They seem to pass the create account part manually.
They have tried 14000 CC's in one night and due to this activity the bank has suspended the payment system.
In order to open the system back they require extra security mesures, one of which is captcha control, either on the first fail or in all attempts.
(in checkout_process there is a CC SLAM PREVENTION, it beats me how they get passed that)

Quote Originally Posted by torvista View Post
If a bot's got past the create account captcha already, I'd assume it'll get past any others.
Doesn't seem much point using another one, just more annoyance for real customers.