Hi everyone,
Not sure if this is an IT or Finance question, but I'll check here first. We've been getting fraudulent donations from one account that uses different credit cards each time with fake addresses, always through our website, and they're using a VPN to use a few different IPs. This has been happening since mid-December, just a few transactions a week. They started out as $1 gifts, so we upped our minimum standalone donation amount to $10. That didn't stop them, so now we're considering putting in a ReCaptcha box on our donation page. I'm pretty sure this is just one person, so ideally we don't want to spend much money trying to stop them.
Has anyone else had this problem, and if so, how did you stop it? We're refunding all of these fraudulent gifts as we find them, but I'm still worried about chargebacks and the ethical implications of allowing someone to do this on our website.
Krystle
We haven't experienced this with any actual transactions, but we did have a lot of fraudulent accounts being created up until recently. We're on TNEW so we looped in the network. They installed bot protection software called Imperva (used to be called Incapsula), free of charge, and the accounts have gone down drastically. Mind you, this was just installed on 12/18, so my data set is pretty small at this point, but that might be another option for you.
Do we know if the installation of Imperva/Incapsula is now standard for T-New Users? Or is this done on a case by case basis?
No idea as to whether or not it is now standard. I certainly had to ask for it when we installed it, but that was well over a year ago now. As for the fraudulent accounts, those have been indenfitied mostly by sight/feel when the Box Office does its daily new account clean-up sweep.
Hi Both, Incapsula (A web application firewall or WAF for those of you not familiar) is not yet standard for TNEW but will be with the move to AWS later in 2020. John, if you requested this at the time of TNEW go-live then you would have it in place already, but should be able to check that with a support ticket to verify. We install i case-by-base for members who request it right now.
Thanks,
Chris
Sorry if my response was unclear, but I am not in doubt. I asked, and it was installed. I was merely trying to clarify to Tom that I did indeed have to ask for it. But it sounds like you are headed in the direction of standardization on it as it is, so this should eventually be a moot point.