Real Time Fraud Detection & Blocking

MaxMind is a leading provider of IP intelligence and online fraud detection, trusted by thousands of businesses worldwide. Their minFraud service analyzes over 80 data points for every transaction — including IP geolocation, email reputation, proxy detection, device fingerprinting, billing/shipping address distance, and transaction velocity across millions of merchants — to generate a real-time risk score indicating the probability that a transaction is fraudulent. MaxMind offers three service tiers: Score (basic risk number), Insights (risk factors and IP data), and Factors (full explanatory analysis with human-readable risk explanations).

Real Time Fraud Detection & Blocking integrates MaxMind's minFraud service with Adobe Commerce and Magento Open Source to stop fraudulent orders and card testing bots before they reach your payment gateway. Unlike most fraud detection extensions that flag orders after payment has already been processed — leaving you with chargebacks, gateway fees, and wasted time reversing transactions — this extension screens every order through the minFraud network before your payment gateway is ever contacted. Fraudulent orders are stopped at checkout: no order created, no payment captured, no chargeback filed. Smart Query Caching minimizes MaxMind query consumption by reusing results when customers retry with identical data, and IP Velocity Protection automatically detects and blocks card testing bots that make repeated declined attempts.

Account & Pricing

A MaxMind minFraud account is required to use this extension. The account is not created during extension installation and must be set up separately. To create an account, visit the MaxMind minFraud signup page. A free trial with 1,000 queries is available. After the trial, queries cost approximately $0.005 each (about half a cent per order). For pricing details, visit the MaxMind minFraud pricing page. MaxMind minFraud account setup and billing is handled directly through MaxMind — there are no additional fees from WolfPaw beyond the extension subscription.

Features

• Pre-payment fraud screening — Orders are screened at quote submission, before any payment charge. High-risk orders are declined instantly with a customizable merchant message. No order is created, no payment is captured.
• IP velocity protection — Detects and blocks card testing bots by tracking declined checkout attempts per IP address. When declines exceed your configurable threshold within a configurable duration, the IP is automatically blocked. The checkout session is destroyed and the cart emptied, forcing the bot to start over. The IP must remain quiet for a configurable period before it can place orders again.
• Smart query caching — When a customer retries checkout with identical address and contact data, the cached screening result is served without consuming another MaxMind minFraud query. Cache is automatically purged when you change your whitelist or risk thresholds, so cached decisions always reflect current settings.
• Professional email notifications — Six color-coded HTML email alerts give you instant visibility into every screened order: fraud report (accepted), fraud report (declined), velocity block alert, whitelist bypass notification, processing error (accepted), and processing error (declined). Each includes the complete MaxMind minFraud response data.
• CDN and proxy IP detection — Automatically detects the real customer IP behind CloudFlare, Akamai, AWS ALB, nginx reverse proxies, and other CDN/proxy services. Ensures accurate geolocation and velocity tracking even behind multiple proxy layers.
• IP whitelisting — Bypass fraud screening for trusted IP addresses (office, warehouse, partners). Supports IPv4, IPv6, and CIDR notation. Whitelisted IPs are never velocity-blocked and never consume minFraud query credits.
• Configurable risk thresholds — Set separate email notification and auto-decline thresholds. Start conservative (monitor only) and tighten as you gain confidence in your score distribution. The decline message shown to customers is fully customizable.
• All checkout types supported — Works with standard checkout and all payment gateways including PayPal Express, Authorize.net, Check/Money Order, and any method flowing through the standard quote submission pipeline.
• Built-in daily logging — Date-stamped log files with configurable retention and a built-in admin log viewer. Every screening decision, cache hit, velocity event, and email send is recorded for audit and troubleshooting.
• Configurable error handling — Choose whether to accept or decline orders when MaxMind is unreachable or returns an error. Optional email notification alerts you when screening is skipped so you can review the order manually.
• Declarative database schema — Built on modern Magento architecture with proper dependency injection, no legacy setup scripts, and strict PHP types on all files.

How It Works

When a customer clicks Place Order, the extension intercepts the order at quote submission — before payment is captured. The screening flow is:

1. Whitelist check — If the customer IP is whitelisted, the order is allowed through immediately.
2. Velocity check — If the IP is currently velocity-blocked, the order is declined without consuming a MaxMind minFraud query.
3. Cache check — If a cached result exists for this exact checkout payload, the cached decision is reused.
4. MaxMind query — Order data (IP, email hash, billing/shipping address, amount, currency) is sent to the minFraud API.
5. Risk evaluation — The risk score is compared against your thresholds. Orders at or above the decline threshold are blocked. Orders at or above the email threshold trigger a notification.
6. Velocity tracking — If declined, the IP's decline counter is incremented. If the counter reaches your threshold, the IP is blocked.

What's Included

• Pre-payment fraud screening across all checkout and payment methods
• MaxMind minFraud API integration (Score, Insights, and Factors tiers)
• IP velocity protection with automatic session destruction
• Smart query caching with automatic purge on settings changes
• Six professional HTML email notification types, color-coded by severity
• CDN/proxy IP detection for accurate geolocation
• IP whitelisting with IPv4, IPv6, and CIDR support
• Comprehensive admin configuration panel with 11 settings cards
• Built-in velocity table viewer and log viewer
• Test Connection tool to verify MaxMind credentials
• 15-page PDF User Guide
• Email support from the developer

Requirements

• Magento Open Source or Adobe Commerce 2.4.6 or higher
• PHP 8.1 or higher
• MaxMind minFraud account (free trial available)
• Outbound HTTPS access to minfraud.maxmind.com

Privacy and GDPR Compliance

This extension screens orders for fraud using MaxMind's minFraud service. To perform this screening, checkout data (IP address, email, billing/shipping address, order amount) is sent to MaxMind in real time. Email addresses are transmitted as MD5 hashes to protect customer privacy.

Screening activity is recorded in the extension's log files to support fraud investigation and troubleshooting. Log retention is configurable by the merchant. The velocity protection and query cache features maintain temporary records on the merchant's server that are automatically cleared based on configurable time periods.

No customer data is shared with any party other than MaxMind. Fraud prevention is recognized as a legitimate interest under GDPR. Merchants should include fraud screening in their store's privacy policy. For details on how MaxMind handles data, please see the MaxMind Privacy Policy .

About WolfPaw

WolfPaw Hosting and Development LLC has been building fraud prevention tools for e-commerce since 2009, with 16 years of proven experience protecting online stores.

Support: antifraud@wpcomp.com