小偷偷银行卡破密码

My 2 year old woke me up by canonballing from my bed's headboard down onto my face. I groaned and peeled off my eye mask. My phone said it was Wednesday, January 8, 2020 – the big day.

2岁的我从床上的床头板向下撞到我的脸，使我醒来。 我吟着，撕下了眼罩。 我的手机说这是2020年1月8日(星期三)重要的日子。

I tucked my son under my arm and jogged to my desk. I'd been up until 2 a.m. finishing the announcement for our new #AWSCertified Challenge.

我把儿子塞在胳膊下，然后慢跑到书桌上。 我一直等到凌晨2点才完成新的#AWSCertified Challenge的宣布 。

And so far, the launch was going well. Our new Twitter bot was tweeting, and our Discord chatroom was abuzz with ambitious developers eager to earn their AWS certifications.

到目前为止，发布进展顺利。 我们的新Twitter机器人在发推文，而我们的Discord聊天室里充斥着渴望获得其AWS认证的雄心勃勃的开发人员。

I was getting ready to meet with my team when I noticed two strange emails – both of which arrived within minutes of one another.

当我注意到两封奇怪的电子邮件时，我正准备与我的团队会面-两封电子邮件彼此之间都在几分钟内到达。

"Your a fraud" read one of the emails in typo-riddled English. "That's exactly what I'm thinking since I see a charge on my financial institution from you and since I've never heard of you. Yes you need to resolve this."

“您的欺诈行为”以拼写错误的英语阅读其中一封电子邮件。 “这就是我一直在想的，因为我看到了您对我的金融机构的指控，并且因为我从未听说过您。是的，您需要解决这个问题。”

The other email was... well, let's just say it was also an angry letter and let's leave it at that.

另一封电子邮件是……好吧，我们只说这也是一封愤怒的信，让我们留在那儿。

freeCodeCamp is a donor-supported nonprofit, and we have thousands of people around the world who donate to us each month. Once in a while, there are misunderstandings – usually when one family member donates without telling the other. But this felt different.

freeCodeCamp是捐助者支持的非营利组织，我们每个月都有成千上万的人向我们捐款。 偶尔会有误解-通常是当一位家庭成员捐赠时却没有告诉对方。 但这感觉不一样。

So I tabbed over to Stripe, the credit card processing service our nonprofit uses for donations. On a typical day, we'd have 20 or 30 new donors. But here's what I saw instead:

因此，我转到了Stripe，这是我们的非营利组织用于捐赠的信用卡处理服务。 通常，我们会有20或30个新的捐助者。 但是，这是我所看到的：

It took me a moment to process what was happening. Our nonprofit – which operates on an annual budget of less than $400,000 – had just received more than $60,000 in 24 hours - and from thousands of donors.

我花了一些时间来处理正在发生的事情。 我们的非营利组织的年度预算不到40万美元，在24小时内刚刚从数千名捐助者那里收到了60,000多美元。

And my heart began to sink. There was no way those were real donations. We've had spikes in donations from articles in major newspapers. Heck – I've even been interviewed on Good Morning America. But none of those spikes caused such a surge in donations.

我的心开始下沉。 这些都是真正的捐赠。 主要报纸上的捐款数量激增。 哎呀-我什至在《早安美国》上接受了采访。 但是这些高峰都没有引起捐款激增。

No. There was only one thing that could cause a surge in donations like this. Fraud. Extensive, programmatic credit card fraud.

否。只有一件事可能会导致像这样的捐款激增。 舞弊。 广泛的程序化信用卡欺诈。

I'd heard about this technique before. It's called "card testing." Here's how it works:

我以前听说过这种技术。 称为“卡片测试”。 运作方式如下：

1. A fraudster finds a website with a relatively simple credit card form. 欺诈者找到一个具有相对简单的信用卡形式的网站。
2. Then they run scripts to test thousands of stolen credit card numbers in rapid succession. That way they can see which cards are still valid and which ones have been cancelled. 然后，他们运行脚本以快速连续地测试数千个被盗的信用卡号。 这样，他们可以查看哪些卡仍然有效，哪些卡已被取消。
3. Then they turn around and sell those valid card numbers on the dark web.然后他们转身在暗网上出售那些有效的卡号。

In this case, I'd detected the fraud much faster than a lot of other websites would have. So I had a window.

在这种情况下，与其他许多网站相比，我发现欺诈的速度要快得多。 所以我有一个窗户。

If I acted quickly and reported all of these credit cards as stolen, I could save victims around the world from lots of subsequent – and much more substantial – credit card charges. I could prevent thousands of stressed-out phone calls to banks.

如果我Swift采取行动，并报告所有这些信用卡被盗，那么我可以为世界各地的受害者免除许多随后的，甚至更为庞大的信用卡费用。 我可以避免成千上万的压力打给银行的电话。

测量残骸 (Surveying the Wreckage)

I ran some queries in Stripe. A discovered that a single fraudster had made donations with 20,000 different stolen credit cards.

我在Stripe中运行了一些查询。 发现一个欺诈者使用20,000种不同的被盗信用卡进行捐款。

The good news was that Stripe had detected all but 3,537 of these transactions as stolen cards, and had declined them.

好消息是，Stripe将3,537笔交易中的所有交易都检测为被盗卡，并拒绝了。

But the bad news: this still left 3,537 people out there who were now getting notifications from their banks that they'd just donated to our nonprofit.

但是，坏消息是：这仍然留下3,537个人，他们现在从银行收到有关他们刚刚捐赠给我们的非营利组织的通知。

To make things worse, I had no idea who the victims were, and had no way to contact them to explain what had happened.

更糟的是，我不知道受害者是谁，也没有办法联系他们解释发生了什么。

I sunk into my chair. My mind was racing.

我沉入椅子。 我的心在赛车。

How did a fraudster manage to get through our donation form's validation?

欺诈者如何设法通过捐赠表格的验证？

How did they get 3,537 transactions past Stripe's fraud detection?

在Stripe欺诈检测之后，他们如何获得3,537笔交易？

And how on earth did they get the 20,000 stolen credit card numbers to begin with?

他们到底是如何获得20,000个被盗信用卡号的呢？

But none of that mattered right now. All I knew was I needed to refund each and every one of those transactions immediately.

但是，现在这些都不重要。 我所知道的是，我需要立即退还每笔交易。

But wait.

可是等等。

Oh no.

不好了。

This wasn't just a matter of giving those people their money back.

这不仅仅是将这些人的钱还给他们的问题。

This was much more serious than that.

比这严重得多。

欢迎来到拒付地狱 (Welcome to Chargeback Hell)

Whenever someone calls their bank to dispute a credit card transaction, the bank initiates a process called a "chargeback." This is a sort of forced refund.

每当有人打电话给银行对信用卡交易提出异议时，银行就会启动一个称为“拒付”的流程。 这是一种强制退款。

Credit card holders get the benefit of the doubt in these cases. So merchants always bear the liability for these chargebacks.

在这些情况下，信用卡持有人会从怀疑中受益。 因此，商家始终要承担这些退款的责任。

Not only does the bank take the money back from the merchant – they also add a chargeback fee. For Stripe, this fee is $15.

银行不仅从商家那里取回钱款，还增加了退款费用。 对于Stripe，此费用为$ 15。

That meant that our nonprofit could potentially be on the hook for $15 per transaction.

这意味着我们的非营利组织可能会为每笔交易支付15美元。

I quickly scrawled out some numbers on my graphing paper.

我很快在方格纸上画了一些数字。

$15 times 3,537 transactions is...

15美元乘以3,537笔交易...

$53,000.

$ 53,000。

My heart started pounding. My mouth went dry.

我的心开始跳动。 我的嘴干了。

$53,000? That would completely wipe out our nonprofit's rainy day fund.

$ 53,000？ 那将彻底消灭我们非营利组织的雨天基金。

For a moment I desperately searched my thoughts for a course of action.

有一阵子，我拼命地寻找着自己的想法。

Then I vaulted onto my keyboard. I found a way to get Stripe support to call my phone.

然后我跳到键盘上。 我找到了获得Stripe支持以致电我的电话的方法。

And while I waited for their callback, I figured out a query I could use on Stripe to pull up all of the fraudulent transactions in a single 177-page report.

当我等待他们的回叫时，我想出了一个可以在Stripe上使用的查询，可以在一个177页的报告中提取所有欺诈性交易。

I summoned our team to brainstorm a response.

我召集我们的团队来集思广益。

They quickly figured out which of freeCodeCamp.org's API endpoints the fraudster had used, and put in a hotfix to disable it.

他们Swift找出欺诈者使用了freeCodeCamp.org的API端点中的哪一个，并放进了修补程序以将其禁用。

One of our developers said, "I can write a script that just goes through and deletes all these transactions."

我们的一位开发人员说：“我可以编写一个脚本来删除所有这些事务。”

"It's not that easy," I said. "We need to keep records of all of these transactions. Not just for auditing purposes, but in case anyone with the FBI or Interpol contacts us. Also we need to refund these transactions. Immediately. Every minute that passes is a minute thousands of people could be calling their banks and filing chargebacks against our nonprofit."

我说：“这并不容易。” “我们需要保留所有这些交易的记录。不仅出于审计目的，而且如果有FBI或国际刑警组织的任何人与我们联系。我们也需要退款给这些交易。立即进行。每分钟，每分钟有一千人可能会打电话给他们的银行，并对我们的非营利组织提出退款要求。”

"OK, I think I got it," another developer said. "I'm looking at Stripe's API doc and I think I found the right API endpoint. I can pull together a script."

“好的，我想我明白了，”另一位开发商说。 “我正在查看Stripe的API文档，我认为我找到了正确的API端点。我可以整理一个脚本。”

My phone started to ring with a number I didn't recognize. So I said, "Sounds like a plan, team. Let's make it happen." And I dropped from the meeting to answer my phone.

我的电话开始以我不认识的号码响铃。 所以我说：“听起来像是一个计划，团队。让我们实现它。” 然后我从会议上回了电话。

The first Stripe support person I talked to immediately escalated me after I explained what had happened. They put me on hold.

在我解释发生了什么事后，我与之交谈的第一个Stripe支持人员立即使我升级。 他们搁置了我。

But time was of the essence, and each transaction I could refund – however manually – was a transaction that couldn't result in a chargeback.

但是时间是至关重要的，我可以退还的每笔交易(无论是人工操作)都是一笔不会导致拒付的交易。

One by one, I started clicking "refund transaction" and then "report transaction as fraudulent." Two clicks, a couple seconds of loading, and then I was able to move on down to the next transaction.

我一个接一个地单击“退款交易”，然后单击“将交易报告为欺诈”。 单击两次，加载几秒钟，然后我就可以继续进行下一个事务了。

I timed myself as I went down the page, mindlessly clicking "refund transaction" and "report transaction as fraudulent" over and over again.

当我浏览页面时，我为自己计时，一遍又一遍地单击“退款交易”和“将交易报告为欺诈”。

Then I reached for my graphing paper and crunched the numbers.

然后我拿起我的方格纸并整理数字。

By just continuing to do what I was doing – clicking through this list like a robot – I was on track to refunded all 3,537 transactions in 4 more hours.

通过继续做我正在做的事情–像机器人一样单击列表–我可以在4个多小时内退还所有3,537笔交易。

It was possible my team wouldn't be able to get the script working in time, anyway. So I just kept doing it.

无论如何，我的团队可能无法及时运行脚本。 所以我一直在做。

Click. Wait. Click. Wait. "Transaction Refunded!" Scroll down. Rinse and repeat.

单击。 等待。 单击。 等待。 “交易退款！” 向下滚动。 冲洗并重复。

Eventually Stripe support came back on the phone. They had some well meaning but fairly obvious advice.

最终，Stripe支持再次出现在电话上。 他们有一些很好的意思，但是很明显的建议。

I spent the next hour scrolling through manually issuing refunds as fast as I could. I had two more calls with Stripe support. I talked with every support tech I could to see if I could get some sort of breakthrough that might speed up the process of refunding these transactions.

在接下来的一个小时中，我尽可能快地浏览了手动退款。 在Stripe支持下，我还有两个电话。 我与所有支持技术人员进行了交谈，以查看是否可以获得某种突破，从而可以加快退款的速度。

But about 1,200 refunds into the process, the "Transaction Refunded!" message stopped showing up. In its place read an ominous message: "Refund Pending."

但是大约有1200笔退款进入了流程，“交易退款！” 消息停止显示。 取而代之的是一个不祥的消息：“退款待定”。

I tried another refund. "Refund Pending."

我尝试了另一笔退款。 “退款待定”。

Oh geez.

天哪

他们不会让我这么容易，对。 (They're not going to make this easy for me, are they.)

I immediately tabbed back to Stripe's support page and requested another callback. They explained to me that I could no longer refund transactions because we didn't have any more money in our Stripe account.

我立即跳回到Stripe的支持页面，并请求另一个回调。 他们向我解释说，我无法再退还交易，因为我们的Stripe帐户中没有更多的钱。

"Impossible," I said. "We just got $60,000 in donations."

我说：“不可能。” “我们刚刚收到了60,000美元的捐款。”

"Yes," said the support person. "But $40,000 of that is in transit to your bank."

“是的。”支持人员说。 “但是其中有40,000美元正在转移到您的银行。”

I glanced at Stripe's dashboard. The support person was right.

我看了看Stripe的仪表板。 支持者是正确的。

When I had set up our nonprofit's Stripe account 2 years before, I had set the payout schedule to "Automatic every day."

2年前，我建立了非营利组织的Stripe帐户后，将付款时间表设置为“每天自动”。

Even though our Stripe account had received 40 times the usual amount of donations that day, Stripe had just gone ahead and transferred the money out to our bank.

即使我们的Stripe帐户当天收到的捐款数量是平时的40倍，Stripe仍继续进行并将资金转入我们的银行。

So I checked our bank account. But the $40,000 wasn't there. The credit was still pending.

所以我检查了我们的银行帐户。 但是那40,000美元不存在。 信用额仍在等待中。

The $40,000 was neither in our Stripe account or in our bank account. It was somewhere in between. And until it landed, we had no way to access it.

40,000美元既不在我们的Stripe帐户中，也不在我们的银行帐户中。 它介于两者之间。 直到它降落，我们无法访问它。

So now I couldn't refund the transactions even manually. And as long as these transactions were in "Refund Pending" status, we were at risk of chargebacks.

所以现在我什至无法手动退还交易。 只要这些交易处于“退款待定”状态，我们就有拒付的风险。

I got on the phone with Stripe again. They told me: "You have a negative balance on your Stripe account and can't issue any more refunds."

我再次与Stripe通话。 他们告诉我：“您的Stripe帐户余额为负，无法再退款。”

I asked: "How do I make my Stripe balance positive again so I can issue the remaining 2,300 refunds?"

我问：“我如何使我的Stripe余额再次变为正数，以便可以发放剩余的2300笔退款？”

"You can send us a bank wire," the support person suggested. And a moment later, Stripe's wire information popped up in my email inbox. "Once you've wired us the money, send us confirmation. Within 24 to 48 hours, we can unfreeze your account so you can start issuing refunds again."

支持人员建议：“您可以给我们发送银行电汇。” 片刻之后，Stripe的电汇信息在我的电子邮件收件箱中弹出。 “一旦您将钱汇给我们，请向我们发送确认。我们会在24至48小时内解冻您的帐户，以便您可以再次开始退款。”

"You're telling me I have to wait 2 days to finish issuing these refunds?" I asked, exasperated.

“您是在告诉我，我必须等待2天才能完成这些退款的发放？” 我生气了。

My team had a script ready, and they'd tested it using Stripe's sandbox. "But we shouldn't run it if the donations are in pending status," they told me. "It could mess something up. We can't find any documentation about this."

我的团队已经准备好脚本，他们已经使用Stripe的沙箱对其进行了测试。 他们告诉我：“但是，如果捐款处于未决状态，我们不应该运行它。” “这可能会搞砸。我们找不到有关此的任何文档。”

By this time it was dark outside. My kids had gone to bed for the night. And I'd spent the entire day on the phone with Stripe.

这时候外面很黑。 我的孩子们晚上睡觉了。 我整天都在和Stripe通话。

I sat down at my desk and stared at the bank wire information. I double checked the email for any indications of spoofing – any hints of a scam – but didn't find any.

我坐在办公桌前，盯着银行电汇信息。 我仔细检查了电子邮件中是否有任何欺骗迹象-任何欺诈迹象-但没有发现。

I was about to wire $40,000 – our nonprofit's entire rainy day fund – over to a multi-billion dollar corporation. Just so we could finish refunding a bunch of unlucky people who'd had their credit card numbers stolen – probably during a data breach at some other multi-billion dollar corporation.

我正准备将40,000美元(我们的非营利组织的整个雨天基金)汇给一家数十亿美元的公司。 如此一来，我们就可以退还一大批不幸的信用卡号码被盗的不幸用户-可能是在其他数十亿美元公司的数据泄露期间。

Surely this wire information would be publicly listed on Stripe's website somewhere. But I plugged the wire number into Google and got zero results.

该电汇信息肯定会在Stripe网站的某个地方公开列出。 但我将电汇号插入Google，结果为零。

There was no way to be sure that the Stripe support person had given me the correct wire information – and not their own personal bank account's information. This would be unlikely, yes.

无法确保Stripe支持人员给了我正确的电汇信息，而不是他们自己的个人银行帐户信息。 是的，这不太可能。

But it would be an abdication of my responsibility as our nonprofit's treasurer to risk sending $40,000 worth of our own donors' money into a black hole.

但是，作为我的非盈利组织司库，我有责任冒着将价值40,000美元的捐赠者资金汇入黑洞的风险，这是我的责任。

So I called Stripe one more time. And at this point, I thought what the heck. I'm just going to keep asking them to escalate me until I reach one of the Collison brothers (Stripe's founders) – or at least somebody in fraud prevention. It was nearly midnight, but I figured it was worth a shot.

所以我又打电话给Stripe。 在这一点上，我认为这很糟糕。 我将一直要求他们升级，直到我遇到Collison兄弟之一(Stripe的创始人)–或至少有人防止欺诈。 快到午夜了，但我认为值得一试。

Finally, I reached a support technician a bit higher up who seemed different. I pushed extra hard, extra politely. I told her what was at stake.

最后，我遇到了一位看起来与众不同的支持技术人员。 我加倍加倍地礼貌地推。 我告诉她发生了什么事。

She went quiet for a moment. And then she said: "I might know of another way."

她安静了片刻。 然后她说：“我可能知道另一种方式。”

It was like someone had suddenly jammed a syringe of Vitamin B12 into my arm. I perked right up and said, "Really?"

就像有人突然将一瓶维生素B12塞入我的手臂。 我振作起来，说：“真的吗？”

"It's possible. But I'm going to have to put you on hold for a long time," she said.

她说：“有可能。但是我将不得不长时间搁置你。”

But before she put me on hold, I confirmed – once the funds were available in our Stripe account, would the refunds that were in pending status immediately go through?

但是在她让我搁置之前，我确认–一旦我们的Stripe帐户中的资金可用，处于待处理状态的退款会立即通过吗？

She said they would.

她说他们会的。

She also reassured me that if – if – I could get these fraudulent charges into "refunded" status, there would be no further risk of a chargeback. When peoples' banks contacted Stripe, Stripe would just tell the banks that "the charge has already been refunded."

她还向我保证，如果- 如果 -我可以将这些欺诈性指控转为“退款”状态，则不会再有拒付的风险。 当人民银行联系Stripe时，Stripe只是告诉银行“费用已经退还”。

And just like that, I saw a light at the end of the tunnel.

就像那样，我看到了隧道尽头的一盏灯。

If I could convince Stripe to somehow unfreeze our account, all the "refund pending" transactions would cascade into refunded status. This would eliminate the grand piano hanging over my head of the $53,000 worth of chargebacks to our nonprofit.

如果我可以说服Stripe以某种方式冻结我们的帐户，则所有“退款待处理”交易都将变为退款状态。 这将消除悬在我头上的三角钢琴对我们的非营利组织的价值$ 53,000的退款。

And with that, more hold music.

这样一来，更多的音乐就可以举行。

I pulled up the scripts our team had created to programmatically refund all the fraud victims.

我提取了我们团队创建的脚本，以编程方式退还所有欺诈受害者。

"Damn," I thought. "If this script doesn't work exactly like it's supposed to, there's no telling what could happen."

“该死，”我想。 “如果该脚本无法按预期运行，就无法说明会发生什么。”

And so, just to be sure, I decided to commit the most heinous sin a programmer can commit. I did it manually.

因此，可以肯定的是，我决定犯下程序员可能犯下的最令人发指的罪行。 我是手动完成的。

Through hours of hold music, callbacks, and updates from different people at Stripe, I sat at my computer grinding down the list.

在数小时的不间断的音乐播放，回叫和来自Stripe不同人的更新中，我坐在电脑前仔细研究了这份清单。

Click. Wait. Click. Wait. "Refund pending." Scroll down. Rinse and repeat.

单击。 等待。 单击。 等待。 “退款待处理。” 向下滚动。 冲洗并重复。

Then another support person came onto the phone and asked me exactly how much money I still needed to refund in total.

然后，另一位支持人员上了电话，问我到底还需要退还多少钱。

Realizing I only had a few more pages of refunds to go, I asked her to wait as I clicked through. By the time I saw the final page, it was like a marathon where the finish line was finally in site. And together we celebrated the final pending refund.

意识到我只剩下几页退款了，我让她等一下。 当我看到最后一页时，就像马拉松一样，终点线终于出现在现场。 我们一起庆祝了最后的待定退款。

When all was said and done, our nonprofit's Stripe account balance was negative $53,060.

总而言之，我们的非营利组织的Stripe帐户余额为负$ 53,060。

She relayed the number to the fraud department and told me I could go to sleep for the night. But I told her I insisted on staying up until every last transaction was fully refunded, and asked her to call me back to keep me posted.

她把电话转给了欺诈部门，并告诉我我可以睡一晚。 但是我告诉她，我坚持熬夜直到每笔交易都全额退款为止，并要求她回电话给我，以保持我的职位。

I grabbed my jacket and went out for walk in the mild January midnight.

我抓起外套，在温和的一月午夜出去散步。

After a couple hours of not staring at a monitor, I went back inside and hit refresh.

几个小时不盯着显示器看后，我回到屋子里，刷新一下。

I had already reported every single transaction as fraudulent. And now every single donation had been refunded in full to all 3,537 credit card fraud victims.

我已经将每笔交易都报告为欺诈。 现在，每笔捐款已全额退还给所有3537名信用卡欺诈受害者。

And as I sighed in relief, I imagined the fraudster somewhere on the other side of the planet. I envisioned them sitting in some smoke-filled cybercafé seething, pounding their hand on the table and shouting: "I just tested these credit card numbers yesterday. Why aren't they working?"

当我松了一口气时，我想到了骗子在地球另一端的某个地方。 我设想他们坐在一些冒烟的网吧里，冒着热气，,着他们的手在桌子上大喊：“我昨天刚刚测试了这些信用卡号。为什么他们不工作？”

I sent my team a final update that everything was resolved. Thanks to their swift action, and a little bit of grit when dealing with Stripe support, all of the refunds would hit the victim's accounts within the next few days.

我向我的团队发送了最后的更新，以解决所有问题。 由于他们的Swift行动，以及与Stripe支持打交道时的一点毅力，所有退款将在接下来的几天内降到受害者的账户上。

Most of the victims would have no idea what had happened, and probably wouldn't even notice the charge followed by a negation of that charge.

大多数受害者都不知道发生了什么，甚至可能不会注意到指控，然后又否定了该指控。

They'd just get a replacement credit card in the mail from their banks, then cut up their old, compromised credit cards and move on with their lives.

他们只是从银行收到邮件中的替换信用卡，然后将旧的，被盗用的信用卡剪掉，然后继续生活。

I climbed up the stairs exhausted. The launch of the #AWSCertified challenge seemed to go OK without me. Either way, it could wait.

我爬上筋疲力尽的楼梯。 没有我，发起#AWSCertified挑战似乎还可以。 无论哪种方式，它都可以等待。

For now, I had only one priority: sleeping as many hours as possible before my 2 year old son jumped onto my head again in the morning.

目前，我只优先考虑一个事情：在我2岁的儿子早晨再次跳入我的头之前，尽可能多地睡觉。

得到教训 (Lessons Learned)

第1课：关闭条纹自动付款 (Lesson 1: Turn off Stripe Automatic Payouts)

If you use Stripe, turn off the automatic payouts.

如果您使用Stripe，请关闭自动付款。

I just got lucky that we had a long working relationship with them, and enough money in our checking account in case we'd needed to wire them money.

我很幸运，我们与他们建立了长期的合作关系，并且在我们的支票帐户中有足够的资金，以防我们需要向他们汇款。

第2课：有时可以手动进行 (Lesson 2: It's OK to go manual sometimes)

Don't be afraid to swallow your pride and do things the old fashioned way.

不要害怕以一种老式的方式吞下自己的骄傲。

Sometimes doing things the manual way – while tedious – is the safest way to prevent even more catastrophe.

有时，尽管很乏味，但以人工方式做事是防止更多灾难的最安全方法。

As the old astronaut saying goes, "There is no problem so bad you can't make it worse."

就像古老的宇航员所说的那样：“没有问题，如此糟糕，你不能让它变得更糟。”

Your clever script might save you time. Or it might create a mess that takes far more time to clean up. Consider all outcomes before running it.

您的聪明脚本可能会节省您的时间。 否则可能会造成混乱，需要花费更多时间进行清理。 运行它之前，请考虑所有结果。

第3课：与支持人员保持一致 (Lesson 3: Be persistent when dealing with support)

If I hadn't continued to press for Stripe for a better solution than wiring them a bunch of money, our nonprofit would have been vulnerable to chargebacks for several more days, and this could have cost us thousands of dollars.

如果我没有继续向Stripe求助，而不是向他们要求大笔资金，那么我们的非营利组织将很可能再遭受几天的拒付，这可能使我们损失了数千美元。

It pays to be polite but insistent.

有礼貌但坚持不懈是值得的。

第4课：那里有一些真正的混蛋。 (Lesson 4: There are some real bastards out there.)

"Security in IT is like locking your house or car – it doesn't stop the bad guys,  but if it's good enough they may move on to an easier target." - Paul Herbka

“ IT的安全性就像锁住房屋或汽车–不会阻止坏人，但如果足够好，他们可能会朝着更容易的目标前进。” -保罗·赫布卡

freeCodeCamp is open source, and has tons of security researchers who notify us of potential vulnerabilities through responsible disclosure. We are locking our proverbial doors.

freeCodeCamp是开源的，并拥有大量的安全研究人员，他们通过负责任的披露将潜在的漏洞通知我们。 我们正在锁上众所周知的门。

But despite all our efforts, an attacker still saw us as an easier target than some of the big e-commerce sites. They were sophisticated enough to find their own zero-day vulnerability in our codebase. And they may do the same for your organization.

但是，尽管我们付出了所有努力，但攻击者仍将我们视为比某些大型电子商务网站更容易受到攻击的目标。 他们足够复杂，可以在我们的代码库中找到自己的零日漏洞。 他们可能会为您的组织做同样的事情。

Never forget that you and I share a planet with villains who are willing to inconvenience thousands of people just so they themselves can make a quick buck.

永远不要忘记您和我与小人共享一个星球，他们愿意为成千上万的人带来不便，以使他们自己可以Swift赚钱。

Stay vigilant, friends.

保持警惕，朋友。

哦，我可能应该告诉您有关AWSChallenge的信息。 (Oh, and I should probably tell you about the AWSChallenge.)

If you've ever wanted to get into cloud computing, freeCodeCamp.org just launched several free courses focused on Amazon Web Services.

如果您曾经想进入云计算领域，那么freeCodeCamp.org刚刚推出了几门针对Amazon Web Services的免费课程。

Learn more about the #AWSCertified Challenge here.

在此处了解有关#AWSCertified挑战的更多信息 。

Happy coding.

快乐的编码。

翻译自: https://www.freecodecamp.org/news/stopping-credit-card-fraud-and-saving-our-nonprofit/

小偷偷银行卡破密码