#Dejan
nova moth
Hi
You can follow/implement one(all) these suggestion in order to prevent card testing:
https://stripe.com/docs/disputes/prevention/card-testing#prevent-card-testing
like blocking IP address, Add rate limits...
other best practices are here:
https://stripe.com/docs/disputes/prevention/best-practices
nimble nexus
hello, but this are not coming from the actual website
is it possible that someone got our keys?
nova moth
Yeah every think is possible, they can do API calls on your backend...
You can revoke your api key
And create new one
https://stripe.com/docs/keys#rolling-keys
nimble nexus
yes, i already did that but it still happens, can i check where did the payment was made from was it our backend or something else?
can you also check the payments on my account
nova moth
Can you share a PaymentIntent id example ?
nova moth
checking...
nimble nexus
ok
nova moth
This request looks like triggered not from your website, not sure, probably you should reach out to Stripe Support for more insights about this. https://support.stripe.com/contact/email?topic=other
nimble nexus
ok , can i have some functionallity to block all request outside specific domain ?
nova moth
I'm not sure honestly about that, but you can check Stripe Radar for that:
https://stripe.com/docs/radar/rules
I invite you to double check this with Stripe Support too:
https://support.stripe.com/contact/email?topic=radar
nova moth
but is there rule for the domain ?
No.
You can find all the attributs here:
https://stripe.com/docs/radar/rules/reference#supported-attributes
nimble nexus
what about this from ChatGPT?
Yes, Stripe Radar does provide a rule that checks the domain of the request. The rule is called "Blocked domains" and it allows you to block payments that originate from specific domains that you consider suspicious or fraudulent.
To set up the "Blocked domains" rule in Stripe Radar, follow these steps:
Log in to your Stripe account.
Navigate to the "Radar" section in the left-hand menu.
Click on "Rules".
Click on "Create rule".
Give your rule a name, such as "Blocked domains".
Under the "Conditions" section, select "Email domain" from the drop-down menu.
Choose the condition that you want to apply, such as "Equals" or "Contains".
Enter the domain that you want to block in the text field.
Under the "Actions" section, select "Block payment" from the drop-down menu.
Click on "Save" to create your rule.
Once you have set up the "Blocked domains" rule, any payment requests that originate from the specified domain will be blocked and you will receive a notification in your Stripe dashboard. This can help you prevent fraudulent transactions and protect your business from chargebacks and other issues.
this is for the email ? not the actual request right?
nova moth
this is for the email ? not the actual request right?
Yes.
still roseBOT
soft stag
Hi! I'm taking over my colleague. Please, let me know if you have any other questions.