In the world of cybercrime, credit card attacking is a big target, and while you might be surprised, your payment pages could be the target of these attacks. In certain situations, you may receive an email from the Braintree Risk Review team stating that your payment pages were used in carding attack taking place against your website.
Typically, this means that someone was using your payment page to test stolen credit cards.
Luckily, Braintree has provided a few tools to ensure you're able to mitigate these types of attacks. While it's quite often that your payment pages won't be able to fully stop these transactions on the front-end, these tools can assist in alerting you and requiring more details from card holders. Here's a few tools we recommend implementing to protect your Braintree account.
These rules help alert you when there are situations where there could be a potential use of your payment pages by someone utilizing stolen credit cards.
From Braintree: "Many banks approve transactions even if the address information or Card Verification Value (CVV) included with the transaction doesn’t match what they have on file. Braintree offers customizable Address Verification System (AVS) and CVV rules as part of our Basic Fraud Tools, so you can help ensure that only authorized users of a credit card are able to make purchases."
Using these two tools, and working with the Braintree support team, you should be able to protect your payment pages from nefarious actors.
If you have any questions about the setup of these tools, the good folks at Braintree are available to ensure you're setup for success at firstname.lastname@example.org.