03-12-2020 08:24 PM
I have a website using the hosted iFrame on the addPayment page (https://accept.authorize.net/customer/addPayment). A hacker is starting with this page, then seems to have a script that tries hundreds of card numbers per minute until the page successfully saves. Last night between 2:42:31 AM EST and 2:48:39 AM EST (about 6 minutes), 2993 attempts were made, each causing a test transaction (Test transaction for ValidateCustomerPaymentProfile.) which is an AUTH_ONLY for $0.00.
That's about 8 attempts per second! Doesn't Authorize.Net have basic brute-force prevention in-place to prevent such an obvious attempt?