mitigation of card-testing fraud
One of my clients is seeing their stripe account inundated with what stripe is describing as card testing transactions, which are being rejected as fraudulent. Stripe has asked us to implement a mitigation plan.
I have reviewed the guidance provided by stripe at:
https://stripe.com/docs/disputes/prevention/card-testing
https://stripe.com/docs/disputes/prevention/advanced-fraud-detection
I write to ask what might already be built into the stripe extension which would help our sites comply with this guidance, and if appropriate to make a feature request that future versions of the extension be extended to facilitate compliance with this guidance.
Specifically, I wonder if:
(1) advancedFraudSignals is for some reason being disabled?
(2) what exists to facilitate integration with captcha verification?
(3) how best the conveyance to stripe of the (a) IP address, (b) customer email, (c) customer name, and (d) billing address might be enabled?
(4) if the IP address might be disabled when the connection between the end user and the server is proxied and X-Forwarded-For headers are not enabled?
(5) if some mechanism for rate-limiting interactions with the stripe API might be enabled in the extension's configuration interface?
Any help would be appreciated.
Thanks, -- Hugh Esco