version 1.5.5.1
I have my MaxMind Risk Score set to 10 and anything over is supposed to go to "Pending" status. However, I have had multiple orders of 80 and 90 RS complete... A few completed, then one with 82.69 was set to pending as it should have been. A few minutes later, two orders with a 93.18 score instantly completed. The last few orders I checked the RS a few minutes after the order was made, and was already at 93.18.
I heard MaxMind will update the RiskScores, but I do not know if this is true or not. If it is true, will the score also update in order history? Is a few minutes enough time for an order to come in with low fraud and then be updated to high risk? Most importantly, how do I stop it from happening again?
If anyone has any other ideas of causes for this, please share them.
Update: In the database the order table has:
date_added 2013-09-23 12:47:14
date_modified 2013-09-23 12:48:17
While the order_fraud table has:
date_added 2013-09-23 12:48:17
Could it be that orders are processing BEFORE a riskScore is applied? Then by the time it is applied it is too late and the order is set to complete? If so, how I stop all orders from processing until a riskScore is returned?
Update Two: Most orders have the same date_added and date_modified timestamp. The fraud that got through does not. In fact one order has a 63 second delay, and another has a 138 second delay. Anyone know either 1. how to stop this delay or 2. how to pend orders until a fraud check is completed and returned?
When I messaged MaxMind and asked why the handshake was staying open for so long, some turd replied with "message openCart"... A lot of help they are...
Anyways, in:
On lines 4 and 58 I changed
to
Probably wont work... but hopefully now when MaxMind decides not to reply the riskScore will be set high and not deliver. I will update when I can actually test this theory, but feel free to post comments / ideas / suggestions in the meantime.
Anyways, in:
Code: Select all
catalog/model/checkout/fraud.phpCode: Select all
$risk_score = 0;Code: Select all
$risk_score = 100;
I don't have any issues with maxmind on my end. Seems alright with the risk score updating correctly. Do you have anything in your error logs?
Code: Select all
2013-09-23 12:16:13 - PHP Notice: Undefined index: order_id in /home/lgcards_admin/lgcards.com/catalog/controller/payment/stripe.php on line 174
2013-09-23 12:16:13 - PHP Notice: Undefined index: payment_code in /home/lgcards_admin/lgcards.com/vqmod/vqcache/vq2-catalog_model_checkout_order.php on line 75
2013-09-23 12:37:32 - PHP Notice: Undefined variable: body_heading_color in /home/lgcards_admin/lgcards.com/catalog/view/theme/default/template/mail/review_reminder.tpl on line 10Im really confused because I would think that if MaxMind is called the rest of the script would not run until it got a reply from MaxMind. But it seems it does... The delay allows the order to default to "Complete" then the check comes back, but by then it is already too late. Ive only actually had a few orders with a delay, but they are the ones that count.
This is the reply I got from MaxMind after they started trying to figure out what was going on:
"Hello,
Because of the potential for time-out issues, we log queries that use the potentially slow methods which I mentioned when we chatted yesterday. We checked back through the "slow queries" log for the past couple days, and didn't see any transactions from your account. Any other queries should've received an immediate reply.
You mentioned that the timeouts were up to several minutes long. Just to check, have you compared the timestamps on your end with the results that are being posted on our site? It's a shot in the dark, but I'm wondering whether something in OpenCart might be delaying sending the queries for some reason."
"Hello,
Because of the potential for time-out issues, we log queries that use the potentially slow methods which I mentioned when we chatted yesterday. We checked back through the "slow queries" log for the past couple days, and didn't see any transactions from your account. Any other queries should've received an immediate reply.
You mentioned that the timeouts were up to several minutes long. Just to check, have you compared the timestamps on your end with the results that are being posted on our site? It's a shot in the dark, but I'm wondering whether something in OpenCart might be delaying sending the queries for some reason."
you might have an extension breaking the fraud mechanism. Not sure if i'm right on that. Try reading your vqcache/vq2-catalog_model_checkout_order.php file and see if anything is broken there by any vqmod scripts
Not really related but... always provide your customers a way to contact you when they get flagged by the Max Mind fraud detection and if you talk / write to them don't assume they are necessarily fraudsters.
I got flagged a purchase as fraud (and then contacted the store owers and investigated why) just because I used my credit card in another country I moved to. This means that some of the best customers (rich tourists who travel countries and purchase a lot) could get a quite offending "YOU ARE FRAUD!" message just because they want to buy stuff with their own country credit cards.
I got flagged a purchase as fraud (and then contacted the store owers and investigated why) just because I used my credit card in another country I moved to. This means that some of the best customers (rich tourists who travel countries and purchase a lot) could get a quite offending "YOU ARE FRAUD!" message just because they want to buy stuff with their own country credit cards.
Heavy OpenCart Customizations. Current project in progress: fleurworld.com
Thanks I will look into that now. Though admittedly, I might miss something because I am less than up to speed with the whole function, class, extends type of PHP.MarketInSG wrote:you might have an extension breaking the fraud mechanism. Not sure if i'm right on that. Try reading your vqcache/vq2-catalog_model_checkout_order.php file and see if anything is broken there by any vqmod scripts
That is a good point. Probably not the best practice, but I usually wait for them to contact me and if they dont within a few hours I just refund the purchase.dfumagalli wrote:Not really related but... always provide your customers a way to contact you when they get flagged by the Max Mind fraud detection and if you talk / write to them don't assume they are necessarily fraudsters.
I got flagged a purchase as fraud (and then contacted the store owers and investigated why) just because I used my credit card in another country I moved to. This means that some of the best customers (rich tourists who travel countries and purchase a lot) could get a quite offending "YOU ARE FRAUD!" message just because they want to buy stuff with their own country credit cards.
Who is online
Users browsing this forum: Google [Bot], Semrush [Bot] and 77 guests
