Card Testing

Hi All,

We've just gone through a major issue with Card Testing. This is where hackers use scripts to verify stolen or generated Credit Card numbers through a donation link. We've had more than 10K of these types of charge attempts.

Generally, these donations are at the $1 mark because it flys below most people's radar.

Since there are no docs yet about this by Foundant, I will suggest that you set your minimum donation amount to $10. This will at least stop most of the $1 card testing scripts.

Foundant has some security features in place, but at times they appear not to be working. They are supposed to stop a certain number of charges to the same IP address. I think they said after 5 attempts.

They are also using Google ReCAPTCHA on the donation pages. Though, that did not appear to stop these $1 charges. Hackers are always one step ahead of security.

If you are using Stripe as your payment processor, their radar system does catch most of these charges and cancels them.

These charges can be damaging to your Foundations and should be taken seriously. Foundant seems to be taking card testing seriously, but they currently do not have any documentation about it. I've asked that they add documentation to the site about this.

Keep an eye on your Stripe account.

https://www.cybersource.com/en-us/blog/2020/what-you-need-to-know-about-card-testing-fraud.html

Comments

  • @hankdrew Thanks for the heads up. I'll be more diligent about checking stripe.

    Bettie

    Bettie Stammerjohn

    Executive Director

    Community Foundation of Greene County, Pennsylvania

    hankdrew
Sign In or Register to comment.