phpsecuritywoocommercee-commercefraud-prevention

Detect if credit card is from the US


I have a client with a WooCommerce site that is running into a scam that I can't find a quick solution for.

They are primarily a US based company, but the payment gateway is accepting credit cards that have been issued outside of the US. The customer makes an order, completes the transaction, and then cancels the credit card. This is causing the client to be both out of money and product as the overseas banks typically don't care about refunding the money back to him.

What are some methods/strategies that I can use to make sure that all credit cards that come to his site are from the US?


Solution

  • Check this out:

    https://binlist.net/

    Now lets take a look on a credit card:

    enter image description here

    You can now use this and a custom WooCommerce filter to validate the BIN. You need to find a way getting the credit card number because I don't know which plugin you use for credit card payment:

    /**
     * Check if credit card is from a us country
     */
    add_action( 'woocommerce_after_checkout_validation', 'validate_credit_card', 10, 2 );
    function validate( $data, $errors ) {
        $bin      = '45717360'; // <-- you need to find a way to get your credit card infos and take the first part with substr()
        $response = wp_safe_remote_get( 'https://lookup.binlist.net/' . $bin );
    
        if ( isset( $response['body'] ) ) {
            $response_body = json_decode( $response['body'] );
    
            if ( $response_body->country->alpha2 !== 'US' ) {
                $errors->add( 'credit_card_error', 'Your credit card is not from a US country.' );
            }
        } else {
            $errors->add( 'credit_card_error', 'Unable to check your credit card.' );
        }
    }