The payment gateway we use on our store (v4.3) shut us off because our checkout page was used by a bot to test a large batch of stolen credit card numbers.
To make the payment gateway happy, I made modifications to our store to put CAPTCHA on the page where credit card numbers are entered. This seems like a reasonable thing to add as a standard feature.
I also saw that in the checkout process the code that checks on order velocity (2 transactions in 30 seconds) does not work if anonymous checkout is allowed. I implemented a customization that looks at the IP address for guest customers instead of the CustomerId.
These customizations are small and would serve to upgrade the security with regard to testing stolen credit card numbers.
George
Feature Request - CAPTCHA On Credit Card Payment Info Page
- 33
- 175
- 2021/9/3
- Australia
Hi George
This has just happened to us also.. can you advise how you implemented recaptcha on the payment page? Im a bit dumb when it comes to code... but I am stunned this isnt here as standard.. and especially on guest checkout..
Our "special Guest" made a transaction at 2pm and then 2 hours later hit us with close to 1500 transactions.. all as guests all fraudulent and got 53 through.. its wasted a lot of time and i'm surprised that it happened.. even more surprised my payment gateway didnt block anything..
Steve
This has just happened to us also.. can you advise how you implemented recaptcha on the payment page? Im a bit dumb when it comes to code... but I am stunned this isnt here as standard.. and especially on guest checkout..
Our "special Guest" made a transaction at 2pm and then 2 hours later hit us with close to 1500 transactions.. all as guests all fraudulent and got 53 through.. its wasted a lot of time and i'm surprised that it happened.. even more surprised my payment gateway didnt block anything..
Steve