I have a new client who has just been savagely attacked by a credit card fraud ring. His web site sign up forms were filled out by a robot of some type, then when the confirmation email was received it appears they responded automatically (it was a simple "click on this link" confirmation) and then they used another robot to make small puchases on credit cards (average of $3-$10) using what turned out to be thousands of stolen card numbers - all of which they have the CVV2 id for!
Luckily the payment processor turned off the system after about 15 minutes of this activity because of the dramatic change in the clients usage pattern. But in that time nearly 11,000 charges were made totalling just over $42,000 (US).
I have beefed up the security as much as I can this morning. We now require a full billing address which we validate with AVS (why didn't they have this?), an email address (to compare against known fraudulent transaction email addresses by the processor) and a phone number. We will also be using the MaxMind CCV service as soon as we can incorporate the code.
But these are all "after the signup" measures. I would like to add a graphical challenge, like PayPal use. Hopefully this would eliminate the robots.
Can anyone point me to any sample code, or modules for implementing this feature in Perl?
In reply to Validating web-site signups are humans. by jdtoronto
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |