Increase in Card Testing - Online Fraud

We have been seeing a rise in the number of support tickets relating to 'card testing'.
Unfortunately, cyber fraudsters like to use pages where there is a payment form to test cards and have been taking advantage of the rise in online appeals/shopping during the lockdown period- they typically put through a low-value amount to see if the transaction will be processed.
We've been bolstering our defenses against this and are looking at some further additions to this also. But there are indeed other things that can be done...
1. Activate RADAR in your Stripe account
2. Set the minimum transaction amount in Stripe to something that will help to reduce the number of card testing but also won't affect the donations coming through.
3. Alert Stripe's fraud team where you are seeing numerous attempts so that they can also block IP addresses on their payment platform.
4. Ensure any web widgets are SCA compliant (any new ones will be by default, but older pages (pre-September last year may not be - see Updating Your Web Widgets to Use Strong Customer Authentication (SCA) 
5. If you have received a 'dodgy' payment in the last 30 days, you can now see the IP address within the Financial > Online Donations > Errors and Info tab.
That IP address can be added to the block list as described in the article Form & Web Widget Security  
6. If you are still finding card testing is coming in, then you could also look at setting up a new Web Widget and add the Widget Id from that new Widget into your page. Once done, delete the old Widget in settings so that the old Widget Id becomes completely redundant.
Further reading about high-risk transactions, see this Knowledge Base article.
Have more questions? Submit a request


Powered by Zendesk