cache.

Also, double check it has not been blocked again. The IP addresses are related to Merchant Facilities, so check that it is marked as allowed for all Merchant Facilities that you want to allow it for.

If still having issues, check the Error Log - Payments2Us as that describes the error in more detail.