[Hidden-tech] Credit Card Fraud attempts at Charity site

Town Websites townwebsites at gmail.com
Mon Jan 17 20:49:41 EST 2011

Previous message: [Hidden-tech] Voice-over talent, script developer
Next message: [Hidden-tech] Twitter auto note when someone starts following you
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Christine, why isn't there a way to capture the IP?  Is it coming from
too many different sources?

 

I use the Stop Forum Spam database to filter out form spammers; that gives a
fairly large number of spamming IP addresses though I don't know if it fits
the profile of credit card fraud IP's.  If you have a serious annoyance you
could add something like a recaptcha.net verification but I would think
you'd prefer not to put that barrier up which might be enough to drive away
some legitimate donors.   I'd be glad to take a quick look to see if I can
help you figure out the signature of these attempts and what avenues others
have used to avoid the annoyance.

 

Charlie 

 

 

 

From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of Christine
Takacs
Sent: Friday, January 14, 2011 6:23 PM
To: hidden-discuss at lists.hidden-tech.net
Subject: [Hidden-tech] Credit Card Fraud attempts at Charity site

 

Hi All You Smarties,
I wonder if anyone is familiar with the problem of stolen credit cards being
tested on Charity sites? A website I am managing is currently a target of
such attempts. A person is repeatedly trying to charge $.01 on hundreds of
different cards.

It is a Joomla site, utilizing the Joom Donate plugin. We are using SSL and
Verisign security certificates and requiring address matches. Also we are
using Authorize.net and have set fraud filters so no fraudulent transactions
are succeeding. I've read that this scheme happens on other more
high-profile sites too- like Haiti Relief and Obama Campaign, etc. But it is
still a concern and an annoyance to my client. There doesn't seem to be a
way to capture this person's IP address to block it.

 

Researching the site's Google analytics, it looks to me like the frauds have
used the following keywords to find the site:

*	inurl:index.php intext:cvv donate
*	allinurl:="view=donation"
*	inurl:index.php intext:donate cvv


Although I've done lots of web design, I'm fairly new to the back end and am
by no means an engineer, so I wanted to ask a few dumb questions:

*	Can these credit card fraud attempts do any harm to a site or
donation system?
*	Is there something we can do to dissuade attempts like this?

 

Thanks in advance for any helpful advice!

 

Best Regards,

Christine
................................................
Christine Takacs
Rapt Creative

82 Oak Grove Avenue

Brattleboro, Vt. 05301

 

802-221-4692

www.raptcreative.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20110117/89ea014f/attachment.html

Previous message: [Hidden-tech] Voice-over talent, script developer
Next message: [Hidden-tech] Twitter auto note when someone starts following you
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Hidden-discuss mailing list