Announcement

Collapse
No announcement yet.

Carding and other fraud

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Carding and other fraud

    Several times during the past year, we have been attacked by a series of fraudulent transactions on our old payment processing system. The payment processor has called it "carding". Since we are switching to Click & Pledge, I would like to know how this system will interrupt such transactions. Some such transactions have all of the correct account information including address and security code. Will these transactions be accepted by Click and Pledge? A greater number of transactions have the correct security code but incorrect address. Will these be rejected by Click and Pledge?

    Basically, I need to know how the anti-fraud systems identify suspicious activity.

  • #2
    Good day!

    We employ various methods and third party provides as well as AVS to identify fraud and block suspicious activity. Of course no method is 100% guaranteed and there is always leakage.

    We guarantee to waive all fees associated with fraud so if any fraudulent transactions occur all chargeback and associated fees are waived.

    Please let us know if we can be of any further assistance.
    Regards,
    Click & Pledge Support Department

    On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

    Join us @ the educational webinars: https://clickandpledge.com/webinars/
    Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
    Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

    Comment


    • #3
      OK, thanks. I guess we'll see how things go once we go "live". Having trouble with iPage and GeoTrust. They are saying it may be as much as a month before they get it fixed. Yikes!

      Comment


      • #4
        Good day!

        I am not sure I understand. iPage has problem with an SSL provider? how can that be?

        can you not use another SSL provider? The following site can give you a lot of options at very good prices: http://servertastic.com

        Not sure how we can help.
        Regards,
        Click & Pledge Support Department

        On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

        Join us @ the educational webinars: https://clickandpledge.com/webinars/
        Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
        Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

        Comment


        • #5
          Why are you surprised that iPage would have a problem with an SSL provider?

          They apparently have an exclusive agreement with GeoTrust, so we can't get a certificate anywhere else.

          I wasn't asking for help. Just stating a fact. Thanks for the suggestions.

          Comment


          • #6
            Good to know..

            will help others in the forum just in case.

            thank you for sharing.
            Regards,
            Click & Pledge Support Department

            On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

            Join us @ the educational webinars: https://clickandpledge.com/webinars/
            Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
            Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

            Comment


            • #7
              You're welcome.

              Along these lines, I was thinking about the security of the account information present in the code of a typical FaaS form. Would it be prudent to hide the account number and/or GUID somehow? Otherwise, a credit card thief could duplicate our form and rapidly issue transactions on our account. What would prevent this? Is there a way to create a form with PHP or Javascript such that the critical information is not sent to the donor's computer?

              Comment


              • #8
                Good day!

                You are bringing up a good point.

                When we design forms we write a Javascript and read the account information through that file. The problem with doing it this way is that older browsers won't be able to run the form if JavaScript is not supported, IE 8 and earlier- especially if your JS library is a new version not supported by those browsers.

                From a security perspective you have a few other options available.
                • Account Info > Profile > API Information


                click to enlarge
                Click image for larger version

Name:	API_Security.jpg
Views:	1
Size:	100.7 KB
ID:	15450

                You may use the Allowed URL's and add the URL from which a transaction may be processed. Make sure to test and enter the correct URL otherwise all transactions will fail due to URL validation error.

                I believe based on what you are stating to be a concern the above will address your concern.
                Regards,
                Click & Pledge Support Department

                On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

                Join us @ the educational webinars: https://clickandpledge.com/webinars/
                Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
                Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

                Comment

                Working...
                X