Big time fraud issues

  • I’ve had TENS of THOUSANDS of fraudulent charges attempted since using this plugin. Thousands have actually gone through as well. My store reputation has been trashed and I’ve been on the hook for chargeback and dispute fees. This has been a nightmare.

    Please be warned that this plugin is NOT SECURE to use for Stripe payment processing.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support mbrsolution

    (@mbrsolution)

    Thank you for this feedback. We’re sorry to hear about your experience. Please create a support ticket from the following link and we will try to help:
    https://www.ads-software.com/support/plugin/stripe-payments/

    Kind regards.

    Plugin Author mra13

    (@mra13)

    This can happen if the captcha v2 option is not enabled. This is explained in the following documentation:
    https://s-plugins.com/stripe-payments-recaptcha-addon/

    You won’t have any issue with Stripe if you explain to them that you were attacked by card testing.
    https://stripe.com/docs/card-testing

    I posted in an earlier post about contacting us so we can check more details to make sure which version of the plugin you were using and your captcha setup (if you were using any) but no one has contacted.

    Hi,

    We also had a bot attack recently while using the Accept Stripe Payments plugin. I had been ‘diligently ignoring’ the warning that reCAPTCHA was not enabled, because we are using an anti-spam plugin (which will remain nameless) which specifically claims to obviate the need for CAPTCHA usage. I opened a support case with that plugin’s developer but they were unable to find out why it had failed in that manner.

    So – lesson learnt the hard way – we now have reCAPTCHA v2 enabled, per the Accept Stripe Payments instructions!

    I do have a followup question for @mra13 or @mbrsolution though – is is perfectly safe to have Google’s reCAPTCHA Security Preference set to the middle setting rather than to “Most Secure”?

    Cheers, S.

    Plugin Author mra13

    (@mra13)

    Sorry to hear that. It’s really good to have a read through of the following post:
    https://s-plugins.com/protect-yourself-from-card-testing/

    Yeah the reCAPTCHA with “I am not a robot” checkbox is the best option to use. It’s recommended by Stripe also.

    I would also recommend using the limit feature we implemented in the plugin. You can set a limit based on your expected average transaction numbers. If you hit the limit, then you can raise it a bit.

    Thanks – I have set ‘Daily Transaction Limit with Captcha’ to 5 (we have never had more than 2 sales in one day, so I think this is sufficient).

    I had to set ‘Daily Transaction Limit without Captcha’ to 1, because when I tried 0, I found it had defaulted to 25 after saving.

    It would be nice to be able to set it to zero, but I imagine that setting is irrelevant anyway, since we have Captcha enabled?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Big time fraud issues’ is closed to new replies.