CIM createCustomerPaymentProfile fraud protection non-existent

lcmj — Wed, 24 Feb 2021 10:45:37 GMT

The CIM process to add payments to a customer has no form of fraud protection available. Anyone can quickly write a script to run against a website and send lists of credit cards to validate which ones are valid.

Advanced Fraud Detection has only 1 feature that would potentially stop this, which is limiting your account when a large number of transactions go through. This, however, is unacceptable as it limits everyone from processing transactions not just the offending customer.

There is no IP Address accepted by the Create Customer Profile, so any IP checking wouldn't work.

Since CIM is a paid service, I would expect there to be a feature to filter number of transactions by a single customer WITHIN the service. But there isn't.

As a result, I had someone write a script against my website and send 25,000 requests before my processor notified me. Didn't get notification from AuthNet. All transactions were rejected, however, I ended up racking up $2,500 in AVS checking fees as a result.

As a company, you obviously know about carding attacks but have not done anything to restrict it within CIM. Please add this feature ASAP.

Re: CIM createCustomerPaymentProfile fraud protection non-existent

lcmj — Sun, 28 Feb 2021 21:55:14 GMT

I am glad to see the seriousness that Authnet and the community are taking this issue.

Crickets.

Re: CIM createCustomerPaymentProfile fraud protection non-existent

TresaLonghi — Tue, 03 Aug 2021 15:59:10 GMT

It's very hard to deal with frauds...

topic Re: CIM createCustomerPaymentProfile fraud protection non-existent in Integration and Testing

CIM createCustomerPaymentProfile fraud protection non-existent

Re: CIM createCustomerPaymentProfile fraud protection non-existent

Re: CIM createCustomerPaymentProfile fraud protection non-existent