If you start to notice transactions in your Stripe dashboard which are blocked as being fraudulent it could be that fraudsters are trying to use your donation page for card testing - which means they're testing whether credit card details they have stolen (from another source - not Donorfy) are still active. They do this by attempting to create transactions for relatively low values (under £20).
Mostly these are trapped and blocked by Stripe. However there is a risk that some will succeed and in that case the constituent and transaction will be added to Donorfy.
To reduce the risk of fraudsters using your Stripe account you can do the following:
If you are using a Widget - change your WidgetId
- Create a new version of your widget - see this article - this widget should have the same settings as your existing widget
- View the HTML code for your new widget, scroll to the bottom and find the field containing the WidgetId - it will be similar to this <input type="hidden" id="WidgetId" value="b1234fb5-111e-1f11-b333-ff00002220b4" />
- Go to your website and edit the donation page HTML - find the old WidgetId and replace it with the WidgetId from your new widget (which you can copy from the HTML it generates)
- Go back into your Donorfy configuration and delete your original widget from the list
If you are using a Campaign Donation Page
- We have made some changes to block fraudulent transactions
- Contact Donorfy support - we can reset your page
Block transactions with null CVC, using Radar in your Stripe Dashboard
- Log into your Stripe Dashboard, navigate to Radar| Rules
- Check that the standard Rules for CVC and Zip code verification are enabled
- Add a new rule to block transactions where the CVC is not provided (this is a characteristic of the fraudulent transactions):
NOTE - to enable the ability to add rules you will need contact Stripe support to enable it for you. Check Stripe pricing for the fee associated with this enhanced security level (as at Dec 2018 the cost was £0.02 per transaction).