Credit Card Fraud Detection (MaxMind)

[ses707]

MaxMind Credit Card Fraud Detection v1.1 for ZenCart

Overview
1. This has been tested on ZenCart 1.3.7, your mileage on earlier versions may vary.
2. This addon will allow the store owner to query the MaxMind server to identify and place a risk score on transactions.
3. You MUST have an account with MaxMind to use this addon! You may get a test license with 1000 queries at:
http://www.maxmind.com

4. From MaxMind website:
Fraudster techniques becoming more advanced
Techniques used in online card-not-present fraud are becoming more and more sophisticated. Traditional fraud screening tools can only determine if a credit card is legitimate or if the user-entered account information matches those on record. Today, fraudsters can obtain personal credit card information, pose as the legitimate card holder, and bypass standard fraud checks.

Looking at fraud from a different angle
At MaxMind, we approach fraud screening in a different way. We examine an online transaction from various angles. Our tools are not geared towards verifying the authenticity of the credit card details used for the purchase, but rather, identifying if the purchaser is the legitimate card holder. Through our analysis, we have been able to identify traits and patterns that are associated with fraudulent orders. By asking the right questions, we can provide e-commerce businesses with the necessary information to detect fraudulent orders before the payment is processed.

5. This is what you should see once installed:



License
This code is licensed under the terms of the GNU Public License(GPL).

Warning
BACKUP your database and files BEFORE installation. Use this contribution at YOUR OWN RISK.

Installation
With Zen Magic only one file needs to be replaced IF you want credit card orders to auto-process when the order is placed:
includes/modules/pages/checkout_process/header.php

If you want to use the credit card issuer (BIN) name and phone number fraud scoring, or if you use the default credit card module and do not store credit card numbers on the server (you e-mail the middle numbers), you will need to replace:
includes/modules/payment/cc.php
(This needs to be done to change which numbers stay on the server and which get e-mailed to you, we need the first 6 numbers to pass on to MaxMind)

All other files are added and used with Zen Magic:
admin/maxmind_orders.php
admin/maxmind_update.php
admin/images/flags/*.*
admin/includes/boxes/extra_boxes/maxmind_orders_customers_dhtml.php
admin/includes/extra_datafiles/maxmind_orders.php
admin/includes/languages/english/extra_definitions/maxmind_orders.php
images/maxmind_ccfd.gif
includes/extra_datafiles/maxmind_orders.php
includes/modules/maxmind/CreditCardFraudDetection.php
includes/modules/maxmind/GeoIP.dat
includes/modules/maxmind/geoip.inc
includes/modules/maxmind/HTTPBase.php
includes/modules/maxmind/maxmind.php
includes/modules/payment/cc.php ***Read note above, only needed if you want to use BIN scoring or e-mail partial credit card numbers***
includes/modules/pages/checkout_process/header.php ***Read note above, only needed if you want to auto-process orders***

Once you have uploaded the required files you need to add the new database fields:
Go to Your Store -> Admin -> Tools -> Install SQL Patches
Browse and upload maxmind_orders.sql

Make sure you have your MaxMind License Key (available from http://www.maxmind.com):
Go to Your Store -> Admin -> Configuration -> My Store
Find MaxMind License Key and update it with your license key.

Change Notes
1. MaxMind API Version Updated to 1.43 (Adds support for username and password input fields.)
2. Corrected Standard and Premium services fields.
3. Added link to MaxMind ID field to view input/ouput in MaxMind Support Log
4. Removed spam score, now integrated in returned proxy score.
5. Implemented BIN name and phone in credit card module.
6. Implemented score inaccuracy reporting, currently supports feedback for scores 1,3, & 5.
7. Fixed fraud score on order_edit page, no longer rounded.


To-Do List
1. Implement new observer class notifier and remove modifications to checkout_success.php.
2. Implement minFraud alert handling. (http://www.maxmind.com/app/alert_url)
3. Harass Ajeh for putting starting and ending IP address in same field.

Bug Reports
Please PM me on the ZenCart forum with any bug reports
Quick PM Link

Support
Visit the ZenCart forum board to read the latest and get support.
If you cannot find your answer there, PM me.


FAQs
Q. This contribution doesn't work!
A. It works for me :)

Q. Can you do it for me?
A. I will help out as much as I can on the ZenCart forum board, beyond that if you PM me expect to hire me.

Q. How can I contribute to the author?
A. Please direct all contributions to the ZenCart Team

Q. Why is the readme in HTML?
A. I like HTML, get over it :)

Last modified January 11th, 2007
Kevin M.
ses707

Note:
Version 1.0 for ZC 1.2.6b has been submitted to the downloads section. Once the ZC team has approved it I will upload the new Version 1.1 for ZC 1.3.7

[ses707]

Version 1.1 for ZC 1.3.7 is now available on the contributions download page.
Click Here to Download

[jameswilson]

Does anyone know if this works in the UK?

[ses707]

Almost all of the features are available with the exception of:
Billing / Shipping Address Matches
Telephone Matches

The contributing factors to a score are:
score = 2.5 * isFreeEmail +
2.5 * countryDoesntMatch +
5 * isAnonymousProxy +
5 * highRiskCountry +
10 * min(distance,5000) / maxEarthArc +
2 * binDoesntMatch +
1 * binNameDoesntMatch +
5 * carderEmail +
5 * highRiskUsername +
5 * highRiskPassword +
5 * shipForward +
2.5 * proxyScore

As you can see, most of these are not geographically specific to the US already.
Give it a try!

[jameswilson]

Many Thanks, i have requested a test account. I am also running 1.3.0.2 should a apply your 1.3.7 version or the older version?

[ses707]

Many Thanks, i have requested a test account. I am also running 1.3.0.2 should a apply your 1.3.7 version or the older version?

The version 1.0 won't work at all on 1.3.0.2, your mileage on the 1.3.7 may vary but should be ok.

[jameswilson]

Ok then i have got a test account, and modified the cc.php, and all seems well, but im using the ceon payment capture mod and that seems a litle more complicated to mod.
But im not sure that there are any checks they can do with the first 6 digits anyway here in the uk.

Also i have checked the dodgy transactions i had and they are scoring 2,.5 purly cos of free email adress nothing else is wrong.

The standard and premium options dont show, i assume this is cos im using the freebies, but would they ever show?

Thanks

James

[SophWise.com]

I'm getting a Page Not Found error when attempting to download this. Anyone know an alternate location, can the 404 be fixed ?

[SophWise.com]

OK, looks like someone fixed the download link now, awesome, thanks!

[SophWise.com]

Just a quick one to let you know I had to change line 67 in /admin/maxmind_update.php from

Code:

$h["passwordMD5"] = $check_customer_password['customers_password']; // CCFS will hash for us

to

Code:

$h["passwordMD5"] = $check_customer_password->fields['customers_password']; // CCFS will hash for us

It kept crashing at that line with the following message until I fixed it

Code:

Fatal error: Cannot use object of type queryFactoryResult as array in /home/wwwserver/public_html/admin/maxmind_update.php on line 67

HTH,

Wes