Here's an odd one... For the last month or so, we've been seeing at least one daily event like this:
Someone comes to our website, adds a large count of any random product into their shopping basket, for a total of somewhere between $1000 and $2000, and then attempts to place the order, which always fails. They then repeat over and over and over, trying different combinations of credit card numbers, CVV2 codes and/or expiration dates. The first posting of the billing page seems to come from the web browser, but subsequent postings might be coming from some script, since they do not request the images that are included on the redirected-to-after-the-failure billing page.
The IP addressess of the "attackers" are all over the world, although the pattern is always the same.
> They trying to find credit card numbers that work, > so then they can use them to buy things somewhere else.
If that's the case, why try for the large amounts? it would make more sense to use smaller totals. Also, I wonder if this is common out there or if there's something specific about our setup that's making us targets for this.