Preventing Credit Card Form Abuse Captcha Solution
Posted on 2011-02-16
We have a donation form on our charity site. We would like to accept donations without requiring users to set up an account. We have PayPal set but we also have a form for entering credit card info. Previously we had a very difficult captcha. Later we changed this to human readable question, e.g. "is the sun hot or cold" (answer, cold) We have about 15 questions that a called by random. But it is being hacked. Someone keeps using the form to test credit cards, charging $1 to $50.00 onthe same and different cards. Obviously he is testing and when one goes there he use it to purchase things or whatever. So we need to set up again, a strong defense for this abuse, but we are not sure the best method. Some new captcha methods are good, but so difficult that you have to be an artist or super visual brain to do them. We want a system that works, but will not be so hard as to cause resistance to users to donate.