[Pyramids]

Although we combine with internal scoring and manual review, as stated; If I was using MaxMind exclusively I'd consider 5.0 to 7.5 a good indicator of a possible fraudulent order.

This is based on their current riskScore system[1] (changing on January 1st, 2014) and 10 as an instant failure without review. Most orders will generate a non-0 score, however.

Another great tactic for preventing fraud is to never indicate an order has failed or a card hasn't been charged ('ghosting'), this is a tactic used heavily by Google for AdWords and other paid services.

Giving a clear indication of failure allows "carders" a way to easily figure out your detection algorithms by placing orders until one gets through, and share that information with others who will attempt to victimize your checkout process.

[1] http://www.maxmind.com/en/ccfd_formula

[nunoloureiro]

Any idea what the equivalent 'riskScore' would be? If we are starting using minfraud it doesn't make sense to use 'score'.

Thanks

[Pyramids]

riskScore is a combonation of hard coded scoring, along with what I'd equate to a bayesian filter.

In a way, riskScore simplifies the calculation, because it's a percentage instead of an arbitrary number. Depending on your business, I would consider starting at 30% for manual review, and 90%+ for auto refusal, making adjustments to the threshold from there.