6601 Fraudulent payments $250K+

If all of the transactions had gone through and disputed, I’d be paying:

$16 * 6601 = $105K in dispute fees to Stripe.

If there is no path to making it bullet proof against card testers, you might want to take the plugin down until the plugin team/dev can fully figure it out.

• This reply was modified 2 years ago by outlook9394.

Hi, sorry to hear about the issue you are having with our plugin. Please read the following instructions to help you further protect yourself from card testing fraud.
https://s-plugins.com/protect-yourself-from-card-testing/

Also, please make sure the plugin is updated to the latest version 2.0.70. Don’t forget to use the contact form provided in the link above to share more information regarding your setup.

Kind regards.

Hi, Sorry to see that you had to deal with this one.

Direct Stripe API integration (with any plugin) is going to be subject to this card testing attack. We are continually investigating each one of these (when a user contacts us) and adding more and more checks to the plugin to improve it. Adding too many checks also limits some of the features that we can offer. So we have been trying to balance things. We will continue to improve this.

You won’t need to pay the dispute fees once you contact Stripe and explain to them that it was a card testing attack that got through. If you contact us using the site, we will give you more guidance and help.

Few questions for you.

1) Are you using the latest version of the plugin?

2) Did you have the “I am not a robot” captcha option enabled?

3) Did you have the debug logging feature enabled by any chance? If you did, can you please contact us using our site and then you can send it to us.

Please feel free to reply to this post when you get a chance.

Thanks for your message and follow up.

1) Are you using the latest version of the plugin?

No. I had slightly older version. But I have seen card testing before.  

2) Did you have the “I am not a robot” captcha option enabled?

Yes. Visible captcha. 

3) Did you have the debug logging feature enabled by any chance? If you did, can you please contact us using our site and then you can send it to us.

Unfortunately no. It is a production environment so no debugs on.

As per stripe, perhaps due to the macroeconomic situation, stripe refused to refund dispute fees. They said the bank charges them the fee so they won’t refund. In the past, I believe they used to refund.

There is no issue with keeping the debug logging feature enabled on live setup. All it does is write additional data to a text file. It’s a good idea to keep it enabled since you had this issue once. It will be very helpful to see if there is any further attempts happening. You will be able to send us the log file if you see anything unusual there. We can then analyze it to see what kind of attempt is being made on your site and provide tips to help with your particular setup.