Carding Attacks

  • Resolved joshparkagw

    (@joshparkagw)


    2 months, 3 weeks ago

    Has anyone else recently got hit with a massive amount of carding attacks?

    I have recaptcha enabled on all the sites I’m using but they’re still somehow getting past.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Payment Plugins

    (@mrclayton)

    1. Are actual WooCommerce orders being generated?
    2. What’s the Braintree API request for these card requests?

    Carding attacks are part of operating an online business. Make sure you have advanced fraud tools enabled. The answers to 1) and 2) will help me better understand the source of your specific carding attack.

    Thanks

    1. Braintree use some javascript on checkout that which allows you to bypass the captcha
    2. We enable advanced fraud tools and we got the same problem
    3. Actual order being generated

    We’ve got the same problem, we’ve got the captcha, we change the braintree plugin that need to first check captcha and then 3d secure is generated. But somehow they bypass that.

    The plugin should, in my opinion, use the standard wordpress functions to check captcha and unfortunately this is not how it works. I don’t know if this is only the case with 3d secure or always. In this respect it is a total bummer, the developers of the plugin should integrate captcha on their own in this case.

    Plugin Author Payment Plugins

    (@mrclayton)

    Braintree use some javascript on checkout that which allows you to bypass the captcha

    Examples please?

    The plugin should, in my opinion, use the standard wordpress functions to check captcha and unfortunately this is not how it works.

    What standard WordPress functions are you referring to exactly?

    the developers of the plugin should integrate captcha on their own in this case.

    If your 3rd party recaptcha plugin is being bypassed, what makes you think adding our own custom solution would somehow resolve that? Can you provide an explanation of how your current recaptcha plugin is being bypassed?

    We are also seeing an insane amount of fake orders on our website. We also have recaptcha?at checkout via third party but the attacker somehow bypass that.

    Plugin Author Payment Plugins

    (@mrclayton)

    We also have recaptcha?at checkout via third party but the attacker somehow bypass that.

    You should enable the WooCommerce option to require an account during checkout. See if that reduces the number of fake orders.

    Carding attacks don’t indicate a Braintree plugin issue.

    Thanks

    I see given thread was last active 2 months and 2 weeks ago. However, because of someone able to bypass captcha it is causing lot of trouble. It should be inbuilt flow or should be provided as hook to amend the process of card verification. PayPal is chasing us for the same.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.