How to avoid card testing attacks? (HOW TO ADD A CAPTCHA)

Technical
1

Hello, one of my funnels is currently under a card testing attack.

Screenshot 2024-12-04 094057
Screenshot 2024-12-04 094057345×691 30.2 KB

I would like to add a google recaptcha to avoid this, but I can’t seem to make it work. I added a custom button with captcha to my checkout, but when I click it, nothing happens. It does seem to append #submit-step to the URL but other than that nothing happens.

This is my current html button code>


<style> 
.el-756274 {
    align-items: stretch;
}
.el-756274  {
    width: 100%;
    align-self: center;
}
.</style>

 script src="https://www.google.com/recaptcha/api.js"></script>
<script>
  function onSubmit(token) {
    // Redirect to the next step in the funnel
    window.location.href = "#submit-step";
  }
</script>

<button 
    class="btn g-recaptcha" 
    style="border-width: 2px; border-style: solid; border-color: rgb(255, 143, 0); border-radius: 40px; margin: 30px 10px 10px; padding: 20px 30px; background-color: rgb(255, 164, 28);" 
    data-sitekey="'[[[[MY-KEY]]]]" 
    data-callback="onSubmit" 
    data-action="submit">
  <span class="btn-headline" style="color: rgb(37, 42, 50); font-weight: bold; font-size: 18px; text-align: center;">
    COMPLETE MY ORDER
  </span>
  <div></div>
</button>

////

2

Hi @alexf ,

If you are still struggling with this please reach out to Support ASAP via chat by clicking on the chat icon found in our platform or email to [email protected] providing a few email examples of the fraud customers and checkout link affected so we can look into this.

In the meantime please set up a different gateway from NMI (could be Stripe or Airwallex) for many reasons:

  1. Does not support 3DS on funnelish so it will not work well in the UK or EU.
  2. Does not have any mitigation against fraud as he can see
  3. Has very poor auth rate compared to all other gateways
3

Hi @alexf We have rolled out a new solution to detect and mitigate NMI attacks, hopefully this will block attackers for the foreseeable future.

If you run into any other attacks please reach out to Support immediately.