Featured post

MaxMind announces corporate giving program

MaxMind is pleased to announce our corporate giving program – we plan to give away over 50% of our profits to charity.

Since its inception, MaxMind has focused on creating value for our customers, especially where the ratio of value to effort is high. It is exciting how technology enables us to write code once and deploy it to thousands of customers to solve problems. For marketing, we focus on strategies that have high impact per dollar invested, including detailed, transparent information about our products on our website and our freemium model for geolocation databases.

Similarly, with charitable giving, we look for opportunities to apply research to find how our funding can have high impact per dollar invested. Sometimes the most cost-effective program can be surprising. For example, according to MIT’s Abdul Latif Jameel Poverty Action Lab, deworming may be one of the most effective ways to increase student participation in school.

The for-profit space seems more and more crowded with great companies pursuing great ideas. There appears to be no shortage of angel and venture capital for technology startups, and competition is intense. On the other hand, the non-profit space appears a lot less crowded, as there are fewer funders pursuing innovative solutions.

We would like to thank our customers for making this possible!

To learn more about MaxMind’s charitable giving, visit our Corporate Giving page.

 

MaxMind Speaking at MRC. March 24, 2015 – Mark Your Calendar!

MRC_Vegas_15(Logo) (1)

MaxMind, the industry-leading provider of IP intelligence and online fraud detection tools, has been invited to present at the 2015 Merchant Risk Council (MRC) eCommerce Payments & Risk Conference in Las Vegas. Our co-presenters will include two of the world’s most prominent eCommerce companies: Orbitz, a leader in the online travel industry, and Western Union, a global money transfer giant. MRC’s own Global Director of Programs and Marketing will bring his extensive industry experience to the presentation as well. Whitepages Pro, one of the major providers of contact information in North America, will moderate our lively presentation.

cropped-cropped-maxmind_logo.png   Western Union  Orbitz  White Pages Pro

Manual Review Best Practices
Learnings from Peak Buying Times in 2014

We invite you to attend this panel discussion to learn more about best practices for preparing for, executing and evaluating your manual review processes. You’ll benefit by hearing specific examples of unique situations and fraud trends that caused online merchants to alter their tools or procedures. You’ll also have the chance to review some questionable transactions and engage in discussion about whether to approve or reject them.

Mark Your Calendar!
March 24, 2015
1:30 p.m. – 2:15 p.m. PT
Aria Resort, Las Vegas

We hope to see you at the Presentation or just stop by booth #422 and say, “Hello!”

Contact us today at mrc@maxmind.com to schedule a meeting during the event. We look forward to seeing you at MRC’s 2015 eCommerce Payments & Risk Conference – the largest professional development and networking event for eCommerce payments and fraud professionals in the Americas.

What Happens in Vegas … can stop online fraud!

jenn
Jenn Sessler, MaxMind’s Director, Business Development, answers questions at MRC 2014.

Proxy detection – why fraudsters give proxies a bad name

When it comes to fraud detection, finding proxies is a big topic. But why? Fraud detection begins with thinking intelligently about the IP address associated with a transaction. Where is that IP address, and how does that location relate to other transaction data? Whereas most IP addresses inspire confidence, those associated with a proxy generate suspicion.

Let’s take a closer look at proxy detection.

As its name suggests, a proxy acts as an intermediary, passing requests from one computer to other servers. But although there are legitimate uses of proxies, fraudsters find it useful to take advantage of one of its characteristics; accessing the Internet through a proxy makes it more difficult to locate a user by means of an IP address. This enables some to use anonymizing proxies to access content from which they would otherwise be blocked. Others use open proxies to hide their whereabouts and thereby circumvent fraud detection rules associated with location.

These fraudster practices drive up the risk of fraud from IP addresses associated with proxies. Open proxies, hosting providers, VPNs are all popular places for fraudsters to hide. For example, although orders with IP addresses from hosting providers can be legit, MaxMind has found up to 65% within the minFraud Network to be high risk.

Although lists of known proxies exist, proxies change frequently. The pool of proxies used for nefarious purposes is especially volatile. For example, sophisticated fraudsters may go so far as to purchase unique proxies with stolen credit cards, perform dedicated attacks, then dump the proxy.

Given the usefulness of proxies to fraudsters, it makes sense that proxy detection is a useful tool in the fraud detection toolkit. Detecting proxies comes with two challenges. The first is how to recognize an IP address as a proxy. The second is how to distinguish a “good” proxy from a “bad” one; since, by definition, a proxy is merely an intermediary, a proxy is not high risk in and of itself.

To consider how best to address these challenges, it’s helpful to look to the primary goal of ecommerce fraud detection: thinking intelligently about the IP address associated with a transaction in order to assess risk.

Fraud detection uses transaction data as the basis for this thinking and risk assessment. Using this data and analysis, we gain insight into the kind of traffic on a particular IP address. At MaxMind, the minFraud Network provides the backbone for this reputation analysis. It informs our our proxyScore, a summary of risk associated with an IP address.

In conclusion, fraudsters know how to use proxies to further their scams. Fraud detection systems need to incorporate monitoring for this type of activity in order to stop them. Since proxies can generate good traffic as well as bad, proxy detection requires analysis of transaction data to assess which IPs are higher risk. Merchants using MaxMind’s minFraud service or Proxy Detection service then benefit from a corresponding increased risk score to enable them to take action.

open proxy list

Open proxies change frequently. Would you trust traffic originating from here?

Apple Pay: What does it have in store for online merchants?

In the world of accepting online payments, credit and debit cards are the industry standard. And for good reason– they’re convenient, and they’ve been around for decades.

But while they’re the go-to payment option, merchants continue to struggle with their vulnerability to fraud.

So that got us wondering– at some point, the credit card was a new invention and appeared to be the payment solution of the future. It was a paradigm shift from the written bank check, which was itself an invention over cash and hard currency. And each option has pushed us into a new era of thieves trying to crank out a payday– sometimes digital, sometimes physical.

So, what’s next for the digital age? Apple is hoping to introduce a new era with Apple Pay. Does it have the moxie to move us beyond the credit card and associated e-commerce fraud?

Mobile payment: Apple Pay
You can’t tap your scroll wheel without clicking through a headline for Apple Pay. And it makes sense– digital-physical hybrid payment options have been trying to take hold for several years now.

While Google and Microsoft have tried their hand at mobile payment methods, Apple’s recent release of Apple Pay is the first to show encouraging signs of nascent adoption. With the smartphone now ubiquitous, the ease of use at the cash register for this type of payment method becomes more compelling.

Apple Pay has immediate benefits for merchants taking CNP payments as well. Apple Pay incorporates fraud detection technology such as TouchID biometric sensors, NFC, and geolocation data. Apple is banking on these features to make Apple Pay more attractive to merchants, and is even going so far as to assume some of the risk of fraudulent transactions themselves.

The future of payment security
Apple’s initial Apple Pay push covers 35 brick and mortar retail stores and provides a new opportunity for widespread use. But considering the amount of consumer data and financial information involved, consumers and merchants alike are sure to closely monitor what E-commerce fraud detection looks like as new payment options spread online within Apple apps.

NFC payment systems are incorporating unique digital signatures and Apple Pay is moving personal data off servers to thwart fraud. At the same time, Apple Pay and other mobile payment options are really no more than glorified credit cards. Is the new technology real progress, or will the fraudsters just step up their game? Adaptation of the new payment methods will be slow, so it will be some time before we can tell.

MaxMind website and services unaffected by Heartbleed Bug

MaxMind’s website and services were unaffected by the recently announced Heartbleed bug in the OpenSSL cryptographic software library.

The discovery of the Heartbleed bug means your encrypted connections with websites that used particular versions of the OpenSSL library (versions 1.0.1-1.0.1f and 1.0.2-beta1) may have been compromised, exposing your logins, passwords, and other data. MaxMind does not use a vulnerable version of the OpenSSL library on internet-facing servers. So you need not worry that your credentials or data were compromised.

This article on ReadWrite describes the bug in more detail as well as what to do to determine if your servers are vulnerable and how to protect yourself personally.

We strongly recommend you change your passwords on any sites affected by the bug. You should assume a site was affected unless you hear otherwise. Mashable and CNET provides a partial list of sites affected by the bug.

Please contact support@maxmind.com with any questions.

“AVS” and “CVV” Declines – Maximize Conversion AND Fraud Protection

img for blog

Welcome to our first installment of MaxMind’s Best Practices Blog Series!

In this post, we discuss using the minFraud Service in conjunction with your AVS and CVV declined transactions in order to help you increase your conversion rate and stop more fraud.
Continue reading

Who has the most accurate IP geolocation data?

free-map-navigation-psd-21

When it comes to choosing between the multiple IP geolocation data providers out there, our customers have told us they are most interested in one thing – accuracy. The question is, who provides the most accurate data?

Continue reading

MaxMind Speaking at MRC. March 20, 2014 – Mark Your Calendar!

MaxMind, the industry-leading provider of IP intelligence and online fraud detection tools, has been invited to present at the 2014 Merchant Risk Council (MRC) eCommerce Payments & Risk Conference in Las Vegas. We are excited to be joined by a top Risk Analyst from our merchant partner, Shopify, the leading commerce platform that allows anyone to easily sell online, at their retail location, and everywhere in between. Continue reading

Access MaxMind’s web services via IPv6

We’re happy to announce that MaxMind’s roll out of Internet Protocol version 6 (IPv6) access for our GeoIP2, Legacy GeoIP, Proxy Detection, and minFraud web service endpoints is complete. This update means each service is queriable at an IPv6 address in addition to existing Internet Protocol version 4 (IPv4) addresses; no API updates are required. Your development team will be happy to know that MaxMind is IPv6-ready as Internet users transition to IPv6.
Continue reading

Introducing the GeoIP2 Beta

We are happy to announce the public beta of GeoIP2. GeoIP2 is the successor line of products and services to the GeoIP brand of IP intelligence data (Note: not all GeoIP ‘Legacy’ products and services will have GeoIP2 counterparts).

The transition to GeoIP2 is an ongoing project and this blog post is intended to provide an accessible summary of what GeoIP2 is all about. The latest updates will be documented throughout our main site and our developer site.
Continue reading