Hello! We have an ongoing (and potentially fraudulent) problem with online constituents being created with gibberish names and bogus addresses. AND there are never any orders associated with the new accounts. I cannot figure out the purpose, if this is a preemptive attempt at setting up fraudulent order, and are they BOT created. I run a New Record Summary report everyday, and everyday go through the list of new online accounts that were created the day before. The bogus accounts are pretty easy to spot, but sometimes number in the teens or twenties each day. I then go into each account and deactivate them, which can be quite laborious. Does anyone else have this issue and do you have any other way of dealing with them. More often than not, they have emails with the word stellard in the address. I have an ongoing ticket trying to find a pattern that might help create some preventative measures in keeping these accounts from being created. Any shared experiences are welcome.
Hi Michael - we are on a custom site and not TNEW, but have dealt with similar issues in the past. We also have CAPTCHA in the login process to dissuade bots, but a while ago there was a very persistent human user who kept using our guest checkout flow to test credit cards (this was before we switched to TMS so the web payment iframe was not as sophisticated - if you're on Adyen/TMS now, I assume you're in better shape on that front).
Just a couple of thoughts - even though no orders are visible in Tessitura for these accounts, have you double-checked in the Adyen portal to see if any charges were attempted and failed? We've seen that before with pre-TMS carding attempts, where luckily every charge attempt is blocked so Tessitura looks clean, but there's a mess in the CC processor logs with all the failed tries.
You or someone with SSMS access can also check the suspicious customer_nos against the T_WEB_ORDER table, which will hold the record of an attempted order, even if the order was ultimately abandoned, to see if they were poking around with tickets or a donation at any point. I think you can also reference t_web_session_Session to try to track down the web session info and IP address of a given user. When we had one annoying bad actor hanging around on our website, we tracked down their IP address and blocked it entirely using our virtual waiting room, so they could never get over to the e-commerce side of our site. I'm not sure if TNEW has an equivalent functionality out of the box, or if Tessi support could help there. Of course, it's not that hard to cycle to a new IP address with a VPN or something, but doing an IP block at least forces them to start over from scratch, and at a certain point the goal is just to make it annoying enough that they give up and move on.
Hope that helps, and would love if anyone else has other tips!
Thanks for all of these great tips, Evan!
Just wanted to post my results so far in case it's helpful to anyone else with this issue - We're still using Windcave, so we checked there to see if there was an uptick in declined/failed credit card transactions. No luck. I also tried looking in T_WEB_ORDER and I'm seeing a lot of abandoned orders/contributions. Not much useful info in the site logs for those sessionkeys, but it definitely looks like they are trying to complete transactions. I was able to track down some IP addresses in t_web_session_Session, but I'm not finding a pattern there either. When I look up some of them, I'm seeing various countries of origin (e.g. India, Israel, Vietnam, etc.).