You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Plugin user complained about the vague error returned when he entered an invalid credit card number. The API log had a more detailed message and he thought that message should be presented to the user. I responded with this information...
"The PayPal system will return pretty good info like this in most cases, but if we display that actual error back to the user then fraudsters who are trying to test stolen cards would know exactly what they need to fix. For example, in cases where an AVS failure occurs, they would know they need to find the correct address. There are many ways fraudsters use error codes to help filter out good and bad cards (for them to use) and if your site is returning this sort of detail you can quickly become the target of carders hitting your site with hundreds, if not thousands of $1.00 transactions to test all these stolen cards. It can be a nightmare.
I've been toying with the idea of presenting this an option within the plugin settings, so you as the site owner can decide whether or not to display detailed errors back to the user or not. Or, I may try to come up with a list of specific errors that aren't a big deal to return back to the user (your example is a good one for that) and only show details for those but still mask the details in most cases. "
Need to look into this a bit more and figure out the best resolution.
The text was updated successfully, but these errors were encountered:
Plugin user complained about the vague error returned when he entered an invalid credit card number. The API log had a more detailed message and he thought that message should be presented to the user. I responded with this information...
"The PayPal system will return pretty good info like this in most cases, but if we display that actual error back to the user then fraudsters who are trying to test stolen cards would know exactly what they need to fix. For example, in cases where an AVS failure occurs, they would know they need to find the correct address. There are many ways fraudsters use error codes to help filter out good and bad cards (for them to use) and if your site is returning this sort of detail you can quickly become the target of carders hitting your site with hundreds, if not thousands of $1.00 transactions to test all these stolen cards. It can be a nightmare.
I've been toying with the idea of presenting this an option within the plugin settings, so you as the site owner can decide whether or not to display detailed errors back to the user or not. Or, I may try to come up with a list of specific errors that aren't a big deal to return back to the user (your example is a good one for that) and only show details for those but still mask the details in most cases. "
Need to look into this a bit more and figure out the best resolution.
The text was updated successfully, but these errors were encountered: