Transactions Marked as High Fraud Risk by Stripe

Follow

If you start to notice transactions in your Stripe dashboard which are blocked as being fraudulent it could be that fraudsters are trying to use your donation page for card testing - which means they're testing whether credit card details they have stolen (from another source - not Donorfy) are still active. They do this by attempting to create transactions for relatively low values (under £20).

Mostly these are trapped and blocked by Stripe. However there is a risk that some will succeed and in that case the constituent and transaction will be added to Donorfy.

To reduce the risk of fraudsters using your Stripe account you can do the following:

If you are using a Widget - change your WidgetId

  • Create a new version of your widget - see this article - this widget should have the same settings as your existing widget
  • View the HTML code for your new widget, scroll to the bottom and find the field containing the WidgetId - it will be similar to this  <input type="hidden" id="WidgetId" value="b1234fb5-111e-1f11-b333-ff00002220b4" /> 
  • Go to your website and edit the donation page HTML - find the old WidgetId and replace it with the WidgetId from your new widget (which you can copy from the HTML it generates)
  • Go back into your Donorfy configuration and delete your original widget from the list

If you are using a Campaign Donation Page

  • We have made some changes to block fraudulent transactions
  • Contact Donorfy support - we can reset your page 

If you are using a Donorfy Donation Form

  • We have made some changes to block fraudulent transactions - you will see blocked IP addresses within Forms > Security 
  • Where there are persistent issues, you could create a copy of the Form (ensure the suffix of the URL is different from the current Form) and replace the current Form on your Website with the newly created Form. 
  • Once the new Form is in situ on your website, open the Form where the issue stemmed from and set it to inactive. - this will prevent the Form from displaying online. 
  • If the issue still persists, then delete the old Form altogether.

Block transactions with null CVC, using Radar in your Stripe Dashboard

  • Log into your Stripe Dashboard, navigate to Radar| Rules
  • Check that the standard Rules for CVC and Zip code verification are enabled
  • Add a new rule to block transactions where the CVC is not provided (this is a characteristic of the fraudulent transactions):
  • NOTE - to enable the ability to add rules you will need to contact Stripe support to enable it for you. Check Stripe pricing for the fee associated with this enhanced security level (as at Dec 2018 the cost was £0.02 per transaction).

Comments

0 comments
Please sign in to leave a comment.
Powered by Zendesk