Jump to content
nrlatsha

[Contribution] Credit Card Fraud Detection Service

Recommended Posts

Got my license number, thanks. :) Now I'm getting more data, but it's erratic. The three most recent credit card orders since I added the license no:

 

BinMatch: No

BinCountry:

Bin Name:

 

BinMatch: Yes

BinCountry: US

Bin Name:

 

BinMatch: Not Found

BinCountry:

Bin Name: American Express


"Buy the ticket, take the ride..." -HST

Share this post


Link to post
Share on other sites

Hello, I have played with this in a few different ways now and found this in the 1.4 release.

on line 41 of maxmind.php

 

$h["region"] = $select_state['zone_code'];          // set the billing state

 

I think should be

 

$h["region"] = $check_state['zone_code'];          // set the billing state

 

referring to the query on line 25....

 

I might be wrong of course and others might know a lot more about coding and this mod than me.


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

:D Strider - I've seen and use your CCGV, so there's no way the person who wrote this knows more... :P

 

You're right, I must have changed something in between 1.2 to 1.3.

 

Otherwise the query is useless...


9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Share this post


Link to post
Share on other sites

anyone else using this on 2.2 MS1? The install was seamless but I'm finding that the "Payment Type" section in the confirmation e-mail is being cut off. This only happens when maxmind.php is called - in other words only when the CC payment option is chosen. Can't for the life of me figure out why...not really a huge deal but I'd like to everything working properly. all in all great contrib.


Do you ship UPS?

Give your customers order tracking without leaving your site. Track multi-package shipments. XML, cURL

 

Download the contribution here:

UPS Tracking

Share this post


Link to post
Share on other sites

anyone know if Maxmind conflicts with processing orders with Authorize.net? I was able get authorize.net to work in a clean install, but not on my shopping cart. I get an error on confirming the order. not sure if it's because of Maxmind. any help would be great. thanks! mindy

Share this post


Link to post
Share on other sites
Sounds similar to the problem I had where the credit card split e-mail was not being sent.  I "fixed" it by moving the maxmimd call to the end of the processing.

"To the end" means at the end of the file checkout_process.php?

I have the same problem. I don't get my split email with the 5th to 12th creditcard digits.

 

Can you describe a little closer where you have placed the maxmind call in checkout_process.php?

 

Thanks

Stephan


 

 

Share this post


Link to post
Share on other sites

Well, it's a bit more complicated than that. I moved the Maxmind code to just after:

// load the after_process function from the payment modules
 $payment_modules->after_process();

 

But if you're going to do that, you have to change the code in maxmind.php so that rather than grabbing values from $sql_data_array, it gets them from $order. So I have:

$h["city"] = $order->billing['city'];    // set the billing city
$h["region"] = tep_get_zone_code($order->billing['country']['id'],$order->billing['zone_id'],$order->billing['state']);        // set the billing state
$h["postal"] = $order->billing['postcode'];     // set the billing zip code
$h["country"] = $order->billing['country']['iso_code_2'];       // set the billing country

But note also that I've added a zone_id field to the order record, which makes things easier for me in other parts of the store. So you may need to tweak this for your own store.

 

I stared at this issue for a long time and could not see what was causing the problem. I then tried making maxmind.php a function rather than just included code, so it wouldn't be stomping on variables, but couldn't get that to work - I am not a PHP expert. So I took the "quick and dirty" approach as shown above - it works.

Share this post


Link to post
Share on other sites

I get the following error messages when I run maxtest.php:

Warning: main(includes/modules/maxmind/CreditCardFraudDetection.php): failed to open stream: No such file or directory in /home/yagogo/public_html/admin/maxtest.php on line 43

 

Fatal error: main(): Failed opening required 'includes/modules/maxmind/CreditCardFraudDetection.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/yagogo/public_html/admin/maxtest.php on line 43

 

the maxmind directory with 3 files is installed on /includes/modules/maxmind/

 

any suggestions?

Share this post


Link to post
Share on other sites

dspan - I see you have the files installed in catalog/includes/modules/maxmind, but did you copy that folder into catalog/admin/includes/modules/maxmind? You'll only need that folder in there for testing. Basically you need that folder on both sides if you're going to test.


9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Share this post


Link to post
Share on other sites

nrlatsha: np just tested and its working. Although i am having the same problems as the others, ie bottom part of email being cut out:

*Section being cut off.>>>

Payment Method

------------------------------------------------------

Credit Card

 

anyhow thank-you for a great contribution... now to find out what these scores mean....

Share this post


Link to post
Share on other sites

for whatever reason (cURL?) the $$payment variable variable is being reset or destroyed causing the payment method section of the e-mail to be cut off. In checkout_process.php I made the following change to correct this:

 

  //if (is_object($$payment)) {
   $email_order .= EMAIL_TEXT_PAYMENT_METHOD . "\n" .
                   EMAIL_SEPARATOR . "\n";
   $email_order .= $order->info['payment_method'] . "\n\n";
   //$payment_class = $$payment;
   //$email_order .= $payment_class->title . "\n\n";
   //if ($payment_class->email_footer) {
     //$email_order .= $payment_class->email_footer . "\n\n";
   //}
 //}

 

IMO I'm not sure why the original author wrote it that way to begin with. You can't get through the checkout process without a payment method selected, can you? Perhaps it was done to "contain" an unresolved bug somewhere along the payment process...at any rate the above fix seems to be working fine.


Do you ship UPS?

Give your customers order tracking without leaving your site. Track multi-package shipments. XML, cURL

 

Download the contribution here:

UPS Tracking

Share this post


Link to post
Share on other sites

I have installed the Maxmind version 1.4 (June 14) on a pre-MS1 osC 2.2 (from Dec 2002).

 

Encountered the same issues with the extra order info not being sent (middle 8 digits in separate email), so made the changes suggested by Steve. This took care of the extra info not being sent, but now I get no results showing in the admin for the credit card checks from MaxMind.

 

I notice that in the stock cc.php, the function to send the extra card info is located in the "after_process" section

    function after_process() {
     global $insert_id;

     if ( (defined('MODULE_PAYMENT_CC_EMAIL')) && (tep_validate_email(MODULE_PAYMENT_CC_EMAIL)) ) {
       $message = 'Order #' . $insert_id . "\n\n" . 'Middle: ' . $this->cc_middle . "\n\n";
       
       tep_mail('', MODULE_PAYMENT_CC_EMAIL, 'Extra Order Info: #' . $insert_id, $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
     }
   }

but I am hesitant to move it anywhere else.

 

Does anyone have any additional new solutions for this issue?


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

You can't just move Noel's code, you have to have it fetch the info from the $order variable instead of $sql_data_array. Your Maxmind call is failing because you don't have the right info to send it.

Share this post


Link to post
Share on other sites
You can't just move Noel's code, you have to have it fetch the info from the $order variable instead of $sql_data_array. Your Maxmind call is failing because you don't have the right info to send it.
Understood. I didn't just move the code- I placed the code in checkout_process.php so that it is located here
// send emails to other people
 if (SEND_EXTRA_ORDER_EMAILS_TO != '') {
   tep_mail('', SEND_EXTRA_ORDER_EMAILS_TO, EMAIL_TEXT_SUBJECT . ' #' . $insert_id, nl2br($email_order), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');
 }

// load the after_process function from the payment modules
 $payment_modules->after_process();

if (tep_not_null($sql_data_array['cc_number'])) {
    require(DIR_WS_MODULES . 'maxmind/maxmind.php');   
  }

 $cart->reset(TRUE);

then I changed the maxmind.php to read

//next we set inputs and store them in a hash
$h["i"] = $REMOTE_ADDR;            // set the client ip address
$h["domain"] = $domain;          // set the Email domain 
$h["city"] = $order->billing['city'];    // set the billing city
$h["region"] = $order->billing['state'];        // set the billing state
$h["postal"] = $order->billing['postcode'];     // set the billing zip code
$h["country"] = $order->billing['country']['iso_code_2'];       // set the billing country
$h["bin"] = $cc;       // set bank identification number

Is there another step that wasn't in your instructions that needs to be performed?


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

Yeah - you missed the change I made to how $h['region'] is set. You have set it to the full state name, where I set it to the "zone code". My store has added code that stores a zone ID in the order.

Share this post


Link to post
Share on other sites

(NOTE: The following applies to a pre-MS1 osC 2.2 from Dec 2002 installation - it has not been tested on MS2, but should be very similar)

 

These changes were made based on Steve's earlier suggestion because, when using the standard cc.php module which sends the middle 8 digits of the credit card number to the store owner in a separate email, the standard installation of this mod was preventing that email from being sent (obviously not acceptable, because you get orders with no idea of what half of the credit card info is). If you don't have the above-mentioned problem, don't make these changes.

 

The best solution would be to fix whatever is preventing the mailing of the middle credit card numbers, but I haven't been able to sort that one out.

 

I also believe that, with the following changes made, I am still not getting the first 6 digits of the card number being sent correctly to MaxMind. I suspect this is because when its called in after_process, that the cc number has already been split and it is only getting 4 digits or 4 digits and "XX". I have considered changing how cc.php splits the cc number so that it puts 123456XXXXXXXX78 into the database and mails the second sextet in the extra info email, but would love to hear other options.

 

BACKUP FIRST!

 

1) in checkout_process.php, instead of where the instructions say to place the call to maxmind, place it AFTER the loading of the after_process function, changing the call to $sql_data_array to call $order

// load the after_process function from the payment modules

  $payment_modules->after_process();

if (tep_not_null($order->info['cc_number'])) {

    require(DIR_WS_MODULES . 'maxmind/maxmind.php'); 

  }[

  $cart->reset(TRUE);

 

2) in maxmind.php, the original file reads

$check_country_query = tep_db_query("select countries_iso_code_2 from " . TABLE_COUNTRIES . " where countries_name = '" . $sql_data_array['customers_country'] . "'");

$check_country = tep_db_fetch_array($check_country_query);

 

$check_state_query = tep_db_query("select zone_code from " . TABLE_ZONES . " where zone_name = '" . $sql_data_array['customers_state'] . "'");

$check_state = tep_db_fetch_array($check_state_query);

 

require(DIR_WS_MODULES . 'maxmind/CreditCardFraudDetection.php');

$ccfs = new CreditCardFraudDetection;

 

//Modify a few variables to match what MaxMind is expecting.

$string = $sql_data_array['cc_number'];

$cc = substr($string, 0, 6);

 

$str = $sql_data_array['customers_email_address'];

list ($addy, $domain) = split ('[@]', $str);

 

//next we set inputs and store them in a hash

$h["i"] = $REMOTE_ADDR;            // set the client ip address

$h["domain"] = $domain;          // set the Email domain

$h["city"] = $sql_data_array['customers_city'];      // set the billing city

$h["region"] = $check_state['zone_code'];          // set the billing state

$h["postal"] = $sql_data_array['customers_postcode'];    // set the billing zip code

$h["country"] = $check_country['countries_iso_code_2'];  // set the billing country

$h["bin"] = $cc;      // set bank identification number

change it to read

$check_country_query = tep_db_query("select countries_iso_code_2 from " . TABLE_COUNTRIES . " where countries_name = '" . $order->customer['country']['title'] . "'");

$check_country = tep_db_fetch_array($check_country_query);

 

$check_state_query = tep_db_query("select zone_code from " . TABLE_ZONES . " where zone_name = '" . $order->customer['state'] . "'");

$check_state = tep_db_fetch_array($check_state_query);

 

require(DIR_WS_MODULES . 'maxmind/CreditCardFraudDetection.php');

$ccfs = new CreditCardFraudDetection;

 

//Modify a few variables to match what MaxMind is expecting.

$string = $order->info['cc_number'];

$cc = substr($string, 0, 6);

 

$str = $order->customer['email_address'];

list ($addy, $domain) = split ('[@]', $str);

 

//next we set inputs and store them in a hash

$h["i"] = $REMOTE_ADDR;            // set the client ip address

$h["domain"] = $domain;          // set the Email domain

$h["city"] = $order->customer['city'];      // set the billing city

$h["region"] = $check_state['zone_code'];          // set the billing state

$h["postal"] = $order->customer['postcode'];    // set the billing zip code

$h["country"] = $check_country['countries_iso_code_2'];  // set the billing country

$h["bin"] = $cc;      // set bank identification number


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites
I changed the split code to not mask the first six digits.

Steve;

 

Would it be possible for you to share exactly what you did to accomplish this, and are you satisfied that you are getting accurate results now?


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

Well, this is the code I have in cc.php that preserves the first six digits:

    function before_process() {
     global $HTTP_POST_VARS, $order;

     if ( (defined('MODULE_PAYMENT_CC_EMAIL')) && (tep_validate_email(MODULE_PAYMENT_CC_EMAIL)) ) {
       $len = strlen($HTTP_POST_VARS['cc_number']);

       $this->cc_middle = substr($HTTP_POST_VARS['cc_number'], 6, ($len-6));
       $order->info['cc_number'] = substr($HTTP_POST_VARS['cc_number'], 0, 6) . str_repeat('X', (strlen($HTTP_POST_VARS['cc_number']) - 10)) . substr($HTTP_POST_VARS['cc_number'], -4);
     }
   }

 

This works fine and I am getting good results from Maxmind, though I note that lately I am not seeing the bank name anymore. The rest of the fields (including BIN country match) are fiine. I verified at the Maxmind site that their online query tool returns the same results.

 

Incidentally, I have never gotten the "phone match", a new field, to return anything but NA. Shrug.

 

I wish I understood what causes the suggested placement of the Maxmind code to corrupt the variables. I certainly can't spot it.

Share this post


Link to post
Share on other sites

Steve;

 

Thanks for posting your code cahnges. I'm seeing pretty much the same type of results as you described when I run the test file (where the first 6 digits are entered manually). I'm going to take another fresh look at this some time in the next few days to see if I can sort the lost middle numbers issue.


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

The previously posted change which preserved the first 6 digits, while it provided all of the needed information, caused digits 13 and 14 to be repeated in both the admin view and the extra order info email. The following change corrects that, so that you end up with

Admin: 123456XXXXXXXX78

Extra email: The 8 'X' missing above

function before_process() {
     global $HTTP_POST_VARS, $order;

     if ( (defined('MODULE_PAYMENT_CC_EMAIL')) && (tep_validate_email(MODULE_PAYMENT_CC_EMAIL)) ) {
       $len = strlen($HTTP_POST_VARS['cc_number']);

       $this->cc_middle = substr($HTTP_POST_VARS['cc_number'], 6, ($len-8));
       $order->info['cc_number'] = substr($HTTP_POST_VARS['cc_number'], 0, 6) . str_repeat('X', (strlen($HTTP_POST_VARS['cc_number']) - 8)) . substr($HTTP_POST_VARS['cc_number'], -2);
     }
   }


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites
This works fine and I am getting good results from Maxmind, though I note that lately I am not seeing the bank name anymore. The rest of the fields (including BIN country match) are fiine. I verified at the Maxmind site that their online query tool returns the same results.

 

Incidentally, I have never gotten the "phone match", a new field, to return anything but NA. Shrug.

 

I wish I understood what causes the suggested placement of the Maxmind code to corrupt the variables. I certainly can't spot it.

I just got an order with the bank name--only the second time I've ever seen that--but Bin Match and Bin Country were missing, go figure.

 

Country Match: No

Bin Match: Not Found

Country Code: US

Bin Country:

Bin Name: American Express

Error: CITY_NOT_FOUND (the city was "Neuilly Sur Marne" in France)

 

Most of the time I get something like this:

 

Country Match: Yes

BinMatch: Yes

Country Code: US

Bin Country: US

Bin Name:


"Buy the ticket, take the ride..." -HST

Share this post


Link to post
Share on other sites

Correction, I've had three orders with a Bin Name. All three were American Express, with BinMatch Not Found.

 

BinMatch: Not Found

BinCountry:

Bin Name: American Express


"Buy the ticket, take the ride..." -HST

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×