[HN Gopher] A small Stripe fraud story
___________________________________________________________________
A small Stripe fraud story
Author : jstanley
Score : 34 points
Date : 2022-09-03 16:13 UTC (2 days ago)
(HTM) web link (falkus.co)
(TXT) w3m dump (falkus.co)
| neodypsis wrote:
| I hate the so-called card-testers, they target small businesses
| and put them at risk of being banned by payment processors.
| Stripe at least has their Stripe Radar service, which is easy to
| implement. The problem is when you have to work with less
| technologically-savvy providers (e.g., if you are not US-based
| and they don't offer 3-D secure). I'm currently looking to
| develop an anomaly-based system to help protect from this kind of
| attacks. Any pointers to open-source references I can look into?
| edwinwee wrote:
| Yes, this seems like some sort of card testing attempt. Glad most
| of the fraud was caught. Not sure if you're the author, but I'd
| like to see how we could've helped better. Could you forward me
| your thread with support at edwin@stripe.com? Also, if you
| haven't implemented them yet, I might recommend looking into
| CAPTCHA and rate limiting to help prevent future attempts.
| jstanley wrote:
| The author is a friend of mine but I've passed your comment on
| to him.
|
| Thanks!
| edwinwee wrote:
| Appreciate it. Just connected with him.
| stnvh wrote:
| Interesting on stripe's response to this matter. 'Debug
| environment spew leads to unauthorised api usage' - unfortunate
| and well worn. Like a good pair of slacks, it was simply your
| turn to wear them this time
___________________________________________________________________
(page generated 2022-09-05 23:00 UTC)