Reduce Brute Force Orders

-- HikaShop version -- : 5.0.0
-- Joomla version -- : 4.3.4
-- PHP version -- : 8.1

After switching to auth.net payment plugin, I've noticed an uptick in the frequency of fraudulent charges (10 in last month vs 3 in several years with previous payment plugin). It seems scammers potentially have lists of valid credit card numbers and billing addresses, but send the order to different locations. I'm trying to figure out if this is a problem with the payment plugin or something else going on with the checkout after recent upgrade to joomla 4 and hikashop 5.

You can see if the transaction logs that the same person is attempting to submit an order with the same email but cycling through billing addresses until one is successful.

Any thoughts on how to help prevent some of this behavior on the hikashop side?

I am using the default authorize.net plugin (with AIM mode enabled) included with hikashop (not the JS one from marketplace).

Even in AIM mode, authorize.net has some address verification filters to help with fraudulent accounts. However, it seems these nefarious users are using the same shipping address and seem to be rolling through lists of credit card and address combinations (brute force) until there is a successful transaction. I can see this in the payment transaction logs from authorize.net.

E.g., there is a single user that has 15 transaction attempts for the same order but uses different credit card and address combinations until something works. We can catch before the order ships out, but I was wondering if there was some clever way to prevent this sort of behavior on the hikashop side.

I can email you a copy of the transaction report from authorize.net to see this behavior if necessary.

Yes, i am currently using AVS which helps out a lot with preventing fraud.

The "onBeforeOrderCreate" counter would be very helpful in this case. I could see where this might be a useful tool for most Hikashop payment plugins. However, it's a little out of my wheelhouse to develop a plugin