we have seen some strange behavior on our FC site on 3 different occasions now, where a line item is added to the cart that has all the parameters of product A, BUT with the title of product B. This is weird because it appears like the customer either started ordering product A but somehow product B's title got mismatched, OR customer wanted product B but also wanted product A's configuration options and thus figured out a way (form manipulation) to order product A's options but replace the title with product B.
Form manipulation is our leading theory, but its odd that this has happened 3 times with 3 different customers, 3 diff ip addresses, cc nums etc. Also maybe I'm naive but I didnt think the average ecommerce shoppers were savy enough or sneaky enough to figure out how to manipulate a hidden form field in that way, once in a while yes, but its happened 3 times already this month.
So we are going to put some things in place that will *hopefully* stop the form manipulation bits, but I also wondered if it was theoretically possible to send add-to-cart requests from multiple websites beyond our own? What if someone were to scrape our site in some manner and allow items to be added to the cart and orders to be placed from a website that is not ours? Is this possible or is FC safeguarded against this in some way? E.G. Adding items to secure.mywebsite.com can ONLY happen if the request comes from www.mywebsite.com or from a certain ip address?
thanks for any insight you might have!