Increase in Card Testing Attacks

  • Resolved Keith

    (@keithrolly)


    3 months ago

    We have recently seen an increase in card testing attacks on the site. I have done numerous amounts of reading and 2 thing appear to crop up:

    1. It is a flaw in the design of the PayPal plugin according to many people
    2. turning on Captcha does not stop it happening

    My question is have you a way to stop this happening or are doing something about it?

    Prior to using woocommerce I wrote my own software for PayPal and advanced cards checkout and never got any card testing attacks going on. We switch to woo thinking we were moving forwards but things like this just make me feel like it’s a step backwards. There must be something you can advise to do?

    • This topic was modified 3 months ago by Keith.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Syde Jamie

    (@jamieong)

    3 months ago

    Hi @keithrolly ,

    Thank you for reaching out to us, we are here to help.

    We appreciate you spending time to understand and read up about this particular problem. However. carding attacks is a quite a common problem that affects most payment gateways. We are not sure if you were referring to any Captcha plugin (we appreciate if you can clarify this), however our integrated reCAPTCHA solution is designed to block automated abuse and card-testing activity at the PayPal payment endpoints. This covers PayPal, BCDC, and ACDC transactions.

    If only v3 keys are set or the token isn’t submitted, validation fails and blocks the request; ensure both v3 and v2 keys are entered and “Enable reCAPTCHA protection” is checked.

    It will be helpful if you could share your current System Status Report.

    You can do this by navigating to WooCommerce > Status > Get system report > Copy for support. You can either attach it directly or provide it via our secure PrivateBin.

    We look forward to your response.

    Best Regards,
    Jamie

    Plugin Support Syde Jamie

    (@jamieong)

    3 months ago

    Hi @keithrolly ,

    We have reached out to you privately.

    It is also important to note that since integrating reCAPTCHA, we haven’t seen a single fraud-related incident reported on our support board. Based on that, I would recommend using a slightly higher threshold score in the settings for stronger protection. At the moment, I’m not seeing CAPTCHA scripts on your site.

    Please go to: WooCommerce → Settings → Integration → WooCommerce PayPal Payments CAPTCHA

    Or open directly: https://www.achamilton.co.uk/wp-admin/admin.php?page=wc-settings&tab=integration&section=wppc

    Best Regards,
    Jamie

    Thread Starter Keith

    (@keithrolly)

    3 months ago

    I have responded privately as the whole thing is not doing as I expected. Getting 2 keys was an almost impossible nightmare using google cloud and then now the google captcha thing is showing all over the site. Also, the cart it is now showing huge amounts of console errors which is mainly down the captcha being enabled. Really need some assistance on this.

    I only want it at checkout as I do not want more load on pages. Can this be rectified also!?

    Plugin Support Krystian Syde

    (@inpsydekrystian)

    3 months ago

    Hello @keithrolly

    Marking this as resolved, as we managed to get captcha working via a private board request.

    Kind regards,
    Krystian

    ashf

    (@ashf)

    2 months, 4 weeks ago

    https://mainwp.com/how-to-stop-card-testing-attacks-on-your-woocommerce-store/

    This worked for me.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.