Showing results for 
Search instead for 
Did you mean: 

CIM createCustomerPaymentProfile fraud protection non-existent

The CIM process to add payments to a customer has no form of fraud protection available.  Anyone can quickly write a script to run against a website and send lists of credit cards to validate which ones are valid.  


Advanced Fraud Detection has only 1 feature that would potentially stop this, which is limiting your account when a large number of transactions go through.  This, however, is unacceptable as it limits everyone from processing transactions not just the offending customer. 


There is no IP Address accepted by the Create Customer Profile, so any IP checking wouldn't work.  


Since CIM is a paid service, I would expect there to be a feature to filter number of transactions by a single customer WITHIN the service.  But there isn't.  


As a result, I had someone write a script against my website and send 25,000 requests before my processor notified me.  Didn't get notification from AuthNet.  All transactions were rejected, however, I ended up racking up $2,500 in AVS checking fees as a result.  


As a company, you obviously know about carding attacks but have not done anything to restrict it within CIM.   Please add this feature ASAP.


I am glad to see the seriousness that Authnet and the community are taking this issue.



It's very hard to deal with frauds...