Hi @mjwalla.
Interesting question that hasn't come up before. The short answer is, "Probably not in any sort of 'smart' way." The longer answer is a question: What's the goal? Captcha is to prevent automated form submission, but we have CSRF to prevent that (in the latest versions of FoxyCart). So I'm wondering what's behind the question.
Thanks for your reply Brett. You've always been very helpful and its much appreciated!
The issue is, our Authorize.net account was recently suspended because someone out there is trying to make thousands of donations to our account. Authorize.net is reporting these transactions as coming from Foxycart.
Foxycart does not report these are valid transactions in the report, but it is still being transmitted to Authorize.net.
My first inclination was to put a captcha on the checkout page to block any bots.
Sorry for the delay. We discussed this internally but the notes never made it here.
Unfortunately, I don't think a captcha would do much for you in this situation, since it wouldn't be server side, and clientside (javascript) wouldn't likely impede the malicious user at all. The best option would be to use your gateway's anti-fraud tools. If your current gateway doesn't have them, we can recommend new gateways to you. Not the best option, but realistically that might be the best. I'll whisper you some additional info.
mjwalla
Member
Interesting question that hasn't come up before. The short answer is, "Probably not in any sort of 'smart' way." The longer answer is a question: What's the goal? Captcha is to prevent automated form submission, but we have CSRF to prevent that (in the latest versions of FoxyCart). So I'm wondering what's behind the question.
The issue is, our Authorize.net account was recently suspended because someone out there is trying to make thousands of donations to our account. Authorize.net is reporting these transactions as coming from Foxycart.
Foxycart does not report these are valid transactions in the report, but it is still being transmitted to Authorize.net.
My first inclination was to put a captcha on the checkout page to block any bots.
any thoughts?
You'll also need to look into the upgrade notes for 060 as well: http://wiki.foxycart.com/static/upgrading
We're using Foxee which currently is not compatible with the latest version of Foxycart. So I think adding a captcha would be our best bet.
Any advice or instructions on how to implement that?
Unfortunately, I don't think a captcha would do much for you in this situation, since it wouldn't be server side, and clientside (javascript) wouldn't likely impede the malicious user at all. The best option would be to use your gateway's anti-fraud tools. If your current gateway doesn't have them, we can recommend new gateways to you. Not the best option, but realistically that might be the best. I'll whisper you some additional info.