Wolfpaw's Fraud Screening and Detection by WolfPaw Hosting LLC

The module automatically:

• Declines high-risk orders before they incur gateway fees or chargebacks
• Blocks card-testing bots with IP velocity protection and session invalidation
• Sends detailed email alerts with complete fraud analysis for manual review
• Whitelists trusted IPs so phone and manual orders bypass screening
• Prevents fraud orders from reserving or depleting inventory
• Blocks specific countries using your MaxMind account settings

New in Version 10.7

IP Velocity Protection — Detects and blocks IP addresses that repeatedly trigger declined orders. Configure the maximum number of declines allowed within a time window and how long blocked IPs stay locked out. The block duration slides forward with each new attempt, so the attacker must go completely quiet before being released. Includes a velocity tracking table in the admin panel with view and clear controls.

Session Invalidation — When velocity protection blocks an IP, the module invalidates the customer's checkout session. This prevents sophisticated bot attacks where different IPs are used to set up the cart and submit payment. Without a valid session, the checkout is dead.

Daily Log Files with Admin Viewer — Logs are now stored as one file per day (UTC-dated) with automatic retention and purging. A built-in log viewer in the admin panel lets you browse and view log files without FTP access. Every screening event is logged with basket ID, order ID, risk scores, velocity tracking counts, and processing error dispositions.

UTC Timestamps Everywhere — All timestamps in logs, emails, and the admin UI use UTC for consistency. Miva servers run in various locations, merchants can be anywhere — UTC is the only time that means the same thing to everyone looking at the data.

Enhanced Email Notifications — New amber color scheme for velocity block alerts. Pending order ID now included in basket information. Collapsible technical details section with complete MaxMind response.

Continuing Features

Professional HTML Email Notifications — Beautiful, responsive email templates with color-coded alerts (red for declined, green for accepted, teal for whitelisted). Includes complete order details, customer info, shipping/billing addresses, and MaxMind analysis.

Redesigned Admin Interface — Modern card-based layout with clear visual organization. Settings grouped logically with helpful descriptions. One-click Test Connection button verifies your MaxMind credentials instantly.

CIDR Notation for IP Whitelisting — Unified IPv4/IPv6 whitelist field supports standard CIDR notation. Whitelist entire networks with entries like 192.168.1.0/24 or 2001:db8::/32.

Enhanced IP Detection — Automatically detects customer IPs behind CloudFlare, Akamai, nginx, and other services. Checks CF-Connecting-IP, True-Client-IP, X-Real-IP, and X-Forwarded-For headers.

Improved Logging — Pretty-printed JSON output for MaxMind API requests and responses. Consistent timestamp formatting makes it easy to troubleshoot issues. Automatic rotation at 100MB keeps things manageable.

Query Caching — Save money on MaxMind queries. When customers browse, add items, and check shipping costs, cached results are reused unless address information changes. Configurable expiration from 0-60 minutes.

Two Module Versions — System Extension for standard stores, plus a Component/Item version for custom one-page checkouts or heavily modified stores.

Three minFraud Service Levels — Choose Score (basic risk score), Insights (detailed risk factors), or Factors (complete analysis). Switch anytime based on your needs.

IPv6 compatibility — a top asked-for feature. Allows analysis of IPv6 incoming connections and IPv6 whitelisting.

Country Blocking — Configure blocked countries in your MaxMind account. Blocked countries automatically receive 100% risk scores.

How minFraud Works

MaxMind's minFraud system analyzes over 80 fraud indicators for each transaction, including geographic distance between the customer's IP and billing address, high-risk IP analysis, open proxy detection, free/high-risk email identification, phone number verification, shipping remailer detection, and behavioral patterns. The result is a risk score from 0-100% indicating the probability that an order is fraudulent.

You set your thresholds for email notifications and automatic declines. The module handles everything else — protecting your business while legitimate customers check out normally.

This module will help stop credit card testing and fraudulent orders. It can save you money on authorization fees, improve your merchant decline ratio, refund ratio and chargebacks - and may qualify you for lower credit card fees. The module sends merchants a fraud analysis email for each potential order or for only those exceed that exceed a preset risk score. If desired, the module can also reject potential orders that exceed a preset risk score before reaching the payment gateway.

Fraud screening includes analysis of numerous factors including the geographical distance between the location of the customer's browser to the claimed billing city, state and country; high risk IP address analysis; location of customer's telephone number and postal code; free and high-risk email address analysis; open proxy detection; shipping remailer detection, and more.