Open to fraud - [Accept Stripe Payments] Review | WordPress.org

wherring
(@wherring)

6 months, 2 weeks ago

Similar to the other review we were using this plugin for some time without issue but it’s been used by someone attempting to check presumably stolen cards. Hundreds of failed transactions and a small number that have gone through that I’ve just gone through and refunded. Needs some form of protection to stop this type of abuse.

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Support mbrsolution
(@mbrsolution)

6 months, 2 weeks ago

Thank you so much for this feedback. We’re sorry to hear about your experience. Please create a support ticket from the following link and we will try to help:
https://wordpress.org/support/plugin/stripe-payments/

Kind regards.

Plugin Author mra13
(@mra13)

6 months, 2 weeks ago

The “invisible captcha” option sometimes doesn’t work against this type of card testing. This is pointed out by stripe here:
https://stripe.com/docs/card-testing

If you want to use the plugin in the future, use the “I am not a robot” captcha option. We have some explanation of it on the captcha configuration documentation here:
https://s-plugins.com/stripe-payments-recaptcha-addon/

Thread Starter wherring
(@wherring)

6 months, 2 weeks ago

I’d probably argue that the Invisible Recaptcha feature should be removed or at least come with a prominent warning in the user interface. I wouldn’t have used it if I had been aware of the issue.

While I appreciate the Recaptcha issue can likely be mitigated that doesn’t address the issue of the varied amounts and currency, that sounds like a flaw in the plugin.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Open to fraud’ is closed to new replies.

In: Reviews
3 replies
3 participants
Last reply from: wherring
Last activity: 6 months, 2 weeks ago

Views