If you find that your web store is experiencing issues with spammy looking registrations or potential carding attempts at checkout, there are a few steps you can take to help prevent those.
- Enable captcha at checkout
- Enable captcha at registration
- Require email validation after registration
- Enable AVS security options with your payment gateway merchant
Enable captcha at checkout
For B2C users, you will want to enable the captcha option at checkout. That is found under "System → Features → (B2C)" /admin/msite/features/public
Enable captcha at registration
Under "System → Modules → User Registration" you should see a few forms. /admin/adminRegistration
One of those forms is for user registration. Click on the "Fields" button.
Ensure that a field for "Captcha" is present, and that it is "Always Enabled" and that it "Is Compulsory".
Require email validation after registration
Edit the settings for your registration form under "System → Modules → User Registration". /admin/adminRegistration. Press the "Edit" button next to your form.
Look for the option "Is email verification required before login" and enable it. This will require all new registrants to confirm their email address, and help prevent spam/fake email accounts.
Enable AVS security options with your payment gateway merchant
Optionally check with your payment gateway merchant for any security options that can be activated.
The best protection you can enable for your store is Cloudflare. It allows you to block web requests based on IP reputation scores, which are collected from Project Honey Pot. It also helps prevent bot access and attacks →
Please see our support guide on how to set up and configure Cloudflare here: https://support.commercebuild.com/article/signing-up-for-cloudflare-and-configuring-your-domain/