Integration and Testing

Authorize.Net API questions and help with your payment integration.

Posts: 14
Registered: ‎09-07-2018

How to prevent brute force attacks on iFrame?

I have a website using the hosted iFrame on the addPayment page (  A hacker is starting with this page, then seems to have a script that tries hundreds of card numbers per minute until the page successfully saves.  Last night between 2:42:31 AM EST and 2:48:39 AM EST (about 6 minutes), 2993 attempts were made, each causing a test transaction (Test transaction for ValidateCustomerPaymentProfile.) which is an AUTH_ONLY for $0.00.


That's about 8 attempts per second!  Doesn't Authorize.Net have basic brute-force prevention in-place to prevent such an obvious attempt?