Title: captcha? Last modified: December 13, 2017 --- # captcha? * [ousizems](https://wordpress.org/support/users/triode33/) * (@triode33) * [8 years, 5 months ago](https://wordpress.org/support/topic/captcha-127/) * Hi, Any chance of adding an option to enable a captcha (e.g. ReCAPTCHA) for payments? On my site there are some bots doing some “card testing” using the Stripe Payments and it would be nice to have a way to prevent this kind of fraud. Best Regards, Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Support [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [8 years, 5 months ago](https://wordpress.org/support/topic/captcha-127/#post-9780278) * Thank you for your suggestion. The plugin developers will investigate further your request. * Kind regards * Plugin Author [mra13](https://wordpress.org/support/users/mra13/) * (@mra13) * [8 years, 5 months ago](https://wordpress.org/support/topic/captcha-127/#post-9780648) * I have never heard this before. You are saying a bot is doing a transaction on your site? Is your site live or in test mode? * Thread Starter [ousizems](https://wordpress.org/support/users/triode33/) * (@triode33) * [8 years, 5 months ago](https://wordpress.org/support/topic/captcha-127/#post-9780784) * Hi, Yes, bots, in live mode… for donations where users can specify the amount to donate. Here was the email from Stripe Support who noticed the card testing transactions. Stripe blocked them but prefers if they are blocked at the source: * Thanks for using Stripe! * There’s no cause for alarm, but we want to flag some recent unusual activity on your Stripe account and request that you take action immediately. * You’ll find that there are hundreds of recent charge attempts coming from cards with nonsense names and email addresses. This is what’s known as card testing. A third party is using the payment or donation form on your website to test stolen credit card numbers. Fortunately, the charge attempts have so far been unsuccessful. If you see any successful attempts, we recommend refunding them immediately, as they’re likely to be disputed. * To prevent this kind of activity on your site in the future, we recommend adding CAPTCHA ([http://www.captcha.net/](http://www.captcha.net/)) to your payment page, as this will deter third parties from spamming your form with fraudulent payments. You might also consider temporarily rate-limiting the number of charges that can be made on your account in a short period of time. * We also recommend monitoring charges through Stripe Radar. Radar is a proprietary suite of tools, based on our machine learning algorithms, to help you maximize revenue by catching fraudulent charges and minimizing declined payments. You can learn more at [https://stripe.com/radar](https://stripe.com/radar) or log directly into your dashboard: [https://dashboard.stripe.com/fraud](https://dashboard.stripe.com/fraud). * We do have a couple of options to help guard against card testing. In this case, we noticed that your integration isn’t currently using Stripe Elements. I’d like to make sure you’re able to process cards without any interruptions. I’ve included a link to the ‘Elements’ page here: * [https://stripe.com/docs/elements](https://stripe.com/docs/elements) * We’d like you to move to integrate with Elements in order to take advantage of Stripe’s fraud detection system, Radar. This is tremendously helpful on identifying, and preventing any payments that are fraudulent. If you’d like to take a peek at Radar, I’ve attached a link below: * [https://stripe.com/radar](https://stripe.com/radar) * If you don’t have a developer, we have a list of pre-built third party integrations already utilizing Elements that can help you send information about charges through to our systems. On our Works With Stripe page, these integrations are separated by category so you can find the service that works best for you. I’ve provided a link to our ‘Works With’ page here: * [https://stripe.com/works-with](https://stripe.com/works-with) * Last but not least, an integration we’ve seen successful in the past is implementing Google’s reCaptcha as a way to block computerized attacks. reCaptcha works by preventing non-humans from interacting with your page, meaning that an attacker’s automated system will not be able to use your payment form. I went ahead and provided a link here: * [https://www.google.com/recaptcha/intro/index.html](https://www.google.com/recaptcha/intro/index.html) * Plugin Contributor [Alexander C.](https://wordpress.org/support/users/alexanderfoxc/) * (@alexanderfoxc) * [8 years, 3 months ago](https://wordpress.org/support/topic/captcha-127/#post-9921308) * Hi [@triode33](https://wordpress.org/support/users/triode33/). * I’ve made reCaptcha addon for you 🙂 You can download it here: [https://stripe-plugins.com/updates/packages/stripe-payments-recaptcha.zip](https://stripe-plugins.com/updates/packages/stripe-payments-recaptcha.zip) * In order for it to work, you need Stripe Payments version 1.7.5+ * I hope you’re familiar with Google reCaptcha? If not, just go here [https://www.google.com/recaptcha/admin](https://www.google.com/recaptcha/admin) and register your website to get API keys. Then go to addon settings (Stripe Payments -> Settings, reCaptcha tab) and put the keys there, also don’t forget to tick “Enable reCaptcha”. And this should do it. * You can see it in action here [https://desertfox.me/miniserv/cleanwp/asp-products/lord-vader/](https://desertfox.me/miniserv/cleanwp/asp-products/lord-vader/) * Don’t hesitate to get back to us if you have any questions or issues. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘captcha?’ is closed to new replies. * ![](https://ps.w.org/stripe-payments/assets/icon-128x128.png?rev=2705524) * [Accept Stripe Payments](https://wordpress.org/plugins/stripe-payments/) * [Frequently Asked Questions](https://wordpress.org/plugins/stripe-payments/#faq) * [Support Threads](https://wordpress.org/support/plugin/stripe-payments/) * [Active Topics](https://wordpress.org/support/plugin/stripe-payments/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/stripe-payments/unresolved/) * [Reviews](https://wordpress.org/support/plugin/stripe-payments/reviews/) * 4 replies * 4 participants * Last reply from: [Alexander C.](https://wordpress.org/support/users/alexanderfoxc/) * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/captcha-127/#post-9921308) * Status: not resolved