We have purposely put in XXXXXXXX, 'Payment error: I5433-XXXXXXXX' as the last eight digits will be different for each event.
This error means that the bank have suspended your merchant bank account due to suspicious activity on your website payments area. You will need to contact the bank.
MERCHANT BANK ACCOUNT REQUIREMENTS FOR ONLINE SALES.
Captcha advise for customers using the MIGS/MPGS payment gateway and WordPress/WooCommerce
It has been reported to the Commonwealth Bank that the MasterCard Payment Gateway has experienced a heavy succession of BIN Brute Force Attacks targeting WordPress/WooCommerce websites. [We are recommending 'ALL' merchants using the MasterCard Payment Gateway to implement captcha's on the account and checkout pages]
Here are our suggestions for hardening your WordPress/WooCommerce website.
There are a few options l would recommend to harden your WordPress website.
These will pretty much stop any Brute Force Attacks.
1, Only allow customers to checkout with a user account, NO guest checkout option. (This option is very important)
2, For the creation of a WordPress account install a Google captcha validation plugin, this way the user has to be verified before they can perform any actions on the website.
For each customer account login they will need to validate the Captcha prompt, we have this set up at ExtensionWorks.
Most Brute Force Attacks are performed by a bot, having a Google captcha validation stops bots instantly.
3, Install a plugin that stops multiple requests (rate limiting) from happening within a certain timeframe. A great plugin is Wordfence or use the Cloudflare Service.
Some website hosts offer more security measures to stop excessive hits on your website.
4, ( Not sure you can do this with MIGS, l know it is available for MPGS )Set up a notification in your payment gateway, as an example, if too many attempts entering a CSC notify you via email, this way you can enable 'I am under attack mode in Cloudflare'. Any requests on your website will be challenged. There are many options to have in place a lot earlier than entering the Card information, with the measures listed above the user or bot would never reach the checkout page.
A really good plugin we found and can recommend is the plugin at WooCommerce: https://woocommerce.com/products/recaptcha-for-woocommerce/
This plugins allows you to also set the Captcha into the payment method on the checkout page or add at the bottom of the checkout page. This plugin or some type a Captcha plugin should be mandated in WordPress/WooCommerce.
Block IP address's from overseas countries, using access logs on your website you can see where the suspicious activity on your website is coming from.
You can block IP'S or certain countries using a plugin like Wordfence Security or iThemes Security or through Cloudflare.
Please sign in to leave a comment.