My Zen Cart installation has been used twice (so far) as a platform to attempt authorizations of several hundred credit card numbers in a short period of time.

It appears that the miscreant creates a user profile in my store then runs some sort of automated script to attempt a charge on several hundred credit cards.

I have the Authorize.net daily velocity trigger turned on which prevents such floods. You can imagine that it, also, prevents legitimate transactions going through once the limit has been triggered.

Let's start with the basic questions:

Is this a known issue?

Have I missed a configuration or security patch somewhere that allows for this to happen in my store?

Is this something new?

What logs or reports do you need from me to diagnose?

Help?

Thank you!
~ Steve