We have been seeing this same behavior on one of out 3.70 stores, an customer account is created then it proceeds to run a series credit card numbers through the payment page and it is hitting authorize.net 400 - 500 times in a row. I think they are checking stolen credit card numbers through the stores to find good cards, because one actually made it past declined, which we voided quickly. I made a few tweaks to the registration page and billing address page to make it harder if it is a bot. We do need a way to block IP's automatically that attempt to run many transactions in a short period of time.
I am monitoring the store to see if it happens again or not after the changes and tweaks.
nSomeone is running a script in a loop to process Authorize.net transactions. We have already changed those but after two days the script has been run again.
So no one from nopcommerce wants to address this???
What script do you mean? What exactly does it do? Please clarify. Does somebody place fake orders very often? But I don't think it can help somehow to get secret keys to Authorize.NET or PayPal. Furthermore, it's not possible using the same customer account because we have "ordersettings.minimumorderplacementinterval" setting. You can simply set it to 300 (5 minutes) or more. And in case of placing new orders using distinct customer accounts you can enable email confirmation during registration.
Which leads us to this. Why is all of the important security information for PayPal, credit card processors and everything else stored in the database as clear text and not stored as encrypted data like customer passwords???
Storing all this information as encrypted data would ensure that NO ONE
could obtain the information either from the website back end or by hacking the database under ANY circumstance!!!
Thanks for suggestion. This work item already exists. Please find it here
Secondly why hasn't the captcha been modified so that it also can reside on the shopping cart 'Order Confirmation Page'???
I've never seen that some stores placed CAPTCHA to checkout. It can stop some customers from buying. Anyway please vote for this work item here