Security Solutions
- Top
- Service list
- PG Multi-Payment Service
- Security solution
- Mass attack blocking service
Mass attack blocking service
▼ What is the mass attack blocking service?
This service is designed to prevent damage caused by "Credit Master", which is a criminal act that identifies another person's card number by abusing the regularity of credit card numbers.
In response to the act of repeatedly entering the card number, etc. until credit is approved, which is a characteristic of the credit master's modus operandi, it is possible to block repeated authorization requests according to the threshold specified by the merchant.
What is a Credit Master?
A credit master is a fraudulent act committed by a malicious third party in the following ways:
- ・Using a program that exploits the regularity of credit card number generation,
- ・ Determine a valid credit card number that will be issued legitimately,
- ・ Using the merchant's payment form as a stepping stone,
- ・ Repeat the attack mechanically until the expiration date and Security Code of the credit card are known.
Illegally obtained card information may be used for fraud on EC sites that handle high-value products.
* For more information about Credit Master, please check the article for PG Multi-Payment Service merchants below."What you need to know to prevent your EC site from being misused Credit Master damage Current situation and countermeasures"
(2023/4/24 GMO Payment Gateway article)
Influence of Credit Master
The following risks arise as an impact in the event of Credit Master damage.
- ・ Server failure occurs due to increase in traffic volume, etc.
* Credit Master may generate traffic in tens of thousands in a short period of time. - ・ Credit card companies reduce the approval rate, affecting purchases by regular users
- ・Increased card fee rate and suspension of contract with credit card companies
- ・Loss of trust from customers due to service outages or information leaks, etc.
Measures for Credit Masters
There are various countermeasures on the merchant side, but the main countermeasures are the following five points.
* There is no completely safe measure. Continuous measures are required in accordance with changes in criminal methods.
-
(1) Limit the number of times you enter a credit card
Since Credit Master is a method of repeating mechanical attacks, it is effective to take measures to make it difficult to try by setting a limit on the number of times such as using a mass attack blocking service. -
(2) Take measures against bots
Since it is common to use an automated tool called a bot in Credit Master, it is effective to introduce countermeasure tools such as "reCAPTCHA" provided by Google and play mechanical input. -
(3) Introduce a fraud detection system
A fraud detection system is a service that monitors and reviews orders and detects suspicious orders.
Unlike anti-bot tools, it is possible to detect manual fraud by humans. -
(4) Suspension of function in the area under attack
It is effective to stop repeatedly accessed parts of the site, such as membership registration, card information change, and payment functions.
In case a form request is sent directly to the server side, we recommend that you stop functioning on the server side as much as possible. -
(5) Confirmation of fraudulent account orders
Check out the large number of new registered users, accounts, and payment data.
Since there is a high possibility that it will be chargeback (cancellation of sales due to fraud of a third party's card), we recommend that you take measures such as deleting transactions or canceling shipping.
If damage is confirmed, please consider reporting it to the police.
大量アタック遮断サービスの詳細:5つの遮断方式
「大量アタック遮断サービス」は、5つのアタック遮断方式を提供します。
| Attack blocking method | target | summary |
|---|---|---|
| (1) Same order ID transaction | payment Trading | Block requests for the same "order ID" if more than the specified number of authorization requests are made within a specified period of time |
| (2) Same card number transaction | payment Trading | Block requests for the same "card number" if more than the specified number of authorization requests are made within a specified period of time |
| ③同一BIN帯取引 | payment Trading | 同一の「BIN帯」に対して、指定した期間内に指定した回数を超えるオーソリ・リクエストが行われた場合にリクエストをブロック |
| ④同一会員IDカード登録 | Card Registration | Block requests for card registration if more than the specified number of requests are made within the specified period using the same "member ID" |
| ⑤同一BIN帯カード登録 | Card Registration | 同一の「BIN帯」を用いて、指定した期間内に指定した回数を超えるカード登録のリクエストが行われた場合にリクエストをブロック |
Mass Attack Blocking Service Details: How to Set Up
- ・This service is a paid option. To use it, you need to apply from the management screen.
Mass Attack Blocking Service Option application Please check the operation manual on the management screen.
* You will be redirected to the page for member stores. If you are asked for authentication, please enter the ID/PASS described on the "Documents" page in the upper right corner of the site/shop management screen. - ・ Merchants can set blocking conditions on the shop management screen or site management screen themselves.
* The management screen used differs depending on the attack blocking method.
Mass Attack Blocking Service Details: Fees
* This content is for merchants who contract after June 27, 2023.
- ・ There is no charge for the first contract start month.
- ・ A monthly usage fee of 2,000 yen will be charged from the month following the start of the contract.
- ・ Even if you apply in the middle of the month, a full monthly fee of 2,000 yen will be charged.
- ・ Even if you are not using this service, if it is set to "Use", a usage fee will be charged.
This service is applicable when the introduced EC site is operated by a corporation.
If the introductory EC site is operated by an individual, please check here.
