[ad_1]
I work for a small non profit and we have started getting a ton of obviously fake donations form people trying to test if stolen credit cards. Does anyone have advice on how to stop this? Captcha/other? We use forms from Givecloud and I am not a coder developer, just a random person trying to keep this website from falling apart
[ad_2]
Usually your payment processor filters that out.
Most of the time this is automated so a Cloudflare based captcha could reduce the tries. We use stripe which has something called Stripe Radar , that also helped us remove a lot of fake tries.
You can do a check to see if the ip is coming from CO but the billing zip code is from TX, you know something’s up. That said, I’ve a close friend who lives in CO and still has her billing in TX. This is an interesting problem I might be interested in volunteering at a nonprofit to help with.
Use a better donation solution/plugin.
I’ve found that while this is something that your payment provider should be offering protection against; most shuffle that responsibility on to you.
I’ve had this happen to several WooCommerce stores, and my solutions have been to:
1. Limit the amount of orders any IP may place for given period of time
2. Use ReCaptcha for checkout
That seems to make it hard enough that they give up and look for softer targets.
We’ve found that the test donations were usually $1, so we’ve set a $10 minimum for all donations. I can’t remember if we set that up through our Stripe account or Gravity Forms.
We had it initially set at a $10 min and we’re getting hit hard. Upped the min to $20 and they persisted. Finally at $50 they seem to have stopped. We use recaptcha and “advanced” fraud protection as well.
As long as you are not getting charge backs, who cares? 😂
Up your minimum amount (eg $50). Block traffic from sketchy countries with Cloudflare WAF rules. Implement CF Turnstile.
Use cleantalk.org to filter payment submissions. It’s very affordable too
I’m pretty sure that Stripe makes quite a business of detecting and shutting down this card shop fraud. If this were my nonprofit web site I’d have this conversation with their customer support krewe and ask for advice.
Unfortunately a lot of these suggestions require a fair amount of knowledge on your server.
Your best options is paying for a cloudflare plan that allows you to throw on captcha onto a page. Your CRM should also probably have a captcha option available. Speak to your development team on what options Givecloud have for bad cards.
If this was through woocommerce, you could set up something that blocks the IP after x number of attempts. But you’re probably just throwing something into a page that Givecloud gives you, right? In that case, reach out to their support team, would honestly be your best bet. That + either cloudflare or a plugin on adding a captcha to certain pages.
Some parts of this documentation is specific to the Newspack plugin, others for WooCommerce — but most of it is good general advice: set up reCAPTCHA, set a minimum donation level, etc.
https://help.newspack.com/revenue/reader-revenue/keeping-donations-secure/
Look into 3DS authentication, your payment processor should be able to set this up. It requires an additional check from the payer to verify they are the owner of the credit card.
Stripe for a quick read : https://docs.stripe.com/payments/3d-secure but as I said, depending on your processor they should have a similar process.