Understanding Spam Account Creation
Across the internet, bad actors take stolen credit card information and will typically test those credit cards on random websites to see if they're valid or not. Unfortunately, this may mean that from time to time, you encounter these fraud bot tests.
While Uscreen has protections in place, no protections today can completely block these bots. We recommend that you enable Block Rules via Stripe to help with this.
Uscreen Prevention Measures
Email verification: We require email confirmation for all new accounts before they can be used, adding an extra layer of verification to prevent automated bot registrations.
reCAPTCHA integration: We provide reCAPTCHA on checkout pages and account registration forms.
Advanced fraud detection: We employ advanced email recognition systems to monitor for spammy-looking purchases and suspicious patterns.
Payment verification: Our integration with payment processors includes verification steps that help identify potentially fraudulent transactions.
Suspicious activity monitoring: Our systems monitor for unusual patterns of account creation or purchase attempts that might indicate bot activity.
IP tracking: The system tracks IP addresses to identify and potentially block sources of suspicious activity.
Geo-blocking capabilities: The platform allows for blocking registrations from specific countries where you don't expect to have customers.
Stripe Radar integration: We support Stripe Radar implementation, which provides additional fraud prevention tools.
π NOTE: Despite these protections, no system can block 100% of bots, which is why we recommend additional security measures like enabling Stripe Radar block rules.
π Learn more about Stripe Radar
Preventing Spam Accounts
Enable CAPTCHA
You can enable CAPTCHA directly from your Admin Area to add an extra level of security. This feature distinguishes real users from bots during sign-ups and logins.
Navigate to Settings > Security
Toggle the option to enable/disable the security feature
βΉοΈ INFO: Google's reCAPTCHA v3 assigns a trust score to user interactions and automatically blocks suspicious activities without interrupting the user experience.
π Learn more about CAPTCHA
Enable Stripe Radar Block Rules
If you use Stripe, we strongly recommend enabling more stringent anti-fraud options, such as setting up Stripe Radar Rules.
With this feature, you can create rules specific to your business or use Stripe's built-in rules that allow you to take action when a payment matches the criteria that you define.
These block rules help reduce bot attacks that test stolen credit card information.
To enable these block rules, follow these steps:
Log in and go to your Stripe account dashboard
Go to Payments > Radar
Navigate to the Rules tab
Scroll down to Block Rules
Enable the rules for CVC verification failure and postal code verification failure
We recommend enabling CVC and Zip Code block rules.
Block Specific Payment Methods
You can block specific credit card numbers in Stripe to prevent known fraudulent cards from making purchases on your store, with or without Stripe Radar.
This is particularly useful if you notice repeated attempts from the same card.
π Learn more about Blocking a Specific Credit Card Number
π NOTE: If, while in Stripe, you notice that the fraud accounts are coming from a specific country where you do not expect to sell content, you may consider geo-blocking your site for that country.
π Learn more about Geo-Blocking
Handling Existing Spam Accounts
Spam Accounts Without Payment Information
You can delete the spam accounts manually through your Admin Area.
Navigate to People
Search for the suspected spam account
Click the ellipsis (...)
Select Delete
π NOTE: For Uscreen Plus stores, you may request a bulk removal of spam users through our Support Team. Bulk requests of this nature can take up to 7-10 business days to be fulfilled.
Please reach out to us with the list of users to be removed in a CSV file, with the user ID and/or user email in separate columns.
Spam Accounts With Payment Information
You can also find random accounts being created with credit cards associated. In this case, someone is likely trying to test stolen credit cards.
It means you want to act fast, but no need to panic!
If you are on a Plus plan, we're happy to help delete the subscriptions, card information, and accounts.
We will also issue refunds to any of the cards that were charged (in case your subscriptions did not have trials or if one-time transactions were completed).
All you need to do is provide us with a CSV export of the accounts you want to have deleted in bulk.
π Learn more about Exporting User Reports
Handling Disputes
Even with these precautions, some chargebacks or disputes may still happen, whether they arise from fraudulent charges with stolen credit cards or from dissatisfied customers. Occasionally, buyers may resort to disputes due to buyer's remorse.
No matter what the cause is, the way you handle these disputes can drastically change the outcome.
We recommend addressing Stripe disputes as soon as you can after receiving a notification to demonstrate your commitment to resolving the issue. Communicate as clearly as you can, and use documentation like order details and communication records to back up your case as much as possible.
Once you come to a mutually satisfactory resolution, disputes can be a valuable learning opportunity. Analyzing the root causes of disputes gives you an opportunity to improve your offerings and billing practices.
FAQs
What should I do if my site experiences a card testing attack?
What should I do if my site experiences a card testing attack?
If your site ever experiences a card testing attack, you can delete the spam accounts manually or contact Uscreen support with a CSV export of the accounts you want to have deleted in bulk (Plus plan clients).
How can I tell if an account is spam?
How can I tell if an account is spam?
Look for patterns such as:
Multiple accounts created in a short time period
Unusual email addresses or patterns
Failed payment attempts
Accounts from countries where you don't typically have customers
Will spam accounts affect my analytics?
Will spam accounts affect my analytics?
Spam accounts can skew your analytics data, particularly for metrics like trial conversion rates. It's a good practice to regularly clean up spam accounts to maintain accurate reporting.