Reply
Highlighted
Contributor
Posts: 13
Registered: ‎09-07-2018

How to prevent brute force attacks on iFrame?

I have a website using the hosted iFrame on the addPayment page (https://accept.authorize.net/customer/addPayment).  A hacker is starting with this page, then seems to have a script that tries hundreds of card numbers per minute until the page successfully saves.  Last night between 2:42:31 AM EST and 2:48:39 AM EST (about 6 minutes), 2993 attempts were made, each causing a test transaction (Test transaction for ValidateCustomerPaymentProfile.) which is an AUTH_ONLY for $0.00.

 

That's about 8 attempts per second!  Doesn't Authorize.Net have basic brute-force prevention in-place to prevent such an obvious attempt?