Works on ANY Woocommerce store, with any payment gateway!
WooCommerce is likely the most used ecommerce system in the world, and so it is a popular attack surface for “card testing”. Card Testing is when an attacker has acquired a spreadsheet of credit card numbers, and they need to figure out which ones are usable. They will target “simple” or cheap products listed on a WooCommerce store so that if a transaction is successful, it will hopefully get overlooked by the owner of the card, or the owner of the store. If it just blends in with the rest of the orders, it won’t trigger chargebacks or card replacements.
This was only a mild issue for many years, but it really blew up when WooCommerce released the new Store API to work with the Checkout Blocks. In order to facilitate the React-based Checkout on the front end, they needed an open API to work with to keep order data in sync with the database as the checkout form was filled out. Now, any WooCommerce store could be hit with a simple API request (technically, three requests) and a card could be tested. Previously, it required a bot to to load the page and fill out the checkout form. Now, cards could be tested wholesale, and easily, and cheaply. Throw in some rotating IP addresses from the attacking side, and it was very difficult to distinguish between a “real” order and a “fake” order.
If you try and stop this from happening at the Cloudflare level, or the payment gateway level, it will block a lot of false positives, creating frustration for your real customers when they can’t checkout.
Our solution is to block fake requests locally, right on the store itself, regardless of which payment gateway is used.
-
Prevent Credit Card Testing on WooCommerce
Original price was: $280.00.$250.00Current price is: $250.00.
