close
Wolfpaw's Fraud Screening and Detection

Wolfpaw's Fraud Screening and Detection by WolfPaw Hosting LLC

Annual License. New Version v10.8. Since 2009 the only antifraud solution that stops fraud and card testing bots before payment processing. Powered by Maxmind's minFraud network

$179.95

$149.95


Get Support

Description
WolfPaw ANTIFRAUD for Miva
WolfPaw's Fraud Screening and Detection - Version 10.8
Since 2009 the credit card fraud solution trusted by Miva in their own stores, by apps.miva.com, and by hundreds of miva merchants worldwide.

Block Fraud Before It Costs You

Pre-payment fraud screening powered by MaxMind's minFraud network. Every order is screened in real time — before your payment gateway is contacted. No order created, no payment captured, no chargeback.

Why Pre-Payment Screening?

Most fraud tools flag orders after payment. We block them before.

Orders blocked before checkout — High-risk orders are stopped before your payment gateway is contacted. No authorization fees, no chargebacks, no orders to reverse.
Card testing bots shut down automatically — IP velocity protection detects and blocks bots that submit hundreds of stolen card numbers in rapid succession. Blocked IPs consume zero MaxMind queries.
Smart query caching — When customers retry checkout with the same contact and address data, cached results are reused without consuming another MaxMind query.
Detailed email alerts — Color-coded HTML emails with risk score, customer details, IP analysis, and the full MaxMind response. Configurable thresholds let you choose which orders trigger notifications.
IP whitelisting with CIDR support — Whitelist trusted IPs so phone and manual orders bypass MaxMind screening. Supports individual addresses and CIDR ranges for both IPv4 and IPv6.
Google Storebot auto-whitelist — Automatically detects and whitelists Google Shopping verification tests using published CIDR ranges, reverse DNS, and IP caching. Zero MaxMind queries consumed.
Inventory protection — Fraudulent orders are blocked before payment, so they never reserve or deplete your available inventory.
Country blocking — Configure blocked countries in your MaxMind account. Orders from blocked countries automatically receive 100% risk scores and are declined.
Works behind CDNs and proxies — Automatically detects the real customer IP behind CloudFlare, Akamai, AWS, nginx, and other services for accurate geolocation and velocity tracking.
GDPR and CCPA compliant — Fraud prevention is recognized as a legitimate interest under GDPR and is explicitly permitted under the California Consumer Privacy Act.

What Merchants Are Saying:

"I can't imagine a merchant wanting to be online without this fraud protection module."

Rick Wilson, CEO, Miva Inc.

"Some criminal was using my website to test credit card numbers. Your module has saved my business."

Joe Knoche, Echo Records

"We have been using your app for four years and have not had a chargeback. Love it."

Bob Tenney, thethreadexchange.com

"I've been using this module VERY successfully for several years now in our Miva store."

Cale Reeder, cozywinters.com

Real-World Results: Card Testing Bot Stopped Cold

A merchant's store was hit by a card testing bot — 105 checkout attempts in under 20 minutes using randomized names, junk email addresses, and rotating IP addresses. Here's what happened with velocity protection enabled:

105 fraud attempts 0 reached payment 92 blocked by velocity $0.07 total cost to stop

Every order scored 99% risk and was declined instantly before reaching the payment gateway. After 5 declines, velocity protection blocked the IP. The remaining 92 attempts consumed zero MaxMind queries. Session invalidation forced the bot to rebuild its cart from scratch on every attempt.

When the bot rotated to a second IP, velocity caught it again. The bot gave up after about 20 minutes. Total cost: 13 MaxMind queries at approximately 7 cents.

New in Version 10.8

Google Storebot Auto-Whitelist — Google's Storebot verifies your Google Shopping product listings by running checkout tests on your store. Without auto-whitelisting, these tests consume MaxMind queries and trigger velocity blocks. The module now automatically detects and whitelists verified Google Storebot traffic using published CIDR ranges, reverse DNS lookups via Google's DNS-over-HTTPS service, and a Least Frequently Used (LFU) cache for instant recognition of returning IPs. Spoofed Storebot user agents from unverified IPs are screened normally. Enable with a single checkbox in the admin panel.

Storebot Email Notifications — Receive a single alert when Google Storebot activity begins each day, followed by a summary the next morning with a complete breakdown: total checkout tests, unique IPs, and how each was verified (CIDR, cached DNS, or new reverse DNS lookup). Anti-flooding limits notifications to two emails per active day — just the information you need without the noise.

Screening Statistics Dashboard — A real-time statistics card in the admin panel with three columns: Today, Yesterday, and All Time. Track total screenings, MaxMind queries consumed, queries saved (by cache, whitelist, Storebot, and velocity), risk accepts and declines, and processing errors. See at a glance how much the module is saving you. Includes a reset button with double-click confirmation, and a preserve option that protects your statistics when switching between module types or reinstalling.

New in Version 10.7

IP Velocity Protection — Detects and blocks IP addresses that repeatedly trigger declined orders. Configure the maximum number of declines allowed within a time window and how long blocked IPs stay locked out. The block duration slides forward with each new attempt, so the attacker must go completely quiet before being released. Includes a velocity tracking table in the admin panel with view and clear controls.

Session Invalidation — When velocity protection blocks an IP, the module invalidates the customer's checkout session. This prevents sophisticated bot attacks where different IPs are used to set up the cart and submit payment. Without a valid session, the checkout is dead.

Daily Log Files with Admin Viewer — Logs are now stored as one file per day (UTC-dated) with automatic retention and purging. A built-in log viewer in the admin panel lets you browse and view log files without FTP access. Every screening event is logged with basket ID, order ID, risk scores, velocity tracking counts, and processing error dispositions.

UTC Timestamps Everywhere — All timestamps in logs, emails, and the admin UI use UTC for consistency. Miva servers run in various locations, merchants can be anywhere — UTC is the only time that means the same thing to everyone looking at the data.

Enhanced Email Notifications — New amber color scheme for velocity block alerts. Pending order ID now included in basket information. Collapsible technical details section with complete MaxMind response.

Continuing Features

Professional HTML Email Notifications — Beautiful, responsive email templates with color-coded alerts (red for declined, green for accepted, teal for whitelisted). Includes complete order details, customer info, shipping/billing addresses, and MaxMind analysis.

Redesigned Admin Interface — Modern card-based layout with clear visual organization. Settings grouped logically with helpful descriptions. One-click Test Connection button verifies your MaxMind credentials instantly.

CIDR Notation for IP Whitelisting — Unified IPv4/IPv6 whitelist field supports standard CIDR notation. Whitelist entire networks with entries like 192.168.1.0/24 or 2001:db8::/32.

Enhanced IP Detection — Automatically detects customer IPs behind CloudFlare, Akamai, nginx, and other services. Checks CF-Connecting-IP, True-Client-IP, X-Real-IP, and X-Forwarded-For headers.

Improved Logging — Pretty-printed JSON output for MaxMind API requests and responses. Consistent timestamp formatting makes it easy to troubleshoot issues.

Query Caching — Save money on MaxMind queries. When customers browse, add items, and check shipping costs, cached results are reused unless address information changes. Configurable expiration from 0-60 minutes.

Two Module Versions — System Extension for standard stores, plus a Component/Item version for custom one-page checkouts or heavily modified stores.

Three minFraud Service Levels — Choose Score (basic risk score), Insights (detailed risk factors), or Factors (complete analysis). Switch anytime based on your needs.

IPv6 compatibility — a top asked-for feature. Allows analysis of IPv6 incoming connections and IPv6 whitelisting.

Country Blocking — Configure blocked countries in your MaxMind account. Blocked countries automatically receive 100% risk scores.

How the Module Works

MaxMind's minFraud system analyzes over 80 fraud indicators for each transaction, including geographic distance between the customer's IP and billing address, high-risk IP analysis, open proxy detection, free/high-risk email identification, phone number verification, shipping remailer detection, and behavioral patterns. The result is a risk score from 0-100% indicating the probability that an order is fraudulent.

You set your thresholds for email notifications and automatic declines. The module handles everything else — protecting your business while legitimate customers check out normally.

This module will help stop credit card testing and fraudulent orders. It can save you money on authorization fees, improve your merchant decline ratio, refund ratio and chargebacks - and may qualify you for lower credit card fees.

The module sends merchants a fraud analysis email for each potential order or for only those exceed that exceed a preset risk score. The module will also block potential orders that exceed a preset risk score before they reach the payment gateway.

Annual license • Free upgrades for v10.x included • For Miva v10.x and higher • Installation Support Available

v9.0 and v9.5 users - contact us for special upgrade pricing

Requires MaxMind minFraud account: ~$25 per 5,000 queries (less than ½¢ each)

View Documentation

Download Latest Version   |   Get Support   |   New MaxMind Account w/Free 1000 Query Trial

Reviews
Ratings Snapshot
5.0
out of 5
5 (4)
4 (0)
3 (0)
2 (0)
1 (0)
Would recommend this product.
100%

Customer Ratings & Reviews

4
Ratings Snapshot
5.0
out of 5
5 (4)
4 (0)
3 (0)
2 (0)
1 (0)
Would recommend this product.
100%
5.0
out of 5
5 (4)
4 (0)
3 (0)
2 (0)
1 (0)
Would recommend this product.
100%
4 Total Reviews
Outstanding fraud protection and even better support
5 out of 5
Alan
Location: Maine
Date: June 19, 2026
We've been running WolfPaw's Fraud Screening and Detection on bikeman.com for several years and it's been an essential part of our fraud prevention. But what really sets this module apart is the level of support and responsiveness from the developer. A few weeks ago, I started receiving a flood of velocity block notification emails from the module. Our store was getting hit with hundreds of checkout attempts over two days, and the module's IP velocity protection was doing its job — detecting the rapid-fire attempts and blocking them before they could reach MaxMind. No queries were consumed, but I was buried in alert emails and needed to understand what was happening. I sent copies of the antifraud logs to Jeff at WolfPaw for analysis. He and his team dug into the data and determined that every single connection was coming from Google's Storebot — Google's automated system that verifies product listings for Google Shopping. These weren't fraud attempts at all, but the module was correctly treating them as suspicious because of the volume and frequency. Jeff first helped me identify the Google IP ranges so I could add them to the manual whitelist. But he recognized that wasn't a scalable solution — Google rotates IPs and uses ranges that aren't always published. Within days, his team at Wolfpaw had built a dedicated Google Storebot auto-whitelist feature directly into the module. It verifies incoming traffic against Google's published CIDR ranges, performs reverse DNS lookups for IPs outside those ranges, and caches verified Google IPs for instant recognition on repeat visits. Confirmed Storebot traffic is automatically whitelisted without consuming any MaxMind queries. The best part is how the notification system works. Instead of getting hundreds of individual alerts, I now receive a single email when Storebot activity begins and a summary the next morning showing how many tests were run, how many unique IPs were involved, and how they were verified. Just the right amount of information without the noise. Beyond the Storebot solution, the module's core fraud screening has blocked numerous real card testing attacks on our store. The IP velocity protection automatically detects and blocks rapid-fire checkout attempts, stopping attackers before they can do damage. Orders that exceed the risk threshold are declined before payment processing, so fraudulent orders never reserve our inventory or result in chargebacks. What impresses me most is the support. When I reported the Storebot issue, Jeff didn't just suggest a workaround — his team at Wolfpaw analyzed our logs, identified the root cause, and built a permanent solution. The feature went from first report to tested and deployed in a matter of days. That kind of responsiveness and commitment to getting it right is rare with any software vendor. If you're running a Miva store, especially one with Google Shopping listings, this module is well worth the investment. It protects your store from real fraud while intelligently handling legitimate automated traffic
Recommended
Totally worth the investment
5 out of 5
Lockitt & Cyclebitz
Location: NC
Date: May 20, 2026
We used to spend a lot of time weeding out fraud orders and dealing with chargebacks. No more. Installed on two sites now for many years (previous version and new improved current one), this is simply a must have.
Recommended
Works well, great support from Wolfpaw
5 out of 5
James
Location: Phoenix
Date: May 14, 2026
Jeff at Wolfpaw was very helpful in getting this module working on my Miva site. I had purchased the original version, so was glad when a new version was brought back.
Recommended
A Must Have for MIVA Stores
5 out of 5
Zinbar
Location: Kansas City
Date: Apr9l 26, 2026
Hats off to Jeff and the entire team at WolfPaw. Our site was getting hit with a sophisticated bot attack. We were having thousands of attempts per day. They saw what was happening from the logs, took action and completely shut them down!
Recommended
4 Total Reviews
Developer Info

WolfPaw Hosting LLC

Wolfpaw Hosting LLC is a Miva Merchant Premier Hosting and Development Partner.

Website

www.wpcomp.com

Support Phone

201-569-1762

Support Email

Copyright © 1997 – 2026 Miva®, Miva Merchant®, MivaPay®, Camp Miva®, Miva Connect®, Vexture℠, Miva, Inc. All Rights Reserved.