Status

The following four cards at the top of the dashboard indicate the overall HPM threat status of your tenant:

• Status: the latest HPM threat status of your tenant

• Pages Affected: the number of pages under attack

• Card Validation Count: the total number of card validation requests for the defined time range in Filters

• Card Validation Failure Rate: (the number of failed card validation requests/the total number of card validation requests) for the defined time range in Filters

The metrics presented in the Attack Factors chart provide further information about the threat status. See the following “Attack Factors” section for more information.

Attack Factors

On the Overview tab, the Attack Factors chart presents the change in values of the following factors within a time range, compared with the historical average value of each factor. The value on the vertical axis shows, at a certain time, how many percentages a factor's value is higher or lower than its historical average.

• Submit Page Count: the total number of page submission requests

• Submit Page Failure Rate: the number of failed page submission requests/the total number of page submission requests

• Card Validation Count: the total number of card validation requests

• Card Validation Failure Rate: the number of failed card validation requests/the total number of card validation requests

The table below the chart also presents the values of Submit Page Count and Submit Page Failure Rate for each hosted payment page. The Under Attack value indicates the HPM threat status of your page. Yes indicates your page is under attack.

Attack Patterns

On the Overview tab, the Attack Patterns card presents the following metrics to help you detect possible attack patterns. By default, six metrics are displayed on the card. Click View All to see all the following metrics in a pop-up window:

• Submit Page to Request Ratio: the number of page submissions/the number of submission requests. Use this metric to see whether the same token is repeatedly used in page submissions.

• Unique IP Addresses: the number of unique IP addresses, from which the requests are submitted.

• IP Rate Limiting Blocks: the number of page submission requests that are blocked by the IP-Based Rate Limiting security setting. Use this metric in combination with the Unique IP Addresses metric to see whether IP-based attacks take place and whether the IP-Based Rate Limiting security setting takes effect.

• Card Submitted: the number of cards, for which the requests are submitted.

• Unique Cards Submitted: the number of unique cards, for which the requests are submitted.

• Card Rate Limiting Blocks: the number of requests that are blocked by the Card-Based Rate Limiting security setting. Use this metric in combination with the Unique Cards Submitted and Card Submitted metrics to see whether card-based attacks take place and whether the Card-Based Rate Limiting security setting takes effect.

• CAPTCHA Enterprise Challenge: the number of reCAPTCHA Enterprise challenges that are loaded. Use this metric to see whether the reCAPTCHA Enterprise security setting is enabled.

• CAPTCHA Enterprise Validation Score < 0.9: the number of reCAPTCHA Enterprise validations with the Risk Score Threshold value less than 0.9. Use this metric to see whether reCAPTCHA Enterprise takes effect. If the Risk Score Threshold value of most of the validations is less than 0.9, consider increasing the value to 0.9 to block the attack traffic.

Page Submit Requests

On the Pages tab, the Page Submit Requests chart presents the following metrics for each hosted payment page:

• The total number of page submission requests (the whole bar)

• The number of successful submission requests (the green section of the bar)

• The number of failed submission requests (the red section of the bar)

The table below the chart presents the following metrics for each hosted payment page:

• Under Attack: HPM threat status of your page. Yes indicates your page is under attack.

• Render Page Count: The number of page render requests.

• Submit Page Count: The number of page submission requests.

• Unique Card Submitted: The number of unique cards, for which the requests are submitted.

• Unique IPs Count: The number of unique IPs from the page submission requests.

• IP Rate Limiting Blocks: The number of page submission requests that are blocked by the IP-Based Rate Limiting No Content found for /db/organizations/zuora/repositories/prod-sitemap/content/documents/external_publications/payments/Process_payments/Topics/ip-based_submission_rate_limiting.dita security measure.

• Blocked IPs Count: The number of unique IPs from page submission requests that are blocked by the IP-Based Rate Limiting security measure.

• Card Rate Limiting Blocks: The number of page submission requests that are blocked by the Card-Based Rate Limiting security measure.

• Token Expiration Blocks: The number of page submission requests that are blocked by the Token Expiration security measure.

• Tenant Rate Limiting Blocks: The number of page submission requests that are blocked by the Tenant-Level Rate Limiting security measure.

• Captcha Enterprise Blocks: The number of page submission requests that are blocked by the Google reCAPTCHA security measure.

• Other Submit Page Failure Reason

Settings

On the Settings tab, the configuration data of the following security settings for each hosted payment page are presented:

• Token Expiration: the value of the Limit the number of submissions before blocking submission setting

• IP Rate Limiting: the number of times a hosted payment page can be submitted per minute and per hour from the same IP address

• Card Rate Limiting: the number of times a hosted payment page can be submitted per minute, per hour, and per day for the same card

• Risk Score: the value of the page-level Risk Score Threshold setting

Recommended actions for securing each hosted payment page are also provided.

For more information about these settings, see Secure your Payment Pages 2.0 integration with Zuora security measures .