Do you have basic security like 1 email is a unique account, and the email needs verification before an order can be placed? Because that simple step will be rate limiting for the attackers but normal and expected for real users.
Also could be worth considering using a dedicated payment processor to handle things. It adds overhead, but so does fraud.
People have already given you options and you repeatedly say “nah, that’s inconvenient”. The inconvenience is the point. You are inconveniencing customers who want to get a thing from you and have a reason to endure it to achieve that goal but you are also inconveniencing the scammers who have no goal at the end so…
Fuck it. Have fun in Santa Fe. Save me a seat and some tequila.
I feel like the card processors should bear this responsibility. I dont have the technical skill to apply most of the suggestions, and I fear damaging my income by doing it wrong.
They should, yes, but they don’t. In fact, they’ll ding you for having too many failed transactions and claim that it’s your responsibility to do something about it.
Do you have basic security like 1 email is a unique account, and the email needs verification before an order can be placed? Because that simple step will be rate limiting for the attackers but normal and expected for real users.
Also could be worth considering using a dedicated payment processor to handle things. It adds overhead, but so does fraud.
I dont want to add barriers for real orders.
I use both Stripe and Paypal to process cards.
You don’t want barriers for scammers because they inconvenience real customers. So you choose to enable the scammers. That is exactly why this works.
Thanks for playing.
I agree. What do you suggest? Just shut it down?
I guess I could move to SantaFe and do something with turquoise.
People have already given you options and you repeatedly say “nah, that’s inconvenient”. The inconvenience is the point. You are inconveniencing customers who want to get a thing from you and have a reason to endure it to achieve that goal but you are also inconveniencing the scammers who have no goal at the end so…
Fuck it. Have fun in Santa Fe. Save me a seat and some tequila.
I feel like the card processors should bear this responsibility. I dont have the technical skill to apply most of the suggestions, and I fear damaging my income by doing it wrong.
They should, yes, but they don’t. In fact, they’ll ding you for having too many failed transactions and claim that it’s your responsibility to do something about it.
You’d think the onus here should be on PayPal and Stripe… Do they have anything to say?
They dont give a flying fuck.
Frustrating. Sorry you’re in this position