The license server they're referring to was a third party's license server on the domain mvcool.com, which was a module store similar to our app store, dating back to the early 2000's twenty years ago. The owner of that site ultimately closed the business, and while he did turn it over to us at that time, the site code was written with dependencies on software that went end of life about fifteen years ago. We patched it together for a few years to try to keep it functional but that ultimately became impossible and it was turned off. This particular module was not updated to make use of our license server, which has been available for more than a decade.

That module should not be used in an active store at this point, not only due to the above issue, but it has other problems from its date of release, particularly its inability to work with a type of internet address called an IPv6 address. This incompatibility means stores that use the module are prevented from receiving certain optimizations from our side.

Many payment gateways support an equivalent type of screening, or even the use of Cloudflare (free) to challenge browsers from certain origins can be a replacement, if the module is simply being used to prevent certain geographic purchases.

Is there any way to continue integrating Maxmind fraud scores and evaluations without the Wolfpaw module? Or is there a good alternative? Maxmind's Minfraud is very useful.

Running into the same thing today. The new license number is 40 characters and the current module only allows 25. Still waiting for a response from Wolfpaw to see if I can get it to work.

When I reached out to WolfPaw about if it was possible to get this to work again:
"The short answer is no. We help out where we can but the module is not compatible with Miva 10 or the MaxMind changes and once Miva shutdown it's Miva Central licensing server you cannot install or re-install the module.

In your case you can try to insert the new license key directly into that field in the miva database. You might need to alter the table structure to support a longer key but I don't know if the longer key might crash something else in the module."

and then, from MIVA

"It's worth exploring migrating to something else since the wolfpaw module hasn't been updated years and they don't have much support for it. The developer that wrote module hasn't worked for them for a long time, probably over a decade. Some of larger clients use Signifyd. There are others but I can't recall which ones are popular."

What else are people using? Signifyd?

What payment processor do you use? Most gateways these days include velocity screening tools (which is what the MaxMind module mostly assisted with). We also support Kount.

I think the first step though is to see what your gateway supports?

Kount is ridiculously expensive. Out of reach for smaller retailers.
We are also driving without seatbelt here.
We use Square and Paypal and while they have some fraud scanning ability, most of the fraud prevention on my sites is just me and my gut feeling that something is off.

I've also been a long time wolfpaw user and since disabling it have seen a large climb in fraudulent orders in just the last two months of doing so. Wolfpaw had a nice ability to just block those orders from proxy's etc.

I'm only using paypal and the big step for me and that was worth every penny was to enable chargeback protection. The catch is on those orders that have your hair standing up is to make sure you manually upload the tracking number to paypal. (Hopefully Miva will fix it so that orders in paypal can automatically get those tracking numbers and I believe it's on their very soon roadmap. We have at least been able to recover 90% of the money from those fraudulent orders.

Mark,

Just curious. Any idea why you see a large number of fraudulent orders? I ask cause with over 50 web sites we work with, we get very few actual fraudulent orders? Granted, most are using fraud protection in both native miva settings and their authorizing agency. (And a few require both shipping and billing to be the same--that said, those obviously do not ship 'gifts' and a couple do have a white list of customers who can use different addresses (i.e., using a custom customer field) and they are B2B.

I believe a fair amount comes from the nature of our items. High end camo clothing, snowshoes & $1k coats with fur on them seem to be like candy for fraudsters. We do allow multiple addresses as long as the billing address matches the card. We are using Miva settings coupled with paypal. Wolfpaw was great at blocking people using a proxy address. With every order we received an email letting us know great information similar to this below and I've removed most of it. Basically even orders that did go through added some easy access to helpful information for deciding whether or not somebody really could be ordering 3 of those coats with fur on them for a reason and have it be legit.

This order has been DECLINED because it has a 65.82% probability of fraud which is GREATER than your risk threshold of 30%
Fraud Analysis Details
Maxmind Response:
distance=11409
countryMatch=No
countryCode=CN
freeMail=Yes
anonymousProxy=No
binMatch=NA
binCountry=
err=
proxyScore=0.00
ip_region=GD
ip_city=Jieyang
ip_latitude=I removed this
ip_longitude=I removed this
binName=
ip_isp=China Telecom
ip_org=China Telecom

Mark
I'm not sure if you get a lot of orders from China but have you thought about blocking by geo.ip (country=CN,SG) at the Cloudflare level?

My business model is not set up for international commerce so I block traffic by country code of the biggest hackers (CN,IN,RU,SG,ID,NG,BR)

Not something I had thought about but that could very well help! Thank you for the idea.