#.hauchu
azure robin
real jewel
Hi there, you can monitor the Payments in your Dashboard and see if there are any suspicious transacitons
shut zinc
I see still have transaction was blocked
so i dont know that my solution prevent card testing.
I get email
Rest assured that Stripe remains secure. However, we’ve detected some fraudulent activity on your Stripe account called card testing. We wanted to provide insight into the specific type of card testing we’re seeing on your account in order to help you put effective mitigations in place. We need you to take immediate action to prevent it from continuing.
It looks like the card testers are using your integration to attach card information to a Customer. This confirms whether the card is valid, even without a payment. You can see the effects of this on your Dashboard by looking at the request logs in Developer > Logs for excessive 402 errors on requests to attach card information to Customers using a secret key. Note that this includes some /v1/customers and /v1/payment_methods routes.
In order to combat the card testing, we recommend you add friction to your customer creation and/or customer card update features, making it more difficult for card testers to attach card information to new or existing customers. We also suggest implementing any other mitigations to prevent future card testing that you see fit. For a bit more context, we have documentation about card testing and how to prevent it here: https://stripe.com/docs/card-testing.
Card testing is an urgent issue for both your business and Stripe. Please reply to this message with a timeframe for implementing card testing mitigations on your integration within seven days. We understand that it may take you longer than seven days to implement card testing mitigations, but we ask that you reply with your plan and timeframe as soon as possible.
Feel free to reach out with further questions—we're here to help. — The Stripe team
And after update, i still get email testing attack is still ongoing.
Hi there,
I hope this email meets you well. Thank you very much for your patience during the investigation period. It looks like the card testing attack is still ongoing. Can you please provide more details of the mitigations you implemented, as well as any timelines?
In order to combat the card testing, we recommend you add friction to your customer creation and/or customer card update features, making it more difficult for card testers to attach card information to new or existing customers. Stripe also recommends users to combine different approaches to prevent fraudulent attempts and to minimize the impact on fraudulent activity. Here are more examples we suggest to prevent future card testing:
- Captcha: Card testers often use automated scripts that can be blocked using a captcha.
- Rate limits: In some cases, you can stop card testing by adding rate limits. Tailor these rate limits to stop the specific kind of card testing you’re experiencing.
- Require login or session validation: Card testing can often be prevented by requiring login or session validation when performing certain actions, such as creating an account or making a payment.
- Detecting and preventing unusual behavior: As soon as you’ve identified card testing activity, you can compare it to typical legitimate traffic, then build rules or filters that limit or prevent only the card testing activity.
- Radar: If card testers are making payments with your integration you might be able to use custom Radar rules to mitigate the fraudulent activity.
How i know my update mitigations working?
real jewel
Hi. I wish I could help, but this chat is focused on developers and technical questions. Our support team will be able to assist you better than I can: https://support.stripe.com/contact
real jewel
Please reach out to support.