This plugin is really great. Previously bots were creating a ton of garbage accounts and this has completely stopped that.

Unfortunately I now have a bot testing out credit card numbers on my Zen Cart sites which is resulting in high credit card fees for all the authorization attempts. The bot is creating a Zen Cart account, I assume the human is doing that step to get through the reCAPTCHA, and then the bot is using that one account to complete the checkout process and try to charge a credit card. And doing this many many times.

Would it be possible to add a reCAPTCHA to some part of the checkout process so we can be sure it is a human checking out and not a bot? This functionality would likely be useful for other users as well who may be experiencing this type of problem, it seems to be becoming more common. For example adding a reCAPTCHA on the checkout_shipping or checkout_payment pages.

I tried to add a reCAPTCHA to checkout_shipping by editing these pages,

includes/classes/observers/auto.non_captcha_observer.php
includes/classes/observers/class.google_recaptcha.php
includes/modules/pages/checkout_shipping/header_php.php
includes/templates/MY_DEFAULT_TEMPLATE/templates/tpl_checkout_shipping_default.php

The reCAPTCHA is displayed on the shipping page but the user isn't being required to select it so I obviously am doing something wrong. All of the pages above seemed straightforward to edit except for checkout_shipping/header_php.php -- I'm unsure about the change I made there. I am running the current version of Zen Cart. Any help would be greatly appreciated.

-Scott