K1ngJ0rd0 | Stripe Developers | Page 1

sand cypressBOT Oct 4, 2023, 3:24 PM

#

rustic heath Oct 4, 2023, 3:24 PM

#

Hello there

peak arch Oct 4, 2023, 3:24 PM

#

Hello

rustic heath Oct 4, 2023, 3:25 PM

#

Sounds like you may have been the target of some card testing.

#

Are you familiar with card testing?

peak arch Oct 4, 2023, 3:25 PM

#

Seems that way, but not really familiar with it

#

I have since changed my password and 2FA.
Should I be worried my customers data is compromised?

rustic heath Oct 4, 2023, 3:29 PM

#

No, most card testing can be performed simply by using your publishable key which is public on your site. No way to prevent access to that.

#

What you want to do is ensure that the card testing gets blocked

#

So I'd recommend reading through https://stripe.com/docs/disputes/prevention/card-testing and implementing some of those preventions

peak arch Oct 4, 2023, 3:30 PM

#

They can use a public key? I thought stripe had a “secret key”?

rustic heath Oct 4, 2023, 3:31 PM

#

That's correct, there is a secret key which is used for your server and no one but yourself should ever have access to.

#

Then there is a publishable key which is used client-side.

#

Are you a developer here?

peak arch Oct 4, 2023, 3:32 PM

#

I have a development team, but they are on opposite timezone as me and aren’t yet aware of what I’ve experienced

rustic heath Oct 4, 2023, 3:33 PM

#

Yeah okay well I'd chat with them about this. Overall as long as there weren't any unexpected server-side requests here then your data isn't compromised. But as noted, I would recommend ensuring you have card testing preventions in place like we discuss in the above doc.

peak arch Oct 4, 2023, 3:33 PM

#

Ok thanks

#K1ngJ0rd0