I have been getting many calls from Law Enforcement agencies around the US for fraudulent charge attempts from Indonesian based IP addresses. The attempts are always run on the Authorize.net SIM method, but fail on AVS errors, so no charges are completed. It seems they are attempting to verify credit card numbers using aMember's checkout. There really needs to be a way to prevent repeated signup attempts. Perhaps a timer...I'd suggest IP blocking but in the last 10 minutes, I've seen 10 signup attempts from 10 different IP's...I keep adding then to the ban list and they keep changing their IP. The use user names like: asasasa or wdwdwdwd...you get the idea, no valid email either. Guess I have to implement email validation...
You allow paid access with an unverified email address? Urk! FWIW my Bank cancelled my card because someone started testing it for use and managed a transaction through iTunes. Almost lost my dedicated server because I had no card number for 10 days.
I tried setting up amember's email verification but it slowed the signup process down to a crawl. Plus, adding the extra step of verifying the email address of each potential user drastically reduces sales conversion. If only there was a better way. When I buy online, I have yet to buy from a site that requires email address verification. We simply use PHP tickets for any fumbled email address issues. Fir now I have seemed to have blocked the IP of the offender. That, and stern warning notices to hackers. Also considerign joining Hacker Safe this year. Any more rumors on a new version of aMember? BTW Jeno...I purchased your db ubtility but it did not resolve the issues I mention in the post you replies to....sorry, don't remeber the exact post, but it was regarding DB rebuild issues.