IMPORTANT: Protect your Stripe account from fraudulent activity
Click play to LISTEN to the article below
Our-Hometown’s WordPress Publishing Platform includes support for three popular payment gateways that allow your readers and customers to place orders and make payments online through your website: Stripe, Authorize.net, and PayPal. Over the years, Stripe has emerged as our preferred payment gateway because of how easily it integrates with our suite of plugins and software.
While Stripe remains a completely safe and secure option, there are some additional steps you should take to help protect your account from fraudulent activity on the reader’s end. This includes protection from things like “card testing”, which is a common method criminals use to test stolen information to determine whether it is valid.
Although “card testing” doesn’t represent any kind of security breach within your account, it can create some annoying issues that you will need to deal with.
For example, if a criminal is testing stolen cards on your website, there is a chance that some of those charges will be successful and will ultimately result in the true card owner disputing the charges through their bank. Too many disputes can not only harm your business’s reputation, but may result in your account being temporarily disabled.
You can read more about Card Testing and the potential consequences from Stripe’s documentation, here.
We’ve already taken our own steps to help mitigate the potential for card testing and other fraudulent activities, including activating a global CAPTCHA as recommended by Stripe. However, one of the most effective ways to prevent card testing is to enable one of Stripe’s default rules to block a payment if a credit card’s CVC verification fails.
This is something that you will have to enable within your Stripe account manually unless we (Our-Hometown) are included as an Administrator Team Member on your Stripe account.
Enable CVC Verification Rule within Stripe
To enable this rule, you must first log in to your Stripe Dashboard and click to the Payments tab. Once this tab loads, use the left-side menu to navigate to the Fraud & Risk -> Rules page.
Once on the Rules page, scroll down to the Block Rules. You’ll see a few rules that are enabled by default, but the one you’re looking for will be faded and marked as disabled: “Block if CVC verification fails.”
To the right of this rule, there are three dots (“…”) you can click on to open an actions menu, which includes the option to Enable.
This rule should greatly reduce the potential for “card testing” and other fraudulent activity as Stripe will automatically decline charges where the CVC cannot be verified.
We strongly recommend that publishers take action to enable this rule within their Stripe account to avoid complications that could arise from fraudulent activity.
For publishers whose Stripe accounts we already have Administrative access to, we will be enabling this change unless you request otherwise.
If you are unsure whether we have access to your Stripe account, you can check with our support team by emailing firstname.lastname@example.org with your publication name, and we’ll provide further instructions if necessary.