There's now an ever increasing presence online of bots and unscrupulous types who are dedicating some extensive resources and tools to try testing stolen credit cards - this is leading to a lot more stress and unnecessary work for anyone who owns an online store and shopping cart in this day and age (and we're not just talking about Web Ninja Shops either!).
As such - it can be quite difficult to prevent this type of activity on any website - however there's a number of steps you can take to certainly reduce the possibility of this happening on your Webninja Web Store, and in some cases outright prevent it altogether.
STEPS YOU CAN TAKE:
Usually the first thing most people think of to prevent bot activity, and even most payment gateways will advocate the use of Google's Recaptcha.
However there's little point in adding Recaptcha on the checkout as the customer/bot is redirected from the checkout page to the payment gateway which is hosted on their own system outside of Web Ninja's platform.
So once the customer gets past the Recaptcha one time, they can re-submit fraudulent credit cards as many times as they want via the payment gateway without ever returning back to your site.
Even if it's a bot, these days bots use "Recaptcha farms" which are thousands of people with nothing better to do with their time than to solve recaptchas for those bots; this makes recaptcha virtually obsolete these days (it still has a slight deterrent factor as it slows down bots and humans alike - especially if they keep having to choose traffic lights, bridges and street signs all day long!).
The best preventative option we can offer (after making sure Recaptcha is on your registration form) from the Web Ninja system is to make use of the option to approve customers after they register on your site. This will prevent fraudulent sign-ups from getting any further than registering on your site (as once you vet them, you'll find they're not who they say they are and you just don't have to approve them).
WHAT OPTIONS CAN MY PAYMENT GATEWAY OFFER TO ASSSIST WITH THIS?
Payment gateways will often make suggestions about using Recaptcha on the checkout or making use of a "honeypot" on the form.
As stated above - Recaptcha is really far less effective than it used to be, and honeypots (hidden field on a form intended to trick a bot into filling out data that shouldn't be there) are quite an antiquated way to try to prevent bots - most bots are making use of some form of AI these days and are well aware of the concept of honeypots.
However there are some options your payment gateway should be offering you such as:
- limiting who's able to enter credit card details on their system by locality - you might be able to request they prevent any overseas users from submitting credit card details via their payment page
- they can limit the number of transactions allowed per session
- if not already implemented, they can enforce that the CVV MUST be used on the checkout and verify it's correct before approving the transaction
- they can activate 3D Secure (Mastercard) and Verified by Visa which is the last line of defence against any fraudulent CC activity.
NOTE: A lot of online merchants still opt not to use this because it's another hoop for their customers to jump through at checkout, and some customers may even cancel their order because of it - but based on recent trends, it wouldn't surprise me if in the next 6 - 12 months we see these two options becoming mandatory on ALL online transactions no matter which website you're on.
- they MAY even be able to enable Recaptcha on their payment gateway page (not all do this, but it's still worth asking for it)
Please follow-up with your payment gateway regarding the above information and see which options they're able to assist you with.
If your site doesn't currently have the option to require customer approval and you'd like to find out more information about this, please contact Webninja's support team.