yolan.pibrac | Stripe Developers | Page 1

patent badgerBOT Feb 20, 2023, 10:33 AM

#

rough lava Feb 20, 2023, 10:34 AM

#

Hi there!

#

I recommend reading this doc: https://stripe.com/docs/disputes/prevention/card-testing

wanton falcon Feb 20, 2023, 10:35 AM

#

Thank you, I will do that

wanton falcon Feb 20, 2023, 11:13 AM

#

After reading the documentation, my question remain. (We followed the guidelines with the recaptcha protection, we provide maximum of data we have on the customer creation, all ou secret keys are fully protected).
But the problem is that the hacker, use our publishable key, to make calls to https://api.stripe.com/v1/payment_intents/***/confirm directly. So we have no control on this because it is on stripe's side.

I can reproduce the attack myself, by calling the endpoint with different payment method, after creating a real payment method.
What possibility can we have to avoid this attack ? Are they lot of companies that experience this kind of attack ?

rough lava Feb 20, 2023, 11:25 AM

#

Have you tried adding a Radar Rule as mentioned in the link I shared? https://stripe.com/docs/disputes/prevention/card-testing#radar

#yolan.pibrac