Choosing Credit Card Fraud Detection Service: MaxMind® vs. FraudLabs™

Credit Card fraud detection service may seem like an unnecessary thing, but if you’re running(or building) an ecommerce site that may potentially have a lot of transactions it’s something that you may want to look into as a measure of minimizing your chargebacks and your processing fees as well.

There are bunch of companies that provide credit card fraud detection service, two of them I came across while searching for such service for our latest project. MaxMind and FraudLabs

They both provide a variety of service, and seem to be a pretty well established players. MaxMind is actually something I have been working with for quite a long time, and must confess they provide a very reliable service. Lately however we have been having some intermittent problems with credit card fraud checks. FraudLabs on the other side, I never worked with. So I decided to give it a shot and checkout FraudLabs’ Fraud Detection Web Service.

First impression was – they a bit pricey and not all too developer friendly. They don’t really provide all that much documentation, however an extensive examples for all major scripting languages are provided. It worth mentioning that samples pretty much suck(at least the one for PHP just plainly didn’t work first of all, and secondly was built using NuSOAP, in a quite unexpected way). After about an hour messing around with WSDL we’ve finally figured out a way to get it going, and wrote up our own class that doesn’t have any 3rd party library dependencies.

Once we got all that stuff in place, it actually works pretty good! Not sure if we’d switch to it entirely, but it’s always to good to keep another option up as a fallback for the main one(which is on MaxMind).

4 thoughts on “Choosing Credit Card Fraud Detection Service: MaxMind® vs. FraudLabs™

  1. From the Company: If you can, we’d like to see what you think of our new system by Fraud Oracle. It was developed over several years, and it’s showing to be very accurate from initial deployments. We’ve also made it very developer friendly to implement – the docs are on the Fraud Oracle website. There’s a free trial as well, to try it without cost.

    Thank You,
    Fraud Oracle

  2. @Fraud Oracle

    From your documentation:

    1. You truncate CC numbers if passed. This should never be done, and your documentation makes it sound like it’s OK.
    2. You ask for the login and password in plaintext. This should also _never_ be done. If you’re ever exploited, that’s an amazing vector. It should be hashed at the minimum.

  3. @admin

    What’s your feeling on Fraud Labs now? Maxmind is the tried-and-true. I’ll admit their support is pure awful-sauce, but they’re the standard.

    There are much better solutions out there for the large B&Ms like Kount, but all of these smaller players seem to be doing the same thing. IP location, proxies, flagged emails, etc.

    Thoughts?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>