Fraud Orders - Spam - Credit Card Scam

Is there any simple, clean solutions to someone trying multiple credit cards on checkout?

We recently received a ton of failed orders in the wee hours from what appears to be someone trying to run a bunch of credit cards to find a "good" card to scam.

We were hoping to avoid reCAPTCHA (assuming it to be applied here: Checkout (user information) form) as it can sometimes upset legitimate customers. I did just active V3 hoping that would not effect good people from getting blocked and negatively impacting sales.

I also saw "Anti fraud add-on", but I'm not sure if that will do the trick either. (?)

Just thinking out loud, but I'm thinking we need something like if someone attempts to process a credit card more than 3-7 times during the same session, it times them out for at least 15 minutes (or some settable time limit) and then blocks for progressively longer period after another repeat session.

Any thoughts on what would help here?


In orders you see that he is trying from the same IP? Just block his IP if yes (access restrictions addon)

Thank you for the suggestion. I just checked and the last 4 failed fraud orders they used a different IP each time and were able to run what looks like about 11 credit cards per minute (at least based off of the 11 failed attempt email messages) while the "attack" was in progress. It lasted almost 3 hours... So far it has been quite since the reCAPTCHA V3 was turned on for Checkout (user information) form, but I'm guessing they may have moved on, at least for the time being...