Hi everyone,
Not sure if this is an IT or Finance question, but I'll check here first. We've been getting fraudulent donations from one account that uses different credit cards each time with fake addresses, always through our website, and they're using a VPN to use a few different IPs. This has been happening since mid-December, just a few transactions a week. They started out as $1 gifts, so we upped our minimum standalone donation amount to $10. That didn't stop them, so now we're considering putting in a ReCaptcha box on our donation page. I'm pretty sure this is just one person, so ideally we don't want to spend much money trying to stop them.
Has anyone else had this problem, and if so, how did you stop it? We're refunding all of these fraudulent gifts as we find them, but I'm still worried about chargebacks and the ethical implications of allowing someone to do this on our website.
Krystle
Maybe this is useful information: these kinds of small $1 authorizations are typically a fraudster who has purchased a bunch of stolen credit card numbers from a "black market" data broker, and are making these small authorizations to see which of the numbers they purchased are still usable, and which have already been cancelled. So, the fraudster must have identified your website as one where they can easily leverage your payment processing to do authorizations on the cards. Anything you can do to make this more of a chore for them will make it more likely that they'll go someplace else. ReCaptcha is a good first step.
Thanks! Yeah, that's what I figured - that's why I upped the minimum donation amount to $10, but apparently this person is willing to test the stolen cards with higher amounts of money. I'll update here if we come up with any other solutions beyond the Recaptcha.