Any advice would be appreciated.
My credit card processing company, Worldpay, just charged me the best part of £7000 GBP (about $10,000) in one day. My annual turnover is only double this.
I noticed the amount suddenly taken from my bank account without warning last week.
Apparently I'm a victim of a bot attack whereby someone has attempted 15,000 transactions in the space of half an hour. Each time a transaction failed, I was charged around £0.30 GBP.
I raised a complaint but Worldpay won't pay me back a penny of their charges. Their conclusion is:
"Based on the information above, I’ve not upheld your complaint as a vulnerability within the setup of your website has allowed the card testing attempts which has caused the increase in Authorisation Fees. As the increased fees are as a result of activity outside of our control, I’d be unable to refund them.
Please ensure that you contact your payment gateway provider as they’ll be able to assist you in making changes to stop the attempts."
Surely Worldpay owe a duty of care here? I'm paying for a service whereby you would expect them to recognise such attacks and prevent any more attempted transactions. If not, what is to stop Worldpay hiring people to bot attack websites to make substantial amounts of money?
Or are my payment gateway provider (Sagepay) negligent for allowing this to happen? One of them must have systems in place to stop this.
I would be really grateful to hear people's views on this.