Comment by yamtaddle
3 years ago
Losing as much as a couple percent of annual sales to prevent card-stuffers from getting through—which can knock you off your payment processor completely—is a pretty easy call for a lot of businesses.
Not sure how the math works out for ad-supported sites, but it pretty strongly favors "moderately-aggressive automated blocking" for those taking direct payments.
It may be understandable if it's on a checkout page.
But Cloudflare often enough blocks users from reading content pages. Cloudflare could just serve their cached static content instead of showing Captchas.
There are several system level and application level ways of dealing with automated traffic, card stuffers, etc.
Sure, a general solution is better, but since everything today is docker running node.js running without a modicum of caching or appfw in front, not surprised things are so fragile