NEW: Increased credit card testing attacks

Hello PPNSteve,

Thank you for contacting WooCommerce support.

I understand you’re dealing with card testing attacks on your WooCommerce site, even with PayPal Advanced Card Processing as your payment provider.

We have a guide that addresses these types of attacks:
How to Prevent and Respond to Card Testing Attacks.

If you have further questions or need additional assistance, I suggest you create a topic at the WooCommerce PayPal Payments forum.

Best regards.

Thanks for the reply and the link to that guide page. It has some great ideas and usable suggestions .

Will monitor this situation and update as needed.

Just a question, as mentioned in the linked topic; was there anything noticed, determined, or otherwise regarding the attackers setting the purchase attempt to “draft” during their attacks? That may ‘something’ to look at if not.

Thanks again.

Hi @ppnsteve,

I’m glad the guide was helpful!

Regarding your question about “Draft” orders being created during fraudulent attempts:

In WooCommerce, orders typically start with a Pending Payment status. However, if you’re using WooCommerce Blocks for the checkout process, orders are created with a checkout-draft status when a shopper arrives at the checkout page. This status allows for incomplete or unsubmitted orders until the checkout process is completed.

I hope this helps, thank you!

Ahh I see..

We’re not using the blocks.. we are using the default classic “page” based checkout flow. (we don’t do and/or support gutenberg here, long story.) So, unless those page templates have been updated to use the same workflow as the blocks, it shouldn’t be using that checkout-draft status if I read that correctly. Just saying.

Currently, as of today, not seeing any attacks (knock on wood). so maybe one of the suggested mitigation ideas curbed it for now.

Thanks once again.

Hello PPNSteve,

Thank you for your reply.

I am glad to know that attacks have stopped for now.
Hopefully, they will not happen again.

If you need help again, feel free to create a new topic. ??

Have a great day!

I had this on a client site. We simply turned off “Advanced Card Processing” – with paypal the store can still accept credit cards. Seems Paypal is being lazy here.

No more credit card testing

Hi @tomandersen,

Thank you for sharing your thought. The surge in failed orders is likely due to the festive season and the Black Friday period. This should naturally decrease over time, but I’m glad you’ve managed to implement a solution on your site while the issue persists.

If you need further assistance, please start a new thread in line with the forum guidelines.

We’ve been having the same problem in the last few weeks on 3 different Woocommerce websites we have.

I followed the advice given here and added code snippets:

https://www.denialdesign.co.uk/blocking-card-testing-attacks-in-woocommerce/

It seems to have done the job nicely, though I think the code snippet *may* interfere with the new WC checkout block, as ‘humans’ were unable to place orders as the Place Order button seemed to stop working on the one site we had that used the new checkout experience, or it may have been a separate unrelated issue which I haven’t been able to resolve yet, but after reverting to the ‘classic’ checkout block the site works fine and humans can now place orders successfully.

Hi @arksglobal,

I’m glad to hear it worked for you and that you resolved the checkout button issue. To maintain organization and follow forum guidelines, please create a new topic if you need help with any WooCommerce Core-related issues.