Protecting your checkout from spambots

Got many fake orders or suspicious looking payments? Criminals may spam your store with hundreds or thousands of fake orders to verify stolen credit cards. Typically the orders are for a low price product and the ordering information is clearly fake. This is not only be a problem for your staff but also for your acquiring bank, who may ultimately suspend your account.

At the moment, there is only a single solution for this problem: install a captcha into your checkout process. This prevents automated bots to place any orders, while being completely transparent for your human customers.

Magento 2.3 and higher supports Google's reCAPTCHA by default. Read more on Magento 2 reCAPTCHA here:

• Magento user guide on reCAPTCHA
• Magento 2.4 dev docs on reCAPTCHA

If you use a different version or shopping platform, you should ask your developers for a custom captcha implementation. Google reCAPTCHA is the current leader in captcha solutions, but other vendors exist. Capcha implementations are normally quite trivial, however a common mistake is to add captcha verification to the page where customer information is collected, as opposed to the page where the actual payment is processed. Attackers have automated the complete checkout, so you need to protect the last step of the payment flow.