I see that this may be common. We are processing our CC through Authorize.net. We came in to over 2000 fraudulent CC submissions all for $50 each. How can we stop these mass fraudulent charges. Any suggestions? We have the spam bot activated which obviously doesn’t help. Just trying to figure out what to do here.
Exactly which anti-spam solutions are you using with the form in question?
Also, is it a single page form or multi-page?
I’m just using the Gravity forms anti-spam and single page form. But here is my question. Since it’s connected to Authorize.net, shouldn’t it be caught there when the card is being processed/ran? Like it’s the same name 2000 times but with a random different email. And it’s showed paid.
That sounds like a BIN attack, where the attacker is trying out dozens of valid-looking card numbers to see which yields money. If you have the honeypot field enabled on the form and they’re getting through, that means it’s likely a physical body at a keyboard doing it. If you don’t have it enabled, turn it on!
I’m not familiar with GF’s Authorize.net integration but check to see if you can enable 3D Secure. This is where the card holder must enter an extra authorisation code for their card, directly with their bank’s website (usually in a popup on the same page). It will at least reduce the success rate.
I’m guessing that the randomised email addresses are part of the entry, so that you can’t make the email address a unique entry field. Buggers.
Thanks, all for the feedback. So what I did find out is that the cards are not processing. Authorize.net is just sending out confirmations to the client even though the payments were not approved or cleared. So I’ve asked the client to go back to authorize.net and just turn off the notifications unless the payments have actually processed. And I already had the honey pot and the other spam tool activated. But another thing I did which seems to have worked in the past is I put a basic math problem like what is 3+2 and then I added conditional logic to not show the credit card field unless they can answer that. So hopefully that’s a win-win and will slow it down.
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.