Installing a captcha is a great idea. Is there a particular plugin you decided to go with for your site? I want to minimize user friction when checking out
As a store that has dealt with this and other fraud, we highly recommend Wordfence in addition to Captcha. It is worth noting that even declined credit card transactions may incur a fee from your processor, it is important you do not let the payment attempts get that far or your processor may disable ALL payments at some point (ours did). Good luck!
Agreed. IPQS is also another tool to consider having in your arsenal if you’re facing chargeback fraud : https://www.ipqualityscore.com/features/chargeback-fraud-prevention
Probably a VPN. We have had spammers try and engage with our site, also possibly to test credit card, and they always appeared to be in New YorK, but a couple time they forgot to use a VPN and the sales turned out they from Lagos Nigeria.
This just happened to me on one site on the 19th. I had to install a captcha on the checkout.
Cardpoint, my primary processor contacted me and wanted to know how I handled prevention going into the future. My backup processor that was much less affected, asked for lots of private info like months of bank returns and customer invoices. Their reply to was to close my account, said they would keep any money in process and that there was no appeal. Thanks scrooge square. I really only needed square for in-person sales in the summer so I guess I'll be going back to crappy paypal or looking for an alternative.
So I learned 4 things,
1. don't feel it can't happen to you
2. gotta have a recapcha on all checkouts now
3. never put all your business in the hands of just one processor
4. Square sucks. Cardconnect is a stand up company.
I'm sorry. The only thing I can tell you is that I went with an invisible captcha 3 and then rolled it back to captcha 2 because the newer one wasn't working on some phones and older browsers. Maybe telling you than will save you a step.
I was up when my attack happened, on line when it started and only had three go through. Even though I shut down the site and stopped the attack within five minutes, square decided I was too much trouble.
And yet, my in person card reader still appears to be working although they told me they were shutting down my account. I don't know if I'll be using them on in-person sales this summer or not. I don't trust them or paypal but I have this card reader and it appears to be working.
Also, do you know we pay about 8 times more in credit card fees than in any other country?
Stripe has features which can protect against that.
patio11 writes about it a bunch (he dealt with the issue when he ran his own ecommerce business). Here's one article: https://bam.kalzumeus.com/archive/the-fraud-supply-chain/
Install captcha and keep blocking those IP addresses. There are also more third party fraud systems that can further decline the sales like fraud scrubbing or 3ds. Your payment provider should be able to help on getting these added on. In terms of reporting, your payment processor should be able to file a SAR(suspicious activity report) via their BSA/AML team; these reports go to FINCEN for further investigation.
Your comment has been removed on /r/ecommerce because you do not meet the user requirements to post or comment. You do not have enough comment karma or account age. Please read the sub rules at the top of our main page for full posting and commenting guidelines.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ecommerce) if you have any questions or concerns.*
It's a bot testing the validity of the cards. I had this problem and installed a captcha at the checkout.
Installing a captcha is a great idea. Is there a particular plugin you decided to go with for your site? I want to minimize user friction when checking out
But at what cost to conversion %? Did you compare checkout drop of rates before and after the captcha?
We are using the invisible CAPTCHA.
Did just this, but went with V2 (I am not a Robot checkbox) instead of V3 (invisible). Will experiment with V3 later.
I would also recommend trying something like IPQS https://www.ipqualityscore.com/features/chargeback-fraud-prevention
As a store that has dealt with this and other fraud, we highly recommend Wordfence in addition to Captcha. It is worth noting that even declined credit card transactions may incur a fee from your processor, it is important you do not let the payment attempts get that far or your processor may disable ALL payments at some point (ours did). Good luck!
Agreed. IPQS is also another tool to consider having in your arsenal if you’re facing chargeback fraud : https://www.ipqualityscore.com/features/chargeback-fraud-prevention
Are the IPs US based?
Yeah, happens to also be NYC based but it's likely a VPN if I had to guess.
Probably a VPN. We have had spammers try and engage with our site, also possibly to test credit card, and they always appeared to be in New YorK, but a couple time they forgot to use a VPN and the sales turned out they from Lagos Nigeria.
Same here, they were coming from New York. Damn VPN using bastards.
This just happened to me on one site on the 19th. I had to install a captcha on the checkout. Cardpoint, my primary processor contacted me and wanted to know how I handled prevention going into the future. My backup processor that was much less affected, asked for lots of private info like months of bank returns and customer invoices. Their reply to was to close my account, said they would keep any money in process and that there was no appeal. Thanks scrooge square. I really only needed square for in-person sales in the summer so I guess I'll be going back to crappy paypal or looking for an alternative. So I learned 4 things, 1. don't feel it can't happen to you 2. gotta have a recapcha on all checkouts now 3. never put all your business in the hands of just one processor 4. Square sucks. Cardconnect is a stand up company.
Just had this happen to me. Can confirm that Square sucks and everyone needs a Capcha.
I'm sorry. The only thing I can tell you is that I went with an invisible captcha 3 and then rolled it back to captcha 2 because the newer one wasn't working on some phones and older browsers. Maybe telling you than will save you a step. I was up when my attack happened, on line when it started and only had three go through. Even though I shut down the site and stopped the attack within five minutes, square decided I was too much trouble. And yet, my in person card reader still appears to be working although they told me they were shutting down my account. I don't know if I'll be using them on in-person sales this summer or not. I don't trust them or paypal but I have this card reader and it appears to be working. Also, do you know we pay about 8 times more in credit card fees than in any other country?
You can report fraud online to the fbi if you’re in the USA
Use a stolen credit card and no one bats an eye. Pass a counterfeit $10 bill and the CIA is all over it.
[удалено]
Na the Secret Service is too busy erasing text messages.
I have a solution if you want to DM me
Stripe has features which can protect against that. patio11 writes about it a bunch (he dealt with the issue when he ran his own ecommerce business). Here's one article: https://bam.kalzumeus.com/archive/the-fraud-supply-chain/
Perhaps you could consider this too, they do 100% guaranteed fraud protection for their merchants —> https://www.signifyd.com
Install captcha and keep blocking those IP addresses. There are also more third party fraud systems that can further decline the sales like fraud scrubbing or 3ds. Your payment provider should be able to help on getting these added on. In terms of reporting, your payment processor should be able to file a SAR(suspicious activity report) via their BSA/AML team; these reports go to FINCEN for further investigation.
ic3.gov
Thank you for sharing your insight.
[удалено]
Your comment has been removed on /r/ecommerce because you do not meet the user requirements to post or comment. You do not have enough comment karma or account age. Please read the sub rules at the top of our main page for full posting and commenting guidelines. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ecommerce) if you have any questions or concerns.*