Jump to content

Prevent fraudulent transactions on donation form


DolSch

Recommended Posts

Posted

Fraudsters attempted over 1,700 donation for $1 via our donation form - /customers/donations/.  Fortunately, Stripe refused the payments.  We believe that the fraudsters were testing stolen credit card information.  Please add reCAPTCHA requirement to the form.

We are a non-profit organization.  We need the ability to accept donations from all parents in our community.  Restricting the form to our members will not work for us.  Thank you.

Posted
On 9/18/2022 at 4:18 PM, SeNioR- said:

Hi. Update the software to the latest version where only registered users can make donations.

More here: https://invisioncommunity.com/forums/topic/468875-delete-mass-pending-invoices/?do=findComment&comment=2903729

 

 

We want the donation process as simple as possible.  We don't want to require donors to sign in the website first and then fill out the donation form.  Please add reCAPTCHA to the donation form.

Posted (edited)
4 hours ago, Randy Calvert said:

Captcha alone won’t solve this problem unfortunately. It’s super easy to solve it once manually and then trigger a bunch of automated attempts afterwards. 

Then the Q&A should be effective.

Edited by SeNioR-
Posted

Looking for the same. PayPal recently would require people to create an account before donatiing but I expect that to be solely because of PayPal and not over Invision. Whatever the problem is the process is not seamless. 

Posted (edited)
24 minutes ago, DolSch said:

What is the Q&A?

Q&A is a feature that can be enabled when new accounts are being registered.  You can provide a question (such as "What color is the sky?" and provide an answer (such as "blue").  In order to create the account, you would have to answer that question correctly.

You can find it in yourdomain.com/admin/?app=core&module=moderation&controller=spam&tab=qanda

The challenge with these is that you need the question to typically be something your community would know, but not easy enough for human spammers or automated system to already have the answer to.  (For example "What is one plus two?" with the answers being "3" or "three".)  Chances are the bot has seen those questions before and could answer them.  But if the questions are too hard, legitimate members may not be able to answer them and register.  

The suggestion was to extend the same system used for registration to use it also when someone attempts to make a donation.  In order for that to be done, someone would need to develop a plugin that makes donations available to guests again (since it's blocked now in the software for guests) AND also adds that Q&A logic to the donation area.  

Edited by Randy Calvert
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...