The payment gateway we use on our store (v4.3) shut us off because our checkout page was used by a bot to test a large batch of stolen credit card numbers.
To make the payment gateway happy, I made modifications to our store to put CAPTCHA on the page where credit card numbers are entered. This seems like a reasonable thing to add as a standard feature.
I also saw that in the checkout process the code that checks on order velocity (2 transactions in 30 seconds) does not work if anonymous checkout is allowed. I implemented a customization that looks at the IP address for guest customers instead of the CustomerId.
These customizations are small and would serve to upgrade the security with regard to testing stolen credit card numbers.
George