Online Form Security Features

CMS Cloud
In order to prevent your form from being used by credit card thieves to test stolen credit cards we implemented the following security features.
 
  1. reCAPTCHA v3
    This is Google's latest captcha solution which returns a score without user interaction. The metrics by with Google determines the score is based on interactions with your site, login, machine learning, cookies and more that Google does not disclose. Your donors won't be bothered with "I am not a robot" or having to choose busses or bicycles.

    On your form you can set the passing score. The default is 0.5. Most users score a 0.9 or 0.7. So setting the threshold to 5 should allow all legitimate users through without interruption. If a user scores lower that a 0.5 most likely they are a hacker or bot and the submission will be rejected.

    You can increase or lower this setting to suit your needs but keep in mind that even though raising the bar to 0.9 makes your form very secure, there may be legitimate submissions that might not score a 0.9 and will be rejected.
     
  2. Declined Submission Behavior.
    When a hacker is testing stolen credit cards, most often these cards are declined. The reason the thieves are testing is to be able to create a clean list of clean cards. 

    Because of the high rate of declines, it's possible for the system to detect this, even if they pass the captcha check, Safeguards have been implemented to look for an pause a form that is under attack. For example, with the default settings, the system looks for 3 consecutive declines in 60 seconds and shuts the form for 2 minutes. There is also a delay in responding to a decline. All this will slow the hackers down and it won't be worth their while to use your form to test thousands of cards.
There are additional safeguards that happen on the Gateway level. 
 
Despite the best efforts, it can still happen that card testing is done on your form. Because of this, if you ever notice fraudulent activity, be sure to void and/or refund any cards that did go through and to adjust these settings to further thwart the attack. Always reach out to Tech Support for urgent and immediate assistance. 
  1.  
Article ID: 3792, , Modified: July 15 at 4:59 PM

Was this article helpful?

Share this article

FacebookGoogle+TwitterOther Social NetworksPrint