top | item 44181254

(no title)

Nicholas_C | 9 months ago

We had the same issue (people testing stolen credit card numbers) on Stripe that was close to getting us shut off for a certain credit card company. We implemented a captcha and a tool to validate email addresses (emaillistverify) and it solved the problem.

discuss

vdfs|9 months ago

We had the same issue because Marketing was using a stupid landing page SaaS tool to generate sales, it was connected directly to Stripe and we didn't have any control over it. We discovered the problem through Intercom, which notified us about a high volume of bounced emails (automatically sent after purchase). It was clear what was going on after discovering the same pattern.

To fix it, I had to proxy that unreliable SaaS software to implement CAPTCHAs and stronger bot detection. It was essentially a MITM-style proxy but for protection. It was fun to implement

alex_suzuki|9 months ago

TIL about emaillistverify. Their website always talks about „bulk email checking“, but I assume they also support „live checks“ through an API? I assume you prevent users from signing up if the check fails?

jffry|9 months ago

Top nav of their site has an "API" link which goes to a page that says "ELV’s API keeps your email list clean. Notify website user about an invalid email address when they are filling out a form."

So presumably yes

topak3000|9 months ago

This is a very sad incident of carding attempts. You can sign up for FraudLabs Pro service and they have velocity check to prevent carding if it is from similiar browsers, IP or email addresses.

treebeard901|9 months ago

This is probably the best way to stop it from being automated. As well as a verified form of 2FA like a phone or email code.