Fraudsters will often run many credit cards through system to identify which cards are valid. Blesta should rate limit credit card transactions by clients (not staff) after x failed attempts (Declined and possibly Error) per x hours (or 1 hour).

This will require 1 or 2 company settings:

• Rate limit credit card attempts after (text input) attempts
• Per (text input) hours (or we just make this 1 hour internally)

If a client is rate limited, display an error: "There have been too many failed transactions for this account, please contact support." (Or something like that)

To make the best of this, it's good to automatically lock an account and notify staff, either as part of this (Maybe these 3 should be assigned to an Epic) or as a phase 2. For that, there should be 2 new tasks that:

1. Create a new client status of Suspended (Or perhaps there is a better name) This status will lock the account, clear any sessions much like Inactive does, except that in the future clients will be able to re-activate Inactive statuses. When the client reaches the rate limit for failed cc transactions, the account would be set to this status automatically by the system, effectively locking them out and preventing anymore attempts.

2. Staff can be notified when the system (and not another staff member) sets a client to the status of Suspended (or other name per #1 above). Staff could subscribe to these notices under My Info > Notices > Email Subscription Notices, and the notice would be part of the Staff Group ACL. Staff can then manually review the account in question and take action.