Does WordFence Do This?

  • Resolved marketingbugle

    (@marketingbugle)


    1 year, 2 months ago

    Hi team,
    WorldPay are the company I use to take payments for my client's eCommerce website. The site had a 'Card-Testing' attack with 1000s of fake purchases and so WorldPay have suggested the following additions to the site's security. My question is, will Wordfence Security cover for this type of protection, please? Or can you advise on what is required to gain this level of protection?
    QUOTE FROM WORLDPAY SUPPORT:
    I would recommend speaking to your web developer for further help and support in relation to implementing further security to stop these attacks moving forward. Please see a below list of best practices which could be implemented to help.

· Leverage authentication and CAPTCHA controls to prevent automated transaction initiation by bots or scripts (e.g. 5 authorisations from one IP address or Account).

· Utilise fraud detection systems that support device fingerprinting and botnet detection.

· Use a layered validation approach that employs Card Validation Codes and Address Verification Services.

· Analyse time zone differences and browser language consistency from the cardholder’s IP address and device. Classify these transactions as potentially high risk and perform more stringent reviews.

· Inject random pauses (i.e. throttling) when checking an account to slow brute force attacks that are dependent on time, especially for Bank Identification Numbers (BINs) that have been determined to have a high fraud incidence.

· Include IP address with multiple failed card payment data in a fraud detection blacklist database for review and analysis.

· In addition to velocity checks for small and large transactions, use velocity checks for low amounts or authorisation-only transactions.

· Look for excessive usage and bandwidth consumption from a single user.

· Look for multiple tracking elements in a purchase linked to the same device (e.g. multiple transactions with different cards, using the same e-mail address and same device ID).

· Look for logins on a single account coming from many IP addresses.

· Review logins with suspicious passwords that hackers commonly use.

· Lock out an account if a user guesses the username/password and any account authentication data incorrectly on “x” number of login attempts.
Viewing 1 replies (of 1 total)

  • Hello @marketingbugle , thank you for reaching out.

    Wordfence offers a variety of security services for our members. 

    We offer several forms of login security in the form of reCAPTCHA to filter out bot users, Brute Force Protection in the form of IP blocking users after a set number of failed attempts, and Two Factor Authentication to further secure user and administrator accounts. We also offer WooCommerce Integration as well as allowing you to add Two Factor Authentication to custom pages.

    Wordfence comes with IP Blocking, as well as protection against other forms of malicious activity such as SQL Injections and DOS Attacks through our Firewall.

    Since the traffic typically will look like valid traffic, Wordfence cannot detect a good credit card vs. a bad credit card, or a valid purchase vs. an invalid purchase. We don’t want to block anything that might be actual business for your site.

    When it comes down to it, in Wordfence, blocking the IPs or user-agents (if you notice patterns between either) are a few things to consider.Rate Limiting can be an excellent tool in providing help, depending on how frequently the IPs are changing. Wordfence Rate Limiting can detect an increase in requests and can be used to throttle the attack from both human and bot traffic. You can check that out below to reference our recommended settings. You can set those up to be a bit more strict than we recommend, however, if you set them too strict, you will see warnings and may have unexpected blocking occur: https://www.wordfence.com/help/firewall/rate-limiting/

    You might also want to consider using a captcha specific to your billing plugin. You can also look into AVS and CVV matching. The Address Verification System (AVS) checks the billing address that buyers provide at checkout against the address that the credit card company has on file for them. The credit card company sends a response immediately to let you know if the billing address matches. You will want to check with the billing system for information on AVS verification.

    While preventing Carding Attacks completely is nearly impossible, we can provide you the tools to limit their abilities and make it a lot harder for them. We covered carding attacks on a Wordfence Live episode which has helpful information on this issue: https://www.youtube.com/watch?v=dXEjgyqWKPs

    For any additional information you can reach out to presales @ wordfence . com for assistance.

    Hope this helps,

    Christian

Viewing 1 replies (of 1 total)
  • The topic ‘Does WordFence Do This?’ is closed to new replies.