Horrible – NOT SECURE and penalized with dispute fees

Howdy @difaye,

Thank you so much for sharing your experience. I can only imagine how frustrating this experience has been for you.

What you describe is an instance of card testing, which is also called “carding.” This is when a fraudster uses a payment form to test the validity of credit cards.

Fraudulent activity such as card testing is an unavoidable part of online commerce regardless of what payment provider is used. As a result, card testing has consequences for the entire payments ecosystem, so merchants, card networks (e.g., Visa, Mastercard), we at WooCommerce, and our payment partners at Stripe work hard to prevent it.

WooPayments has built-in measures to prevent or limit the impact of fraud, but merchants are responsible for their own fraud prevention. We recommend reviewing your orders regularly, refunding orders that look risky, and installing some extensions to help. While we suggest WooCommerce Anti-Fraud as a way to determine the risk level of a transaction and reCaptcha for WooCommerce to prevent automated purchases, there are likely other options available on www.ads-software.com that can help boost your site’s fraud prevention stategy.

As mentioned above, we recommend that any payments that you suspect to be fraudulent should be refunded to avoid payment disputes. We will reach out to our partners at Stripe to help issue refunds—including transaction fees—for all payments so far that match patterns of a card testing attack. We will also contact you directly through our ticketing system so that we can discuss some nuances associated with your account.

Hi Chris – no one has contacted me through a ticket system. However, I have been charged dispute fees even after offering refunds. This is a very flawed system to not even give small businesses a chance to apply corrective measures after a fraudulent attack. I should not be responsible for fraud prevention. Does this apply to brick & mortar shops? Are they responsible if someone uses a stolen card?? This plugin is leaving online shops vulnerable and responsible, whereas PayPal does everything in their power to protect the businesses that support them. I should not need to install 3x plugins to protect my shop when one will do the job. All of the charges that were disputed were due to a card testing attack. If your truly willing to hep including your initial reply that you will reach out to Striper, please let me know. At this point, you have not assisted me in this matter. I hope that other small businesses do not experience this and urge them to use alternative payment processing plugins.

Hi again @difaye,

no one has contacted me through a ticket system.

That’s strange! I sent some correspondence on 12 September at 13:29 UTC to an inquiry that matched your issue. The user in the ticketalso referenced fayeandco.com, which matches the site in your www.ads-software.com user profile.

For your reference, here is some information:

• Ticket number: #6806413
• Sender address: [email protected]
• Subject: Re: [WooPayments] I have a payment being disputed

I’ve since re-sent my reply to the same address we have on file. This created a new ticket; for your reference, that ticket is #7138945.

I should not be responsible for fraud prevention. Does this apply to brick & mortar shops? Are they responsible if someone uses a stolen card?

This is a great question!

A brick-and-mortar store deals with “card-present” transactions while an online store deals with “card-not-present” transactions. There are different procedures for verifying the cardholder and preventing fraud in each of these scenarios, so there isn’t a firm 1:1 correlation.

While banks and card networks handle these types of payments very differently in many regards, card-present transactions can still be disputed and decided in a cardholder’s favor if a fraudulent card is used. However, those decisions are ultimately determined by the cardholder’s bank and are not handled by the payment processor or the card network.

I have been charged dispute fees even after offering refunds. This is a very flawed system to not even give small businesses a chance to apply corrective measures after a fraudulent attack.

[…]

If your truly willing to hep including your initial reply that you will reach out to Striper, please let me know.

I won’t get into specifics about this topic in a public forum, as delving deeply into this topic may expose private information about your store and your customers. However, I’ve shared some information regarding these payments in my replies in the aforementioned tickets.

If you still not have received a reply from me, please contact us at WooCommerce.com > My Account > Support. You may need to create an account before you can access that page.

Please include a link to this forum thread, so that we can keep track of what’s already been done. You can also reference tickets #7138945 and #6806413 to expedite communication.