Credit card security in a e-commerce site

[sbayter]

Hi,
I have a website in which I seel phonecards online.
Recently I had a problem with a guy that seems to have a credit card database and keeps buys cards like crazy from lebanon.
I had to disable the site temporarily.
FYI, When you go to the site you can buy as a guest or with your own account.
I suggestions on how to deal with this security problem?
Thanks,



sbayter

 

[dmhirsch]

What are you trying to prevent? I assume your site is using a commercial credit card validation / billing process, which should permit only valid credit card transactions. If not, then that's the first step. If you're doing that, then you wouldn't want to prevent customers with legitimate credit cards from making multiple purchases, would you?

Second thought: eliminate the guest option and prevent more than, say, 5 transactions per day per login. But this would only be a nuisance, as the offending party could just open multiple accounts.

 

[clarkin]

Is it a security problem to do with your site? Or is it that someone is using your site with say stolen card nos?

If you are using some sort of (3rd party, say a bank's) CC validation gateway (as dmhirsch points out) then you are pretty much covered IMO.
If you do it yourself somehow.. then perhaps you should consider not doing it this way

Basically, if the CCs validate with an 'official' billing gateway then process them. I don't think it would have anything to do with security of your site.

Posting code? Wrap it with code tags: [ignore]

[/ignore][code]CodeHere

[ignore][/code][/ignore].