Sansec logo

Protecting your checkout from spambots

Sansec

by Team Sansec

Published in Guides

Got many fake orders or suspicious looking payments? Criminals may spam your store with hundreds or thousands of fake orders to verify stolen credit cards. Typically the orders are for a low price product and the ordering information is clearly fake. This is not only be a problem for your staff but also for your acquiring bank, who may ultimately suspend your account.

At the moment, there is only a single solution for this problem: install a captcha into your checkout process. This prevents automated bots to place any orders, while being completely transparent for your human customers.

Magento 2.3 and higher supports Google's reCAPTCHA by default. Read more on Magento 2 reCAPTCHA here:

If you use a different version or shopping platform, you should ask your developers for a custom captcha implementation. Google reCAPTCHA is the current leader in captcha solutions, but other vendors exist. Capcha implementations are normally quite trivial, however a common mistake is to add captcha verification to the page where customer information is collected, as opposed to the page where the actual payment is processed. Attackers have automated the complete checkout, so you need to protect the last step of the payment flow.

Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Terms & Conditions
|
Privacy & Cookie Policy
Company Reg 77165187
|
Tax NL860920306B01