Increased card fraud

[Changaco]

Earlier this month, Stripe's developer newsletter mentioned improvements in the detection and thwarting of card testers:

Prevent card testing attacks

Card testing is a massive challenge for businesses. It’s when a fraudulent actor attempts to validate or make purchases with stolen credit card information to determine which cards are still valid. Card testing may result in increased disputes and other negative consequences for you.

We've deployed machine learning models to help prevent this activity by default for those using Stripe’s Payment Element. Since launching these models over a week ago, we've already seen them prevent attacks on thousands of sites and millions of unwanted transactions. Our models, trained with Stripe Radar, analyze transactions at confirmation time and present card testers with a CAPTCHA when interacting with your checkout. Learn more about best practices to further prevent disputes and fraud.

Because these changes only apply to the Payment Element, which is only one of the ways to use Stripe, criminals now have an incentive to abuse any application which uses Stripe in another way. Liberapay is one of those, and I've been seeing unusual waves of card testing in the past few weeks. This became a somewhat serious concern this week as the number of fake accounts spiked and some of the attempted payments weren't detected as fraudulent by Stripe. I manually refund those payments, but Liberapay loses a bit of money on each one (because refunding a payment doesn't eliminate the fees on it).