Help! Payment processor disabled account because someone has been running thousands of cc attempts

I received an email from our payment processor that we have temporarily been disabled, because over the past 24 hours, someone has tried to run cc numbers through our system over 2000 times. They are suggesting adding captcha to our checkout, but a search says that is not possible with Foxycart. Is this something the CSRF system you have in place is supposed to prevent? Any suggestions on how to fix this, so our account can get unlocked and we can start accepting payments again?

> Contact their Gateway and website vendors to determine the root cause
>of the testing.
>€ Have their Gateway provider add Velocity Filters for the number of
>times a card could be tried and the number of times a single IP address
>can send transactions to them as well as any other controls that can
>prevent this type of activity.
>€ Have their systems for Malware & Spyware.
>€ Add CAPTCHA to their website
  • fc_adamfc_adam FoxyCart Team

    I'm sorry to hear that you've been impacted by nefarious people attempting to bulk test credit cards. We are currently looking into adding in some additional anti-fraud features to help prevent this type of thing happening. We don't have a timeframe for when it will be added, but it's definitely something we have in line for a future enhancement.

    For right now - we'd recommend enabling minfraud on your store. It can be found on your payments page in the FoxyCart administration. Currently for your store it's disabled (set to 0), and setting it to anything between 1 and 100 will enable it.

    Minfraud will review the transaction prior to it being sent to your gateway - and based on information about the transaction - including the address details, users IP address etc, determines a score out of 100 of the likelihood of the transaction being fraud. On that scale, 100 means that it's very likely not fraud, where as 1 would be something that looks very fraudulent.

    We generally recommend starting around 50-60 for a minfraud threshold, and then reviewing transactions as they come in for your store to see if you need to lower that to be a little tighter.

    For more information on minfraud, you can review our wiki at
  • Thank you Adam! I have activated it, and I will tell our payment processors about it when I contact them to get us up and running again.

    Thanks for the help!
Sign In or Register to comment.