What I wanted to ask about is to see if there is a way to prevent user accounts from being created upon orders until AFTER the payment gateway accepts the payment. We’re having hacker users submit fake orders that get declined just so they can get user accounts established. We don’t want them to have a user account if their order failed. I’m currenlty having to manually delete these users each time a failed order happens.
We think the default functionality should be to delay the user account creation until after the payment gateway accepts the payment.
We have one hacker submitting MANY fake orders trying to get accounts established and/or testing credit card numbers fraudulently obtained to see if any go through. We don’t want this person to have an account on our site.
He’ll submit 15 different orders with different credit cards within the same minute on the time-stamp, so he has to have bot involvement on this in some way.
We’re worried that if he has an account on the site, he’ll be able to find some other vulnerability somewhere that will allow him to upgrade that account to having admin credentials.
Open
Last updated: August 9, 2023
0 comments
Log in to comment on this feature request.