Authorize.Net: Form was attacked

Just putting this out there because I am in disbelief that this can happen.. One of our jotform with an authorize.net payment gateway was attacked last month.

I received a flurry of several (10) notifications of transactions.. We contacted our merchant service and told them we were being attacked and shutdown the forms.  We received about 37 settlement reports from Authorize.net...  The fraudulent charges that went through were reversed..  Then we get a bill for 40,000 declined transactions !! 

Has anyone else had this kind of issue with Authorize.net ?  I checked our security settings on their site and it all seemed to be in order but they are telling us the charges are our responsibility.. 

Can you please provide us with the name of the form in question. And we will look into the issue.

If you would like to prevent this from occurring again may I suggest:

1) Use a captcha field:

How-to-Add-a-Captcha-Field 

Specifically the re-captcha is your best option. 

2) Also if you would like to further restrict submissions you can use the email validator widget.

It will require the user to obtain a code in order to submit your form:

https://widgets.jotform.com/widget/e-mail_validator

It appears the form used was :

What I really don't understand is how any of these went through at all when they obviously didn't use a valid address or name (it was gibberish).  My Authorize.net security settings were set to reject based on those fields.

Thank you for the info. I have escalated this issue to Level 2 support. As it is possible other users could be affected. And we need to look into this.

We will notify you of any progress relating to this issue via this thread.