Features Comparison Compare Freemius to EDD, WooCommerce, and CodeCanyon/ThemeForest.
Software Licensing Control what features to enable based on the plan and number of site activations.
Buy Button Easily embed a buy button on your website.
Subscriptions Build a sustainable recurring revenue stream.
Automatic Updates Manage and deploy versions all in one place.
Seamless EU VAT Offload sales tax collection to Freemius.
Cart Abandonment Recovery Recover lost sales with automated emails.
Affiliate Platform Manage affiliates. Track clicks, visits & referrals.
Analytics & Usage Tracking Get actionable insights on user behavior.
User Dashboard A fully-featured members area for customers.
Documentation Start by integrating your WordPress plugin or theme in 5 mins to get all our platform features.
Getting Started Getting Started 🚀Integration & ConfigTesting & DebuggingVersion DeploymentLicensing APIBuy Button JS API
Popular Topics Getting PaidSelling Add-OnsBundles & MembershipsOffering Free TrialsUser's Dashboard
WordPress SDK
PHP SDK
System Status
Changelog
PricingCustomers BlogVideosPodcast MarketingCustomer SupportInterviewsProduct FAQ

Changelog / New security system to prevent card testing attacks

New security system to prevent card testing attacks

Over the past few weeks, we’ve gradually been rolling out a new system to identify and block card testing attempts. We already had a system like this in place, but after a few recent attacks, we recognized it needed a complete overhaul to work more intelligently.

Our CTO, Dror Yaakov, has been leading the development of this system. To test its effectiveness, we ran it in “observation” mode over the past few weeks. After gathering enough data and proving its effectiveness, we’re finally letting it out at full capacity. Our hope is that it will better serve our partners to detect attacks and prevent financial losses.

From under the hood

While developing this system, we combined our collective years of experience to come up with the best possible strategies. We learned many things in the process.

Redundancy is good

An attacker is usually smart enough to rotate a large set of emails and IP addresses, among other things. Tracking just one or a few of them is usually not enough. We’ve found that the more redundant the system, the better it is at detecting such parameters.

reCAPTCHA can be bypassed

While Google reCAPTCHA is no doubt an excellent tool to prevent automated submissions, we’ve found it can be bypassed, although this doesn’t come easy or cheap. Relying on reCAPTCHA alone as the ultimate security measure is almost never enough. It’s better to have a two-factor authentication system where real human intervention is always required.

Traffic monitoring works best when everything else fails

A very sophisticated attack can fool even a very strong system. In such cases, having another redundant system to monitor traffic and spikes helps a lot with identifying such attacks.

The above are only a few of the strategies our new system implements. We hope it gives your users a better checkout experience. If you face any issues, please don’t hesitate to contact us at [email protected].