Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increased card fraud #2292

Open
Changaco opened this issue Oct 31, 2023 · 0 comments
Open

Increased card fraud #2292

Changaco opened this issue Oct 31, 2023 · 0 comments
Labels
defense protecting ourselves, our users and innocent third-parties

Comments

@Changaco
Copy link
Member

Changaco commented Oct 31, 2023

Earlier this month, Stripe's developer newsletter mentioned improvements in the detection and thwarting of card testers:

Prevent card testing attacks

Card testing is a massive challenge for businesses. It’s when a fraudulent actor attempts to validate or make purchases with stolen credit card information to determine which cards are still valid. Card testing may result in increased disputes and other negative consequences for you.

We've deployed machine learning models to help prevent this activity by default for those using Stripe’s Payment Element. Since launching these models over a week ago, we've already seen them prevent attacks on thousands of sites and millions of unwanted transactions. Our models, trained with Stripe Radar, analyze transactions at confirmation time and present card testers with a CAPTCHA when interacting with your checkout. Learn more about best practices to further prevent disputes and fraud.

Because these changes only apply to the Payment Element, which is only one of the ways to use Stripe, criminals now have an incentive to abuse any application which uses Stripe in another way. Liberapay is one of those, and I've been seeing unusual waves of card testing in the past few weeks. This became a somewhat serious concern this week as the number of fake accounts spiked and some of the attempted payments weren't detected as fraudulent by Stripe. I manually refund those payments, but Liberapay loses a bit of money on each one (because refunding a payment doesn't eliminate the fees on it).

@Changaco Changaco added the defense protecting ourselves, our users and innocent third-parties label Oct 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
defense protecting ourselves, our users and innocent third-parties
Development

No branches or pull requests

1 participant