Add Funds should require fraud check as well - perhaps treat as order
-
Websavers shared this idea 2 months ago
- Payments/Billing
- Post the first comment
2
Votes
Login to Vote
If a malicous user gains access to a customer account, they are able to process credit card transactions by using the WHMCS Add Funds function that avoids fraud checks. Then they can place their order without having credit card details as part of the fraud check. This allows them to bypass most fraud rules.
The Add Funds function should also be passed through a fraud check prior to allowing the transaction to complete. This is particularly true if WHMCS is configured to always complete a fraud check on every order from a customer.
The Add Funds function should also be passed through a fraud check prior to allowing the transaction to complete. This is particularly true if WHMCS is configured to always complete a fraud check on every order from a customer.
Post the first comment
Login to post a comment.