Client getting SPAM'd hard

We have a client running Foxycart and he's getting hammered with a lot of fake orders daily (some cases 600 or 700/day). He contacted his Payment Gateway (authorize.net) to modify the security settings which has helped a lot, but he's still getting a lot coming through every day which burns his time having to sort through real and fake orders. Once the product is shipped, the "customer" does a charge back and he loses his product and money.

Is there a way to add something like Google reCAPTCHA on the product page itself such that before anyone can even click on the "add to cart" button, they must first prove they're not a spambot?

By the way, I did find this posting in your forums, but it appears you didn't have a solution at that time:

https://forum.foxycart.com/discussion/10694/recaptcha

Thanks!
Tagged:
Comments
  • brettbrett FoxyCart Team
    Hey @flinx777. First thing to do would be to turn on minFraud in the payments page of the admin. That should get it sorted out immediately, as it'll prevent the huge bulk of them from going to Authorize.net in the first place.

    We do have a ticket to add reCAPTCHA (conditionally) to the checkout, so we'll note this situation on that ticket. (We've got another security improvement we'll be adding as well, but that's a bit more "secret" at this point.)
  • Hey Brett,

    To confirm, you're referring to this in the Foxycart admin (not Authorize.net admin), correct?

    http://files.smashstack.com/RlsN/1pJpko6l

    If so, the tip in the admin says:
    To enable MaxMind's minFraud services, set the minimum score threshold between 0 and 100 you want to allow for your store here. Leave this as 0 to disable minFraud and set it to 100 to turn on logging but to allow all transactions.
    How do I know what score to set it at? I could put it at any number between 1 and 100? Not even sure what number to set it at or even sure how I decide which number to advise the client.

    Also reading the documentation in the Foxycart wiki for Authorize.net (https://wiki.foxycart.com/gateways/authorize.net), I see there's a lot of options:

    http://files.smashstack.com/EvS8/1l3xxL72

    But in the Authorize.net admin, it appears the options are a little different (no checkbox but rather several options for each setting):

    http://files.smashstack.com/fKZb/45vMPxLw

    Any advice on how to set those? If we need to have a private conversation, I can whisper you the details.

    Thanks!
  • brettbrett FoxyCart Team
    minFraud: https://wiki.foxycart.com/v/2.0/minfraud
    If you're getting hit hard, set it to 4 and keep an eye on it. We'll followup about the rest privately.
Sign In or Register to comment.