Card Testing Security Breach | WordPress.org

Hi @angellitox

I see that your current plugin lacks support for these security suggestions. 

reCAPTCHA is functionality that you can add to your WooCommerce store using a 3rd party plugin. There are several good options available if you perform a search. It doesn’t make sense for us to cram a bunch of functionality into our plugin that can be added using trusted plugins that already exist.

Our plugin implements Payment Elements already, which Stripe has rated as excellent in terms of preventing carding attacks.

You can also enable settings like requiring a customer account instead of guest checkout.

WooCommerce introduced rate limit support in WC version 7.2 when using the checkout block. https://developer.woocommerce.com/2022/11/22/store-api-now-supports-rate-limiting/

You can contact us for specifics regarding how to implement additional checks using customization.

Kind Regards,

Thank you for your kind words and the huge clarification towars my ignorancy. My question goes that there are some similar plugins for Stripe that seem to have the feature/compatibility added. I’m looking for customers to have the recaptcha challenge when choosing Credit or debit card method, would you be so kind to point me in the right direction?

Have a great day!

Angel

Hi @angellitox

Can you share a link to the Stripe plugin which you provided the screenshot of?

We’ll send a link to some reCAPTCHA plugins shortly.

Thanks,

Sure thing @mrclayton !

https://s-plugins.com – Available on WordPress “Add New” section by the author “Tips and Tricks”. It works a bit differently as your plugin, but the feature is somehow added.

Also, I’d like to point out that the main reason of my request is because a Stripe agent literally asked us for that. We approached to them askin why Stripe Radar was letting these card testing attacks succeeding and after chatting with them, they replied us with the following email:

Hi @angellitox

Thanks for sharing the email from Stripe, that provides more context. Their reply is more providing a list of recommendations.

Merchants that use our plugins have expressed that the following reCAPTCHA plugin from WooCommerce is good. https://woocommerce.com/products/recaptcha-for-woocommerce/

There are also free options if you use the WordPress.org plugin search.

The reason we don’t include an reCAPTCHA integration within the plugin is as follows:

If our Stripe plugin provides reCAPTCHA for it’s payment methods, then if a customer is using something like PayPal or Square which we didn’t develop, they will have to install another reCAPTCHA solution. Now you have two plugins doing the same thing. It’s better to use a universal reCAPTCHA solution like the one we linked to. That way all payment methods benefit from having it enabled.

Kind Regards,

Thank you for the incredibly fast responses during the day and for the extensive information provided.

I just purchased the plugin with hopes it’ll contribute to mitigate the fraudulent activity. If anything, I’ll let you know eventually how it went.

Have a wonderful day!

Hi @angellitox

Thank you for confirming. Please keep us updated with through this support thread or by using our contact us page.

Thanks,

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer