Comment by christophilus
3 days ago
We had a similar issue and rate limiting + IP blocking did the trick. You don’t have to solve the problem completely; just make yourself a less desirable target than your competitors.
I’d love to hear what you end up doing.
I did the same thing with geo IP blocks + blocks of non-consumer IP ranges. I don't completely block the transaction - I just send them into a different workflow where we manually call them to run the transaction. This works fine for legitimate customers.
That bit about calling / contacting them is a great idea. We just blocked them!