Home » shopping cart

Tag: shopping cart

Are criminals using your website’s shopping cart to test stolen credit card information?

Does your business participate in e-commerce? If so, it may only be a matter of time before criminals use your website to test stolen credit card information. They also like to use e-commerce websites to systematically test different credit card expiration dates until they find the right one.

Wind River Financial is aware of specific cases of our client’s websites being used and it is definitely an increasing type of fraudulent activity.

Criminals often use “bots” or scripts that automatically input data so that they can test large numbers of credit cards in a short period of time.

We strongly recommend being proactive and putting protection in place to help avoid additional authorization or chargeback costs for the additional fraudulent transaction attempts.

Because Wind River Financial is seeing an increase in this type of activity, we recommend that customers consider options such as Google’s reCaptcha which is a free solution as detailed below and we also recommend that you contact your web developer to use this or another solution to help mitigate automated testing of stolen credit card numbers on your website. Doing so may help prevent excessive authorization fees and other risks to your business.

There are several ways that you can mitigate this type of activity including the following:

  • Ask your web developer to look at the IP address or addresses associated with the fraudulent activity. They can often be blocked individually, regionally, by country, etc. Doing something as simple as this often makes criminals go elsewhere.
  • Use a solution to help distinguish human from machine input such as reCaptcha (by Google). It’s a free product that helps stop bot or script activity on your website and is easy for legitimate customers to use. Your web developer should be able to help you use this solution.
  • Credit card gateways which all e-commerce merchants use often have anti-fraud solutions that may also help mitigate this risk.
  • If need be, you can take your website down for a short period of time to chase criminals elsewhere. However, criminals often return once your website is back up, so a more permanent solution is usually better. This option is not for all and should be considered a last resort.
  • Your web developer may be able to slow down authorizations per “X” amount of time if your website does not have high legitimate volume.

This is not meant to be an exhaustive list, but steps like this should help drive criminals off of your website.

Consider taking proactive steps to head this risk off before your business becomes a victim. Tools like reCaptcha can be effective on your website. Using anti-fraud tools from your credit card gateway may be an option, or potentially blocking foreign IP addresses if you do not conduct international business.

Your web developer may be familiar with other tools that may also be useful.

Malicious Shopping Cart Plugins Could Introduce a Vulnerabilty to Your Website

Malicious shopping cart plugins have been identified that can lead to vulnerabilities for your e-commerce website.  The currently identified malicious plugins seem to target certain shopping carts.

Read this advisory by foregenix for more information.  It includes a link to their portal where you can initiate a free scan to check for the malicious plugins on your e-commerce website.