Fully cracked fraudulent cards being used to complete purchases. NOT the typical card testing carding attacks.
What steps have you taken to resolve the issue?
Gone through all our security settings, including tweaks to the merchant account. I’m just wondering if Cloudflare can actually protect from this and how, not just rate limiting, as per this blog post: Announcing Cloudflare Fraud Detection
What are the steps to reproduce the issue?
Calling the phone number being used in the order to find some are fake or go nowhere. The fraudster appears to have all the info needed to use a stolen card without having to test. They are coming to this site to actually place fraud orders.
This below would be the best bet to mitigate these requests.
However, if a card is used in its first time on your zone and not added to the lists that are checked against. As well as them trying to keep trying to use the card until it works would be another method to signal this.
At this time Fraud detection would be your best bet to mitigate a percentage of these requests.
Just asking but do you use 3D Secure with your cc processor?
If i recall correctly it adds additional step of login to bank’s site or SMS to registered phone no.