I am getting a lot of orders from credit card scammers testing lists of cards by making small orders against my site. The vast majority of these fail, but one or two get through, which means I end up sending out items to people who don’t want them, with all the mess that entails.
I have noticed that every order from such a scammer comes through in the Orders window with Origin set to Unknown.
Is it possible somehow to filter such orders before payment is accepted and set them to Failed automatically (thereby never taking any payment)? I have seen mention of using webhooks to do this, but not how to start doing so.
Look deeper at these orders in your HTTP access/request logs. Odds are you will find some oddities about them, such as:
- Origin at a cloud hosting provider. Mitigation, block cloud hosting provider IP address ranges.
- Improper referer tag as the person bypasses normal browser operations with automation. Mitigation: Block the address with your load balancer/CDN dynamically.
- Bad user agent. Instead of a browser, you will find things like Curl, Java, C#, Python, instead of a qualified browser. Mitigation: Block the address with your load balancer/CDN dynamically.
- Frequency. These agents usually sit on a page and continuously test the cards. Examine your normal user behavior for a purchase. One the user behavior goes beyond the absolute user behavior, start showing a message of “Call customer support to complete your purchase.”
- Geolocation: If you do not sell in China, then block the country. Similarly for Russia, Cuba, Venezuela, and any other place where you do not do business. You can address this in code with a Geolocation add in that sends the session to a friendly message page, or as you find addresses targeting your site from other nations, use networking tools to pull the whois data for the network in question (including address ranges), then block them from your site altogether. Ideally this block should be at your CDN layer.
3