Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Carding Attack

‎01-29-2024 05:43 AM
‎01-29-2024 05:43 AM

Carding Attack

I have been facing carding attack on my site.
This is the method the attackers are using:
they use a real browser and follow the genuine customer checkout flow. Means, they are manually executing the attack. They add products to the cart, proceed to the checkout page, input dummy shipping details, and at the card details form, they enter stolen card information. They then place the order. If the payment fails, they move on to the next set of card details and repeat the process. After 2-3 attempts, they change their IP, and each attempt has a gap of 1 or 2 minutes.

Currently, I have a Cloudflare rule to block all the country requests except one and a rate limit rule for the payment API endpoint set to 4 requests within 10 minutes, then block for 1 day. And also i have enabled the recaptcha on the checkout page. However, since their attempts are almost 90% manual, these CF rules are not much effective.

Do you have any suggestions on how I can prevent this type of attack?
Labels:
Reply
2 REPLIES 2
‎01-30-2024 01:00 AM
‎01-30-2024 01:00 AM

Re: Carding Attack

Not, much  more you can do in the specific case you described.

 

The only way to be 100% certain would be to kill the guest checkout and require registered customers to go through KYC process so you know each of them is the real person they claim to be on the card. But that is not something a usual B2C customer would go through just to make a purchase.

Founder at https://agency418.com
0 Kudos
Reply
‎01-30-2024 11:37 AM
‎01-30-2024 11:37 AM

Re: Carding Attack

Do you by any chance use Braintree for payment processing?  Our sites have been targeted for the last several days.  We have advanced fraud prevention on Braintree configured, we have reCaptcha configured on payment page.  But they seem to be able to bypass reCaptcha.  Any additional thoughts?  We are considering implementing CloudFlare and putting rate limiting in place.  We have noticed that when the attacks happen, they seem to be bypassing the captcha as there are hundreds of POST /captcha/refresh issued within just a few seconds.

THese attacks have occurred from multiple global locations, including the US and Canada.

Any additional thoughts you have are much appreciated

Reply