Unrecognizable payment

Hi there!

Thank you for reaching out and sharing your concern. It’s completely understandable to be worried about the potential security implications. I also noticed that you have currently disabled the payment method on your site. However, if you are seeing a Credit/Debit Card Secure Payment form on your site, it could be collecting users’ card details. This is a serious issue, and I recommend contacting your hosting provider to investigate whether your site has been hacked or compromised with malware.

Additionally, I suggest using a security plugin like Wordfence to scan your site for any malware or suspicious code. It will help identify if your site has been attacked or infected with malicious scripts.

It’s also important to note that WooCommerce itself does not store or process credit card details directly on your site. Payment processing is handled securely by third-party payment gateways like PayPal, Stripe, or WooPayments, which are PCI compliant and ensure that card details are kept safe.

Please let me know if you need any further assistance!

With the last paragraph I am more relaxed, since when they enter the card data it does not take you to any payment gateway. This could be good news, right?

Hi @yergomezz ,

I’m glad to hear you’re feeling more confident about the payment process on your site. It’s great that your customers can enter their card details directly without being redirected to an external payment gateway—it’s definitely a good sign!

That said, it’s important to ensure your site is PCI-DSS compliant when handling sensitive payment information. These security standards are designed to protect cardholder data, and non-compliance can lead to serious issues like data breaches or legal penalties.

If you’re using a third-party payment gateway plugin, it’s reassuring to know that most of them, including WooCommerce-supported ones, are designed to be PCI compliant. To confirm, you can ask the plugin’s developer directly if their gateway is PCI compliant. For more details, you can refer to this guide: PCI-DSS Compliance and WooCommerce.

However, based on the reference thread, it seems the issue might be related to malware on the user’s site. If that’s the case, it’s essential to regularly consult with your hosting provider to check for any unusual activity or work with a local developer to monitor your site, especially if you’re not tech-savvy.

In the meantime, this tool can help you scan your site’s scripts for potential security concerns: Sucuri SiteCheck.

Let me know if you have any questions or need further clarification. ??

• This reply was modified 2 months, 3 weeks ago by Jonayed (woo-hc).

You have not understood anything of what I am saying. Have you read the previous messages?

Hi @yergomezz ,

Thanks for reaching out! I hope I’ve understood your question correctly, but I’d appreciate it if you could clarify a bit more, particularly regarding this statement:

Since when they enter the card data it does not take you to any payment gateway. This could be good news, right?

From my understanding of your message, it seems like your site is experiencing a strange issue where a random credit card field has appeared. You also mentioned two concerns:

1. If customers have entered their card details into this field, is there a big problem?
2. Could the person who hacked your site have access to those card details?

Could you confirm how you verified that your site might have been hacked or if any malicious activity occurred?

Regarding your concerns:

• If this situation is happening, I recommend immediately contacting your hosting provider. They can provide real-time insights into your database, files, and activity logs to help identify any unauthorized access or unusual behavior.
• Your host can also investigate whether card details have been compromised and guide you through securing your site.

Let me know how else I can assist you!