
Ask HN: Braintree paid us $20K by mistake - QueensGambit
I have an app that costs $18 per month [1]. Everyday, I get about 5-10 paying customers. Today, I got around 1000 paying customers with valid credit card payments in 1 hour. I wrote to Braintree and they have cancelled these payments as &quot;Processor Declined&quot;. But, the subscriptions are still active. Will this charge the credit cards every month? Curious, why this happened? Anyone had similar experience?<p>[1] https:&#x2F;&#x2F;formfacade.com&#x2F;braintree&#x2F;pay&#x2F;website&#x2F;premium
======
soneca
Maybe it was something similar to what happened with freeCodeCamp [0]:
fraudster testing stolen credit card numbers.

I would look hard and overcommunicate with Braintree in order to this does not
badly impact on your business.

[0] [https://www.freecodecamp.org/news/stopping-credit-card-
fraud...](https://www.freecodecamp.org/news/stopping-credit-card-fraud-and-
saving-our-nonprofit/)

~~~
QueensGambit
Thanks for the heads up! Quite plausible!

Braintree support seems to respond very slowly. I will write to them again
about this and the pending subscriptions.

Update: Called the Braintree support just now and verified it is infact a
fraud (credit card attack). Unfortunately, there were 8000+ transactions by
the end of the day and 1000+ transactions went through. I have configured risk
threshold to avoid this in future. Now, I will have to refund and cancel each
of these subscriptions. Damn fraudsters!

------
kirubakaran
It may be a good idea to consider a 7 day or 30 day trial before you charge
the credit card, so that you're not an attractive target for thieves using
your company as a credit card verification service in the future.

------
throwaway888abc
You can use Fraud detection before sending transaction to Braintree +
blacklist of fraudulent transactions.

For example [https://www.fraudlabspro.com/](https://www.fraudlabspro.com/)

