In a current setup Commerce Stripe uses Elements to display payment form on the "review" step of the checkout process. When the review step is submitted, payment is already processed and no validation is performed.
So if you add Captcha to the "review" step, `captcha_validate` callback won't be executed at all.
Stripe suggests adding captcha before user reaches the payment form, however the "review" step of the checkout process can be reached directly via "/checkout/.../review", which renders captcha on "order_information" step useless.
Is there a solution to this problem or other way to prevent carding attacks?
Comments
Comment #2
anybodyCaptcha type / solution / provider used should not be specific. I changed the title accordingly.