Card Status Inquiries

  • Resolved GAR1

    (@gar1)


    3 years, 10 months ago

    We recently have had extremely high amounts of card status inquiry requests sent to Braintree for which we are being charged. It is clearly an attack and we believe we have stemmed the attack by adding reCaptcha to our checkout form.

    However I am hoping you can tell me exactly where in the plugin code card status requests can be made? Does the plugin have such functionality? Does the plugin use the Braintree API to request card statuses? If so, why and where?

    Thank you for your help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Clayton R

    (@mrclayton)

    3 years, 10 months ago

    Hi @gar1

    Thank you for contacting us. When you say card status requests, are you referring to the request to add a payment method that includes a card verification?

    Or is it a transaction request that includes the vault on success property?

    If you have the exact Braintree API request, that will help us inform on where that request might be originating.

    Kind Regards,

    Thread Starter GAR1

    (@gar1)

    3 years, 10 months ago

    Thank you for your reply.

    Actually, I am trying to identify the exact Braintree API request. That’s really my question.

    It seems we experienced a card testing attack. The attacker used our site (or our Braintree API keys) to make card status inquiries for which we are being charged by the credit card company.

    I am trying to understand where in the plugin code this can be done.

    Since this is a highly sensitive security issue, I’d rather not put more detail into this public thread. Is it possible to have a private communication with you about this?

    Plugin Author Clayton R

    (@mrclayton)

    3 years, 10 months ago

    @gar1

    You can contact us using the support button which is located on all the settings pages of the Braintree plug-in.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Card Status Inquiries’ is closed to new replies.