See the article below for our suggested measures to take if your page is subject to card testing or phishing
A question to ask yourself:
Have you received any phone calls lately asking for information about your merchant account or any type of email saying your merchant account is locked and have you provided information to open it?
- If you did supply MID/TID information, then your account should be closed and a new MID/TID should be created and the old TID should be deleted. You should also scan your systems for Malware & Spyware.
- If you provided Gateway credentials, then you should contact your gateway vendor and have your credentials reset. You should also scan your systems for Malware & Spyware. If MID/TID information might have also been compromised, then a new MID/TID should also be created and the old TID should be deleted.
If none of the above occurred then this is likely testing occurring through the merchant's Website and the following actions are required.
- Scan/scrub your systems for Malware & Spyware
- Require users to have complex passwords Increased Password Security
- Ensure that you do not provide any info (merchant id, terminal id, logins or passwords) if you receive a phishing email or phishing phone calls from hackers stating there is something wrong with your account and they need additional info to open it.
- Ask your gateway provider to implement fraud protection measures such as CAPTCHA "Completely Automated Public Turing test to tell Computers and Humans Apart" and also
- Add Velocity Monitoring Limiting the number of times a user can attempt to log in using Velocity filters and temporarily lock out users or IP Addresses that exceed the specified maximum number of login attempts.
The best first step to stopping fraud:
- Enable CAPTCHA on your donation page
- Enable Merchant Managed Selectable Response to your account
- Call Orbital Gateway Support to have this enabled (866) 645-1314
- You will receive an email to log in to the Orbital Virtual Terminal
- At the top of the page, there will be an Admin Drop Down
- Select: Selectable Response
- When in Merchant Managed Selectable Response select which specific responses will be declined