[HN Gopher] A small Stripe fraud story ___________________________________________________________________ A small Stripe fraud story Author : jstanley Score : 34 points Date : 2022-09-03 16:13 UTC (2 days ago) (HTM) web link (falkus.co) (TXT) w3m dump (falkus.co) | neodypsis wrote: | I hate the so-called card-testers, they target small businesses | and put them at risk of being banned by payment processors. | Stripe at least has their Stripe Radar service, which is easy to | implement. The problem is when you have to work with less | technologically-savvy providers (e.g., if you are not US-based | and they don't offer 3-D secure). I'm currently looking to | develop an anomaly-based system to help protect from this kind of | attacks. Any pointers to open-source references I can look into? | edwinwee wrote: | Yes, this seems like some sort of card testing attempt. Glad most | of the fraud was caught. Not sure if you're the author, but I'd | like to see how we could've helped better. Could you forward me | your thread with support at edwin@stripe.com? Also, if you | haven't implemented them yet, I might recommend looking into | CAPTCHA and rate limiting to help prevent future attempts. | jstanley wrote: | The author is a friend of mine but I've passed your comment on | to him. | | Thanks! | edwinwee wrote: | Appreciate it. Just connected with him. | stnvh wrote: | Interesting on stripe's response to this matter. 'Debug | environment spew leads to unauthorised api usage' - unfortunate | and well worn. Like a good pair of slacks, it was simply your | turn to wear them this time ___________________________________________________________________ (page generated 2022-09-05 23:00 UTC)