[mikejarema]

So it appears that a combination of (1) removing instant feedback (not alerting fraudsters as to the success/failure of their charge) and (2) giving a grace period to review and cancel charges has given Candy Japan some breathing room.

Though it does seem that this requires a manual step (2) before sending charges through, does anyone have experience using a fraud detection API, like Maxmind's minFraud [1] or any other, in an attempt to avoid having to review each charge?

[1] https://www.maxmind.com/en/minfraud-services

[mrweasel]

>does anyone have experience using a fraud detection API, like Maxmind's minFraud

We tried MaxMind, for our use case it was pretty useless. The feature that sort of worked which we considered using was the geo-location stuff. Our idea was to see how close a customer was to where the goods where to be sent. Sadly the countries we operate in are to small, and IP location is to inaccurate.

As a test we ran a couple of months worth of fraudulent order data through MaxMind, with a success rate of 100%.

The best solutions we found is: - Block cards not issued in the country where you operate. This shield us from poor credit card security in countries like the US. - Enabled 3D Secure. This blocks all the amateurs - Manually call customers ordering for large amounts.

Generally speaking it's very difficult to tell the difference between a fraudulent order and a first time customer.

[77pt77]

> Block cards not issued in the country where you operate

Please, don't do this. It's so annoying.

> Enabled 3D Secure

Yes, this is a really good idea.

[talawahdotnet]

I currently use Maxmind's midfraud service. It is useful for identifying KNOWN fraudulent email addresses and proxy servers but not much else. It is just one of the signals that I currently use as a part of a fairly manual fraud review process.

I have evaluated a number of different options and I am about to start using Sift Science[1]. In addition to using standard ip address/email based information they also use social data and machine learning to identify fraud.

Their API/data model is the most well thought out and comprehensive one that I have come across and they allow you to back-fill up to 12 months of historical data for free to help improve your detection rates. They also have a console to assist with optional manual review workflows and store integration apis to allow full automation.

On top of all that they offer scalable pricing that works for both large and small business at 6c per transaction.

Obviously I can't vouch for their results yet, but what I have seen so far looks pretty good. If you have a fraud issue you should at least check them out.

[1]https://siftscience.com/

[joshmn]

I'll say that I like Sift better than MaxMind, but it still doesn't cover a lot of things that it should. I won't go into details, as I'm in the middle of building a platform to solve this issue myself, but as someone who used to be on the other end of credit card fraud, it's really laughable how many things these companies don't see.

[jasontan]

Hi Josh, Jason here, CEO of Sift Science. Would love to hear your feedback on what we could do better, whether publicly or privately - jason at siftscience dot com. We want to do better.

[fweespee_ch]

This can be largely automated using something like minFraud, Signify, etc.

However, you still need to use the same basic process:

Step #1 - No instant feedback

Step #2 - Your antifraud SaaS provider / process / whatever

Step #3 - Reject anyone who fails step #2 after ~24 hours.

[bemmu]

My friend runs a similar candy subscription box called https://boxfromjapan.com/ and reported having a good experience with Signifyd. I might try integrating something like that next.