Hello @obertscloud
reCaptcha currently only works with the Pro version of Simple Pay.
There still are things that you can do to help ease the burden of these attacks.
1. You can disconnect and reconnect your account from Stripe which will regenerate your API keys. Most of the attacks are using API keys rather than using a payment form.
2. You could also look into using Stripe RADAR: it’s not a free program, however, if you’re interested, you can try a free 30-day trial here: https://dashboard.stripe.com/get-started/radar-for-fraud-teams
An example of a potentially helpful Radar rule to combat card testing would be: Block if :charge_attempts_per_ip_address_hourly: > 3
I hope those are helpful.
Regards,
Hey @obertscloud,
If you need more follow up with this, please don’t hesitate to ask!
Regards,
My processor says it has nothing to do with api keys, I have chanced plugins to another stripe payment and they stopped. I was getting about 20-100 payments a day, but at different times throughout the day. My processor makes the payee confirm everything on their credit card including billing address, this had to be done manually. It came from a few countries, some in the United States mostly.
I am not looking for a paid version of something that should be secure. I only wanted you to know you have a security flaw.
yes confirmed is a security bug in your plugin, I aleted Stripe to discontinue recommending you until fixed,
I had 200 , $1 to $2.00 payments, now I have 200 x $15.00 return fees, I have to payout $3000 dollars in fees and I made no money
you don’t pay for those fees do you?
now I am really pissed off
Hello @obertscloud,
Unfortunately we cannot add further reCAPTCHA methods to the Stripe.com hosted Checkout form because it is not something that is hosted on your WordPress website.
It is up to Stripe’s anti-fraud measures to detect this fraudulent activity. Stripe offers “Radar” to help combat this. Stripe also offers Chargeback Protection when using Stripe Checkout.