You should refund the money ASAP through your merchant account.Thing is, one of these orders went through, passing all tests, and the money (around $1,000) is in our account. Although the money deposited is less than the total amount recorded in our shopping cart. So I can't refund the money, or else we will be out about $150, and the person's information is bogus, so where would that money go even if I did issue a refund?
The money deposited is probably less than the order because of the merchant account fees that were taking out before it went into your account.
It's best to login to your payment gateway and issue a refund immediately for the total and the transaction will be reversed. That will save you the issue of a chargeback (and any fees associated with that)
This is probably done with an automated bot that tries to mimic human behaviour.Then I started noticing incredibly odd things. People started creating accounts on our site with nonsense information. Things like "asdasd asdasdasdsad" as their name and billing address, saying that they live in Antartica, and listing a 10 digit phone number.
You could setup your merchant account gateway to have some additional fraud protection. I know Authorize.net offers a fraud protection suite that is helpful for online orders. You can filter based on IP address range/location/missing information/no CVV match/volume of orders tried, etc.
People shouldn't have to complete a captcha to finish an online purchase. That will definitely deter sales.I just installed captcha in the event that these attempts are automated, I'm not sure about this.
It could be that the shopping cart you're using is more vulnerable to these attacks somehow. Have you checked the Zen Cart forums to see what others have tried to stop these type of attacks.