Announcement

Collapse
No announcement yet.

Carding and other fraud

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CnP.Support
    replied
    Good day!

    You are bringing up a good point.

    When we design forms we write a Javascript and read the account information through that file. The problem with doing it this way is that older browsers won't be able to run the form if JavaScript is not supported, IE 8 and earlier- especially if your JS library is a new version not supported by those browsers.

    From a security perspective you have a few other options available.
    • Account Info > Profile > API Information


    click to enlarge
    Click image for larger version

Name:	API_Security.jpg
Views:	1
Size:	100.7 KB
ID:	15450

    You may use the Allowed URL's and add the URL from which a transaction may be processed. Make sure to test and enter the correct URL otherwise all transactions will fail due to URL validation error.

    I believe based on what you are stating to be a concern the above will address your concern.

    Leave a comment:


  • ss57
    replied
    You're welcome.

    Along these lines, I was thinking about the security of the account information present in the code of a typical FaaS form. Would it be prudent to hide the account number and/or GUID somehow? Otherwise, a credit card thief could duplicate our form and rapidly issue transactions on our account. What would prevent this? Is there a way to create a form with PHP or Javascript such that the critical information is not sent to the donor's computer?

    Leave a comment:


  • CnP.Support
    replied
    Good to know..

    will help others in the forum just in case.

    thank you for sharing.

    Leave a comment:


  • ss57
    replied
    Why are you surprised that iPage would have a problem with an SSL provider?

    They apparently have an exclusive agreement with GeoTrust, so we can't get a certificate anywhere else.

    I wasn't asking for help. Just stating a fact. Thanks for the suggestions.

    Leave a comment:


  • CnP.Support
    replied
    Good day!

    I am not sure I understand. iPage has problem with an SSL provider? how can that be?

    can you not use another SSL provider? The following site can give you a lot of options at very good prices: http://servertastic.com

    Not sure how we can help.

    Leave a comment:


  • ss57
    replied
    OK, thanks. I guess we'll see how things go once we go "live". Having trouble with iPage and GeoTrust. They are saying it may be as much as a month before they get it fixed. Yikes!

    Leave a comment:


  • CnP.Support
    replied
    Good day!

    We employ various methods and third party provides as well as AVS to identify fraud and block suspicious activity. Of course no method is 100% guaranteed and there is always leakage.

    We guarantee to waive all fees associated with fraud so if any fraudulent transactions occur all chargeback and associated fees are waived.

    Please let us know if we can be of any further assistance.

    Leave a comment:


  • ss57
    started a topic Carding and other fraud

    Carding and other fraud

    Several times during the past year, we have been attacked by a series of fraudulent transactions on our old payment processing system. The payment processor has called it "carding". Since we are switching to Click & Pledge, I would like to know how this system will interrupt such transactions. Some such transactions have all of the correct account information including address and security code. Will these transactions be accepted by Click and Pledge? A greater number of transactions have the correct security code but incorrect address. Will these be rejected by Click and Pledge?

    Basically, I need to know how the anti-fraud systems identify suspicious activity.
Working...
X