Skip to main content
All CollectionsNexternalSecurity
Nexternal: Activate CAPTCHA for New Customer Registration for Added Security
Nexternal: Activate CAPTCHA for New Customer Registration for Added Security

Recommended security feature for all merchants with online stores that are open to the public and not password protected

Pamela Topper avatar
Written by Pamela Topper
Updated over a week ago

Product: Nexternal

The "Use CAPTCHA For New Customer Registration" feature (Settings/Anti-Fraud and Security) enforces the completion of a CAPTCHA whenever a new customer creates a customer record in the online store. When activated, this feature will require a new customer (not existing customers) to check a CAPTCHA box to verify that they are not a robot, when placing an order or otherwise creating a customer record. If the CAPTCHA, based on complex background algorithms, thinks it might not be a person, it will require an image selection from a matrix.

If you are using a payment gateway in your Order Management System (Settings/Compatible Software/Payment Gateways), enabling this feature will add an additional layer of protection against fraudulent schemes by bad actors who may attempt to use your store for credit card testing*, thereby limiting the potential for fraudulent charges.

Therefore, we recommend that all merchants whose Online Stores are not password protected, enable this feature (Settings/Anti-Fraud and Security).


Because this feature alone may not deter all credit card testing attempts, we strongly recommend that, in addition to enabling this feature, all merchants with Online Stores that are not password protected:

  • strictly enable all security settings provided to them by their credit card gateway and processor, and

  • require the entry of CVV's upon checkout (Settings/Compatible Software/Payment Gateways Preferences/Card Validation Values), and

  • limit the number of declined authorization attempts to a maximum of no more than 3 (Settings/Compatible Software/Payment Gateways Preferences/Maximum Attempts), and

  • deny access to your online store from countries that may be known for high instances of fraud or from which you don't wish to receive orders (Settings/Anti-Fraud and Security/IP Country Overrides), and

  • review orders carefully prior to processing, for additional indicators of credit card testing fraud, which may include, among other things, a substantial and sudden unexplained increase in order volume, multiple orders being placed in somewhat rapid succession, multiple orders all containing the same Bill-To and Ship-To address, multiple orders coming from the same IP address (noted on the order summary page in the Order Management System), orders with gibberish first and last names, and/or orders that are flagged by the Order Management System as being placed from an IP address associated with a country that differs from the Bill-To country on the credit card (Settings/Anti-Fraud and Security/Mismatch Action).


  1. This feature does not apply to new customer records created from within the Order Management System, via XML, or via Customer Integration API.

  2. We strongly recommend that if your Online store is not password protected, you also activate the other security features present in the Settings/Anti-Fraud and Security section of your OMS.

*What is Credit Card Testing?

Credit card testing schemes are attempts by third parties via botnet technology to utilize your Online Store to validate stolen credit cards by placing fraudulent orders. If you have your payment gateway authorizations (Settings/Compatible Software/Payment Gateways/Preferences/Authorization Preferences) set to "validate and authorize" or "validate, authorize and charge", such card testing fraud could result in large numbers of fraudulent authorization transactions for which you may be charged regardless of whether the card is ultimately declined, as well as the creation of a new customer record in your Order Management System for every card attempt.

rev. 5/22/23

Did this answer your question?