Fraudsters attempted over 1,700 donation for $1 via our donation form - /customers/donations/.  Fortunately, Stripe refused the payments.  We believe that the fraudsters were testing stolen credit card information.  Please add reCAPTCHA requirement to the form.

We are a non-profit organization.  We need the ability to accept donations from all parents in our community.  Restricting the form to our members will not work for us.  Thank you.

(Removed comment)

Edited September 18, 20222 yr by Randy Calvert

 

Fraudsters attempted over 1,700 donation for $1 via our donation form - /customers/donations/.

Hi. Update the software to the latest version where only registered users can make donations.

More here: https://invisioncommunity.com/forums/topic/468875-delete-mass-pending-invoices/?do=findComment&comment=2903729

 

 

 

Hi. Update the software to the latest version where only registered users can make donations.

More here: https://invisioncommunity.com/forums/topic/468875-delete-mass-pending-invoices/?do=findComment&comment=2903729

 

 

We want the donation process as simple as possible.  We don't want to require donors to sign in the website first and then fill out the donation form.  Please add reCAPTCHA to the donation form.

Captcha alone won’t solve this problem unfortunately. It’s super easy to solve it once manually and then trigger a bunch of automated attempts afterwards. 

 

Captcha alone won’t solve this problem unfortunately. It’s super easy to solve it once manually and then trigger a bunch of automated attempts afterwards. 

Then the Q&A should be effective.

Edited September 22, 20222 yr by SeNioR-

Looking for the same. PayPal recently would require people to create an account before donatiing but I expect that to be solely because of PayPal and not over Invision. Whatever the problem is the process is not seamless. 

 

Then the Q&A should be effective.

What is the Q&A?

 

What is the Q&A?

Q&A is a feature that can be enabled when new accounts are being registered.  You can provide a question (such as "What color is the sky?" and provide an answer (such as "blue").  In order to create the account, you would have to answer that question correctly.

You can find it in yourdomain.com/admin/?app=core&module=moderation&controller=spam&tab=qanda

The challenge with these is that you need the question to typically be something your community would know, but not easy enough for human spammers or automated system to already have the answer to.  (For example "What is one plus two?" with the answers being "3" or "three".)  Chances are the bot has seen those questions before and could answer them.  But if the questions are too hard, legitimate members may not be able to answer them and register.  

The suggestion was to extend the same system used for registration to use it also when someone attempts to make a donation.  In order for that to be done, someone would need to develop a plugin that makes donations available to guests again (since it's blocked now in the software for guests) AND also adds that Q&A logic to the donation area.  

Edited September 22, 20222 yr by Randy Calvert