Fraudulent Stripe Transactions Despite Disabling "Gravity Forms Stripe Add-On"

In the past, I’ve dealt with CC Testing Attacks, but I’m experiencing a strange one with a client’s sites. We are receiving multiple fraudulent Stripe transactions usually for $0.90. When I check them inside our Stripe Account under “Developers > Events” and click on the Source link for each, it shows each as coming from the API with the Application listed as “Gravity Forms by rocketgenius”.

To completely “lock down/eliminate” this activity, I’ve actually disabled the “Gravity Forms Stripe Add-On” on the three sites we have connected to this Stripe account. Furthermore, I also remembered we have one archived and one staging site, and I deleted the staging site as well as disabled all plugins on the archived site.

Despite the above, we are still receiving fraudulent transactions. I currently have a support thread with Stripe, but I’m asking you guys in case you can think of how these fraudulent transactions are being made. I believe 6 new ones have come in just while I’ve been writing this post.

Any ideas?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.