Wooassist

Assistance for Your Woocommerce Store

  • How it Works
  • Pricing
  • Services
    • Site Maintenance
    • AI SEO and Content Marketing
  • Blog
    • How-To Articles
    • Code Snippets
    • SEO For E-Commerce
    • Theme and Plugin Reviews
    • Wooassist News
    • WordPress/WooCommerce News
    • Interviews
  • About Us
  • Contact
You are here: Home / How-To Articles / Do This Right Now to Protect Your WooCommerce Website from Credit Card Attacks (And Save Yourself From Enormous Fees)

Do This Right Now to Protect Your WooCommerce Website from Credit Card Attacks (And Save Yourself From Enormous Fees)

September 17, 2021 By Nick J Leave a Comment

Website security is often one of the most overlooked aspects of owning a WooCommerce website, at least until the attacks succeed. One of the most worrying security risks over the last few months is the increase in the frequency of credit card fraud. The increase specifically comprises of card testing and bin attacks. In this article, you will learn how you can protect your WooCommerce website from credit card attacks.

Protect Your WooCommerce Website from Credit Card Attacks

What are Card Testing and Bin Attacks?

Card testing and bin attacks involve an attacker attempting a transaction on your website and testing thousands of credit card number combinations on your checkout page. They will keep doing this until they get a combination that works.

If an attack is successful, they will be able to commit fraud. But even if the attackers don’t succeed, it still doesn’t bode well for the website owners. You will get slapped with a hefty fee worth thousands of dollars by the credit card processor company themselves.

If this hasn’t happened to you yet, consider yourself lucky as it already has to many other store owners. You can improve the security of your site so you don’t fall victim to card testing and bin attacks.

Standard Website Security

woocommerce security

If you own a WooCommerce website, you should have already taken the standard security measures for your website. This includes keeping your plugins and themes updated, installing an SSL certificate, installing a security plugin, and other best practices. If you haven’t yet, you can check out these posts.

  • Secure Your WooCommerce Site
  • Increase the Security of Your WooCommerce Store

The Most Important Steps to Take Against Card Testing and Bin Attacks

Credit card processors will usually push the blame of the card testing and bin attacks to the business owner. However, they also have a responsibility to keep their own systems secure. Being financial organizations, credit card processors need to have the most secure systems.

Most merchant account owners would not be aware that card processors have additional security features. These can be configured to prevent card testing and bin attacks. This extra line of security is your best protection against credit card fraud.

  • 3DSecure

  • While some of these features may bring some additional fees, enabling them is recommended. For example, one of these technologies is 3DSecure. This requires customers to complete an additional verification step for each credit card transaction. In theory, this should fully prevent any automated attacks. And even if an attack does get through, the credit card processor should no longer hold you liable for it.

  • Fraud Filters/Rules

  • Some credit cards processors would have other extra security features that don’t require any additional payment. One example is being able to configure simple rules to filter out suspicious card activity. For instance, you could filter out all transaction attempts outside of the countries you are servicing. That would already block most attackers.

    You can also filter out transactions that have had a number of failed attempts within a short amount of time. This is called the velocity filter or rate-limiting. For example, you can filter out transactions with 5 failed attempts within 5 minutes. This results in the card processor rejecting further attempts. This won’t stop the attack entirely. However, it can reduce the number of attempts because the rejected combinations are now worthless to the attacker.

  • Know What Security Tools are Available to You as a Merchant

  • The most important thing is to know your credit card processor and the security features they have available. Contact them if necessary. If they don’t have any of these, then we strongly recommend switching to another company that offers better security.

    Steps to Take on the Website Side to Prevent Card Testing and Bin Attacks

    Once the credit card processor side of things has been sorted, next will be the website side. Proper defense against credit card fraud consists of measures taken on both the card processor and website site. To this end, we recommend a system with 3 lines of defense.

    1. Install a Website Firewall

    A website firewall such as Sucuri is designed to monitor activity on the website. It can block brute force attacks, filter user sessions with suspicious behavior, and patch vulnerabilities. For preventing card testing and bin attacks, we want the ability to filter out sessions that display suspicious behavior. Since credit card attacks usually involve bots, a firewall is a good first line of defense.

    1. Add a Captcha

    A captcha is a verification system designed to filter out bots from legitimate human users. It helps prevent bots from doing any malicious activity on your sites like submitting contacts forms, sign-up forms and even checkout forms.

    captcha for woocommerce checkout

    Preventing bots from completing the checkout form is what we need against card attacks. While Captchas have a slight impact on user experience, they’ve continued to improve over the years. Google’s ReCaptcha v2 and v3 are among the best examples. Learn how to set up Recaptcha for WooCommerce here. And with that, your second line of defense is set.

    1. Set Checkout Attempt Limit

    In the unlikely chance that attackers bypass both the firewall and captcha, this next line of defense is designed to address the main problem. The main issue with card testing and bin attacks is the surge of transaction attempts sent over to the card processor. Similar to the velocity filter on the card processor side, you can set up a similar filter on the website side using the Woo Manage Fraud Orders plugin. You can set it up to automatically block the users that execute consecutive failed attempts at placing an order on your site. The plugin allows you to set a limit to the number of fraud attempts. For example, you can set this at 5 attempts. This way, 5 will be the maximum number of transaction attempts sent to the card processor and the attacker is permanently blocked from the website.

    Conclusion

    Credit card testing and bin attacks are on the rise. You can prevent it from happening to your site.

    Make use of fraud prevention features on your credit card processor and implement our recommended security measures on the website side. Find out what anti-fraud measures are available to you as a merchant. These security tools will save you from being fined thousand’s of dollars. Contact your credit card processors to know what tools you can set up. Implement them. Then proceed to implement the security measures on the website next

    If you need any assistance on the technical side, we can help. And if you have questions, don’t hesitate to contact our support team.

    Disclaimer: Article contains affiliate links. When you buy through links from this article, we may earn an affiliate commission.

    People that read this article also liked

    online-shopping-checkout-paymentHow to Fix Checkout Problems in WooCommerce How Often Should I Update My WooCommerce StoreHow Often Should I Update My WooCommerce Store? How to Make Your WooCommerce Store GDPR-Compliant How to Recover Abandoned Carts in WooCommerce ThumbHow to Recover Abandoned Carts in WooCommerce?

    Filed Under: How-To Articles Tagged With: payment gateway, security, WooCommerce

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *


    Woocommerce Support

    wooassist-team-in-Iloilo

    Get 2 Hours of
    FREE SUPPORT

    We are so confident that you will love our services that we will give you your first 4 hours at a 50% discount

    That's 4 hours for only $75

    BUY NOW

    Happy Wooassist Customers

    Awesome! Fantastic! I just went to our site and I see that our site has been fixed!! We are getting orders again thanks to you all at WooAssist! Our site has not worked and looked this good for many months!! You all are awesome! Thank you so much for fixing our site! You have a customer for life! Thanks for making my day wonderful!

    Kenneth Arnold

    We have been quite pleased working with WooAssist as they help fill in the gaps of our development needs, all at a great price. They are always timely and communicate great, I highly recommend their services.

    James Grasty

    My husband and I am EXTREMELY pleased with the WooAssist Team. They provide excellent service, are very knowledgeable, and super easy to communicate with. The team ALWAYS has our company's best interests in mind. I love WooAssist! All of you make my job easier.

    Jennifer Taft leetaft.com

    Categories

    • Code Snippets
    • How-To Articles
    • Interviews
    • SEO For E-Commerce
    • Theme and Plugin Reviews
    • Uncategorized
    • Wooassist News
    • WordPress/WooCommerce News

    Recent Posts

    • How to Use WooCommerce Coupons to Drive Sales; Includes Advanced Custom Enhancements
    • How to Implement WooCommerce Reviews and Ratings: Encouraging Customer Feedback and Building Trust
    • Focus on Your Business: Let Wooassist Handle Your WordPress and WooCommerce Site Updates
    • Maximizing Your Content’s Reach and Impact with Content Promotion
    • Content Marketing Best Practices for Optimizing Local Search Results
    Let us support your online store so you can manage your business

    Get started today

    Get 2 Hours of FREE SUPPORT

    We are so confident that you will love our services that we will give you your first 4 hours at a 50% discount

    That's 4 hours for only $75

    BUY NOW

    Free eBook

    Your subscription could not be saved. Please try again.
    Your subscription has been successful.

    YOURS FREE!

    5 Things Every Online Store Can Fix On Their Website In The Next Week To Increase Sales

    Quick Links

    • How it Works
    • Pricing
    • Blog
    • Contact
    • About Wooassist
    • My Account
    • Checkout
    • Privacy Policy
    • Cookie Policy
    • Terms and Conditions

    Wooassist

    Australia:
    59 Luke St.
    Hemmant QLD 4174

    Philippines:
    San Miguel St.
    Poblacion, Iligan City 9200

    Connect

         

    Copyright © 2025 · Wooassist

    Yours FREE!

    5 Things Every Online Store Can Fix On Their Website In The Next Week To Increase Sales