I am reviewing the security of my website and want to make sure payment-related pages and APIs are well protected from bots, scraping, and fraudulent activity.
My site does not directly process card data on all pages; it does interact with external services and APIs. I want to ensure that endpoints, callbacks, and any future payment integrations are secured properly.
What are the recommended best practices from a CyberSource or Authorize.Net perspective for protecting websites against common threats like bot attacks, fake requests, replay attacks, or unauthorized API access? Are there specific headers, token strategies, or network-level protections that are strongly recommended?
Any guidance or real-world experience would be appreciated.
