1. Home
  2. Software security & privacy
  3. Fraud management: JavaScript Challenge

Fraud management: JavaScript Challenge

On rare occasions, your pages could be subject to multiple submissions by a “bot”, most likely to a donation page. These are usually attempts to validate stolen data, such as card numbers. 

We have several measures in place (please read the fraud management article) to combat these, such as Captchas. But sometimes further measures need to be implemented to mitigate the issue.

In these cases, we may place a “JavaScript Challenge” (also known as a “JS Challenge”) on your page which will validate the visit and determine whether it is legitimate or not.

Why would a JavaScript Challenge be added?

Our recent migration to the Cloudflare network allows us to enable new security protocols for our clients, and utilise closer monitoring of web traffic through the domains you use with Engaging Networks.

The accounts or support team will contact you should this happen, but we may have to act quickly and add this pre-emptively, for example if an issue occurs out of hours.

While these attacks should not get processed by your gateway (which has its own protections in place), it can mean the attempts are recorded in your account causing you data problems, and in addition our reputation with the gateway could be reduced if we appear to be letting this activity happen.

The JavaScript Challenge is a temporary measure and we will remove it once we can see this activity has stopped.

What does a JavaScript Challenge do?

The challenge is placed on an individual page URL, or URLs, that are being subjected to the attack.

When the URL is visited, our Cloudflare technology will look at the visitor and determine whether it is valid or not. For example, it can look at the IP of the visit and compare it against problem IPs, or it can determine via the method of visit whether it is a bot or not.

The challenge adds a short (around 3 to 5 seconds) delay before your page is loaded.

Your legitimate supporters would not be blocked by this and can continue as normal.

What does a JavaScript Challenge look like?

The challenge shows a page that says “Checking your browser before accessing [your url]” with some animated dots below.

After a few seconds, the page is loaded:

Updated on March 16, 2022

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support