Hi there!
I can definitely understand how frustrating and concerning a sudden wave of fraudulent orders can be. We will happily assist you to fix that issue.
Here are some things you can do to protect your store from card testing attacks.
- Implement a CAPTCHA, extensions such as reCaptcha for WooCommerce or Google reCaptcha for WooCommerce are quick and easy ways to achieve this. Either of these plugins will insert a mandatory bot detection mechanism into your checkout process, which can help prevent automated fraud. A free plugin that only supports Google’s v2 (Checkbox) reCaptcha is available on ww.wp.xz.cn
- Cloudflare Turnstile is a newer alternative to CAPTCHA plugins that provides a lightweight, privacy-focused solution for bot detection. By integrating Turnstile into your checkout process, you can add an extra layer of security without compromising user experience, helping to safeguard your store against automated fraud attempts. Turnstile is free to use with the Simple Cloudflare Turnstile plugin from ww.wp.xz.cn. A paid option is also available on the WooCommerce.com marketplace.
- WooCommerce Anti-Fraud is an extension that allows you to set up complex rules that, when triggered, will block the offending transactions. This extension offers even more power and flexibility than the rules built into WooPayments.
- Anti-Fraud Shield for WooCommerce offers highly customizable fraud detection and prevention techniques. It helps you reduce card testing activities and block fraud orders manually or automatically.
If you install one of the above plugins, be sure to read the documentation thoroughly. If the plugins are not configured correctly, they will offer little or no protection!
Here are a couple more miscellaneous tips that may help:
- Avoid pay-what-you-want or donation products with no minimum. Fraudsters often use these to make small transactions that may not be noticed by the cardholder.
- If your site is under attack but you don’t see see a large number of Failed orders, it may help to disable the Enable payments via saved cards setting for your payment methods (if supported). This is sometimes effective if fraudsters are trying to validate cards by adding them to an account on your site.
By carefully monitoring transactions, implementing appropriate security measures, and responding quickly to suspicious activity, you can help protect your store from card testing attacks and maintain your customers’ trust and confidence.
Since there’s been no recent activity on this thread, I’m marking it as resolved. Don’t hesitate to start a new thread if you need help in the future.
Your feedback helps others – please consider leaving a review: https://ww.wp.xz.cn/support/plugin/woocommerce/reviews/
