I work for a non-profit organisation and have created and online donations page. Recently this donations page has been used to validate stolen credit card details via the process known as Carding.
The way it works is that a开发者_如何学Python slacker get hold of a whole bunch of credit details but doesn't know which numbers are good or not. So they go to a donations page and attempt a small donation ($5 or less) with the stolen card number. If the donations goes through then they can use the number for bigger purchases.
Carding can cost a non-profit a lot of money as most these "donations" will end being reversed and in some cases a charge back fee will be charged by the bank.
Has anyone else had experience with this? Also, what are some ways that I could stop it?
Off-topic, but I'll bite:
- Don't accept "small" donations.
- Don't accept "many" donations from the same IP address in a "short" time span.
- Consider buying credit card fraud insurance.
What "small," "many," and "short" means is up to you.
If you're not doing this already, consider using PayPal exclusively for accepting credit cards.
With no programming skills required, our Donate button is an easy and affordable way to start accepting donations online.
- Discounted rates for 501(c)(3) status
- Your donors don't even need a PayPal account
- Accept all major credit cards
Source
What they say about fraud protection:
If there's one thing people know about PayPal, it's how seriously we take security. Behind the scenes, we work to help keep you and your donors safe from fraud.
Automatic Fraud Screening
Guard your business with our relentless fraud screens, address (AVS) and card verification (CVV2) checks, and 128-bit encryption—all included at no extra charge.
PCI & CISP Compliance
PayPal adheres to international PCI (Payment Card Industry) and CISP (Cardholder Information Security Program) standards for data protection. These standards are designed to help protect your business from fraud and loss of data. Because we handle the payment card information, you don't have to worry about meeting compliance standards yourself or storing your customers' sensitive financial information.
Full disclaimer: I have no affiliation with PayPal or any credit card company. I do not run, or have any first-hand experience with, an e-commerce site, nonprofit site, or any other web site which accepts electronic payments. I am not a lawyer. I'm just a programmer.
精彩评论