- A new option allows an authorization token to be used during order placement. The token must be submitted with each AUTH action. The token will be unique to each basket and will change every time an AUTH action is performed, requiring bots or other attackers attempting to validate cards through automated means to view the OPAY page prior to submitting the AUTH action.
- A new Authorization Blacklist allows specific IP addresses to be prevented from performing credit card authorizations. IP addresses may be added to this list manually or automatically if more than the configured number of authorization failures occur in a specified period of time.
- Authorization failures are now logged and visible from the Authorization Failures tab of the Order Processing screen
- Failed authorization attempts can now be rate limited by adding a delay after an authorization failure
- The software can now be configured to require a shopper to restart the checkout process after a specified number of authorization failures
- reCAPTCHA can now be added to the checkout process to prevent bots from validating card numbers against a store. The reCAPTCHA may be turned on manually or enabled whenever a threshold number of authorization failures occur within a specified period of time.
21022: Module: upsxml: Selected UPS non-freight methods show up as $0 on OPAY when the shipment total is over 150lbs