Boost recurring donations this giving season with the new upsell prompt!Learn How >>

Carding attacks and fraudulent testing of credit cards on Events app pages

updated

Unfortunately, not everyone submitting an event registration is doing so out of a spirit of philanthropy. Criminals may target an event page as a means of testing the validity of stolen credit cards. This is called a "carding attack".  Often, this attack is accomplished through automation which attempts to submit donations quickly.

To reduce fraudulent and spam registrations, Soapbox Engage includes a variety of different shields to protect your event pages.  Below are the list of protections, from least to most impacting the user experience.

Implement a honeypot

A honeypot is a series of hidden fields which only spambots will see.  If they are populated, the form will not be successfully submitted.

To enable this functionality for on an Events app page, do the following.

  • Open the Soapbox Event in question in your administrator
  • Go to the Reservation Info tab
  • For "Enable Honeypot", choose Yes
  • Click Save

Use payment gateway fraud protection tools

Payment gateways ("credit card processors") often include anti-fraud features in their services. These features vary across providers, but include options such as instituting a minimum or maximum transaction amount, limiting transactions from a specific email address within a given time frame, or other steps to guard against nefarious activity.  Contacting a payment gateway directly is the best way to learn about options by each provider.

Manually block IP addresses

When there is a clear pattern of the same set of IP addresses fraudulently using a Donations app page, blocking against IP addresses can be a potential shield to employ.  Please open a support ticket to submit a list of specific IP addresses to be blocked.

Manually block countries

When there is a clear pattern of fraud from  IP addresses within one or multiple countries outside the country of the Soapbox Engage account, blocking IP addresses by country can be a potential shield to employ.  Please open a support ticket to submit a list of specific countries' IP addresses to be blocked.

Have more questions? Submit a request
Article is closed for comments.