[Hidden-tech] Credit Card Fraud attempts at Charity site

Kevin Phillips kevin at kpitconsulting.com
Sat Jan 15 08:39:56 EST 2011


Find the IP of where the attempts are coming from and if the vast majority
are from foreign countries ban the IP range at the firewall.

You hosting company should be familiar with these techniques and likely have
IP ranges ready to apply.

 

Kevin Phillips 

KPIT Computer Consulting 

kevin at kpitconsulting.com 

Office (413) 420-0212

Cell (413) 330-7789

 

www.kpitconsulting.com

www.wmassforums.com

 

From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of Christine
Takacs
Sent: Friday, January 14, 2011 6:23 PM
To: hidden-discuss at lists.hidden-tech.net
Subject: [Hidden-tech] Credit Card Fraud attempts at Charity site

 

Hi All You Smarties,
I wonder if anyone is familiar with the problem of stolen credit cards being
tested on Charity sites? A website I am managing is currently a target of
such attempts. A person is repeatedly trying to charge $.01 on hundreds of
different cards.

It is a Joomla site, utilizing the Joom Donate plugin. We are using SSL and
Verisign security certificates and requiring address matches. Also we are
using Authorize.net and have set fraud filters so no fraudulent transactions
are succeeding. I've read that this scheme happens on other more
high-profile sites too- like Haiti Relief and Obama Campaign, etc. But it is
still a concern and an annoyance to my client. There doesn't seem to be a
way to capture this person's IP address to block it.

 

Researching the site's Google analytics, it looks to me like the frauds have
used the following keywords to find the site:

*	inurl:index.php intext:cvv donate
*	allinurl:="view=donation"
*	inurl:index.php intext:donate cvv


Although I've done lots of web design, I'm fairly new to the back end and am
by no means an engineer, so I wanted to ask a few dumb questions:

*	Can these credit card fraud attempts do any harm to a site or
donation system?
*	Is there something we can do to dissuade attempts like this?

 

Thanks in advance for any helpful advice!

 

Best Regards,

Christine
................................................
Christine Takacs
Rapt Creative

82 Oak Grove Avenue

Brattleboro, Vt. 05301

 

802-221-4692

www.raptcreative.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20110115/4008c2d2/attachment-0001.html 


Google

More information about the Hidden-discuss mailing list