https://community.developer.cybersource.com/t5/Integration-and-Testing/How-to-prevent-brute-force-attacks-on-iFrame/m-p/71053#M43726 <P>I have a website using the hosted iFrame on the addPayment page (<A href="https://accept.authorize.net/customer/addPayment" target="_blank">https://accept.authorize.net/customer/addPayment</A>).&nbsp; A hacker is starting with this page, then seems to have a script that tries hundreds of card numbers per minute until the page successfully saves.&nbsp; Last night between 2:42:31 AM EST and 2:48:39 AM EST (about 6 minutes), 2993 attempts were made, each causing a test transaction (Test transaction for ValidateCustomerPaymentProfile.) which is an AUTH_ONLY for $0.00.</P><P>&nbsp;</P><P>That's about 8 attempts per second!&nbsp; Doesn't Authorize.Net have basic brute-force prevention in-place to prevent such an obvious attempt?</P> Fri, 13 Mar 2020 03:24:39 GMT TroyW 2020-03-13T03:24:39Z https://community.developer.cybersource.com/t5/Integration-and-Testing/How-to-prevent-brute-force-attacks-on-iFrame/m-p/71053#M43726 <P>I have a website using the hosted iFrame on the addPayment page (<A href="https://accept.authorize.net/customer/addPayment" target="_blank">https://accept.authorize.net/customer/addPayment</A>).&nbsp; A hacker is starting with this page, then seems to have a script that tries hundreds of card numbers per minute until the page successfully saves.&nbsp; Last night between 2:42:31 AM EST and 2:48:39 AM EST (about 6 minutes), 2993 attempts were made, each causing a test transaction (Test transaction for ValidateCustomerPaymentProfile.) which is an AUTH_ONLY for $0.00.</P><P>&nbsp;</P><P>That's about 8 attempts per second!&nbsp; Doesn't Authorize.Net have basic brute-force prevention in-place to prevent such an obvious attempt?</P> Fri, 13 Mar 2020 03:24:39 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/How-to-prevent-brute-force-attacks-on-iFrame/m-p/71053#M43726 TroyW 2020-03-13T03:24:39Z