Real-Time Fraud Detection and Blocking per WooCommerce

• Block fraud before payment — no order created, no payment captured, no chargeback
• Powered by MaxMind’s minFraud network — real-time risk scoring across billions of transactions annually
• Stop card testing bots with automatic IP velocity protection
• Minimize query costs with smart query caching and bot blocking

Block fraud before it costs you

Most fraud detection tools flag orders after payment has already been processed — leaving you with chargebacks, gateway fees, reputational damage and wasted time reversing transactions. Real-Time Fraud Detection and Blocking for WooCommerce takes a different approach.

When a customer clicks Place Order, this extension intercepts the checkout and screens the transaction through MaxMind’s minFraud network before your payment gateway is ever contacted. If the risk score exceeds your threshold, the order is blocked instantly. No order is created, no payment is captured, and no chargeback is filed.

This pre-payment approach means fraudulent orders never enter your system. Your order list stays clean, your payment processor sees fewer disputes, and you spend less time on manual review.

How it works

Every checkout is screened through a multi-layer process designed to
maximize protection while minimizing query costs:

1. The customer clicks Place Order.
2. The extension checks whether the IP is whitelisted. If so, the order proceeds immediately.
3. If IP velocity protection is enabled, the extension checks whether this IP is currently blocked from previous declined attempts. Blocked IPs are stopped instantly — no MaxMind query consumed.
4. The extension checks for a cached result from a previous identical checkout attempt. If found, the cached decision is reused — no MaxMind query consumed.
5. Order data is sent to the MaxMind minFraud API for real-time risk analysis.
6. The risk score is compared against your thresholds. High-risk orders are blocked. Orders above your notification threshold trigger an email alert.
7. If the order is declined, the IP’s decline counter is incremented for velocity tracking.

All of this happens in less than a tenth of a second. Legitimate customers experience no delay.

Features

• Pre-payment fraud screening across all checkout types and payment gateways
• MaxMind minFraud integration supporting Score, Insights, and Factors service tiers
• IP velocity protection that detects and blocks card testing bots automatically
• Smart query caching that reuses results when customers retry with the same contact and address information
• Six HTML email notification types: fraud alerts (accepted/declined), velocity blocks, whitelist bypass, and processing errors (accepted/declined)
• Identifies customer IP address even when behind CDNs and proxies such as CloudFlare, Akamai, AWS, nginx, and other services
• IP whitelisting of IPv4 and IPv6 addresses with CIDR support. Whitelist your office IP if you ever process orders manually
• Configurable risk thresholds with separate email and auto-decline thresholds
• Configurable error handling — choose whether to accept or decline when MaxMind is unreachable
• Built-in daily logging with configurable retention and admin log viewer
• Customizable decline message shown to blocked customers
• HPOS (High-Performance Order Storage) compatible
• Works with WooCommerce block checkout and classic checkout

IP velocity protection

Card testing bots don’t just try once — they submit hundreds of transactions in rapid succession to test stolen card numbers. IP velocity protection tracks declined checkout attempts per IP address. When an IP exceeds your configurable threshold, it is automatically blocked for a configurable duration.

Blocked IPs are stopped before the MaxMind API is called, so no query credits are consumed. The shopping session is destroyed and the cart emptied, forcing the bot to start completely over. The block timer resets with each new attempt, so persistent bots stay locked out and give up.

Smart query caching

When a customer retries checkout with identical billing, shipping, and contact data — for example, after adding or removing a product to check shipping costs or sales tax  — the extension serves the cached screening result instead of making another MaxMind API call. This can significantly reduce your query costs on stores with high retry rates.

The cache is automatically purged whenever you change your whitelist or
risk thresholds, so cached decisions always reflect your current
settings.

Quick start guide

Getting up and running takes just a few minutes:

1. Install the Real-Time Fraud Detection and Blocking for WooCommerce extension.
2. Create a minFraud account at MaxMind. A free trial with 1,000 queries is available.
3. Follow the links in your MaxMind account to generate a license key.
4. Enter your MaxMind Account ID and license key at the top of the extension’s settings page (WooCommerce > Fraud Detection/Blocking).
5. Click the “Test MaxMind Connection” button to verify your credentials are working.
6. Check “Enable Fraud Screening” at the top of the settings page.
7. Set your risk thresholds. Start with the email notification threshold at 0% so you receive an email on every screened order — you can raise this later once you’re comfortable. Set the decline threshold to 100% initially so no orders are blocked. As you gain experience with how MaxMind scores your customer base, gradually
   lower it to 50%, then 40%, and eventually under 10%.
8. Enable query caching to minimize your MaxMind query costs.
9. Check the email notification addresses. The defaults are usually fine, but make sure the “To” address is a valid email where you can receive the extension’s merchant notification emails.
10. Leave IP velocity protection disabled for now until you’re familiar with how the extension operates. You can enable it later for automatic card testing bot detection
11. Click “Save Changes” at the bottom left to save your settings

Account and pricing

Requirements

• WooCommerce 7.0 or higher
• WordPress 5.0 or higher
• PHP 7.4 or higher
• MaxMind minFraud account (free trial available)
• Outbound HTTPS access to minfraud.maxmind.com

Privacy

Real-Time Fraud Detection and Blocking for WooCommerce screens orders using MaxMind’s minFraud service. To perform this screening, checkout data (IP address, email, billing/shipping address, order amount) is sent to MaxMind in real time. Email addresses are transmitted as MD5 hashes to protect customer privacy.

Screening activity is recorded in the extension’s log files to support fraud investigation and troubleshooting. Log retention is configurable. The velocity protection and query cache features maintain temporary records that are automatically cleared based on configurable time periods.

No customer data is shared with any party other than MaxMind. Fraud prevention is recognized as a legitimate interest under GDPR and is explicitly permitted under the California Consumer Privacy Act (CCPA) as an activity that prevents security incidents and resists fraudulent or illegal activity. Merchants should include fraud screening in their store’s privacy policy.