Overview
If your webstore starts getting flooded with fake registrations, spam accounts, or suspicious checkout activity like card testing attempts, don’t stress. You can lock things down pretty quickly with a few smart settings.
Here’s a simple breakdown of the most effective ways to protect your store and reduce bot activity.
- Enable captcha at checkout
- Enable captcha at registration
- Require email validation after registration
- Enable AVS security options with your payment gateway merchant
Enable captcha at checkout
For B2C users, you will want to enable the captcha option at checkout. That is found under "System → Features → (B2C)" /admin/msite/features/public
Enable captcha at registration
Under "System → Modules → User Registration" you should see a few forms. /admin/adminRegistration
One of those forms is for user registration. Click on the "Fields" button.
Ensure that a field for "Captcha" is present, and that it is "Always Enabled" and that it "Is Compulsory".
Require email validation after registration
Edit the settings for your registration form under "System → Modules → User Registration". /admin/adminRegistration. Press the "Edit" button next to your form.
Look for the option "Is email verification required before login" and enable it. This will require all new registrants to confirm their email address, and help prevent spam/fake email accounts.
Enable AVS security options with your payment gateway merchant
Optionally check with your payment gateway merchant for any security options that can be activated.