On Sep 28, 2008, at 11:17 PM, Bruno Busco wrote:
2) Since we have no captcha function I am worried about robots that
could
generate thousands of false accounts filling up the database. Having
neither
captcha and e-mail verification could expose the ecommerce too much,
don't
you think so?
What is the worst case scenario for these? Extra registrations?
There are many forms of denial-of-service attacks, I must admit I've
never heard of one that specifically targets automated account
creation on ecommerce sites. Usually automated account creation is
used for sites where public postings can be made, like free email and
public forums and such.
Whatever the case, it's really not my decision unless I'm running an
ecommerce company myself. That's something I'd generally leave up to a
client to decide on. If someone did ask my opinion, I'd say the
inconvenience to a customer (and corresponding abandoned carts) may
not be worth it. Of course, it should also be considered that adding
captcha and/or email verification may not have any effect on customer
conversion rates and what what. If a company really wanted to know
either way the best approach would be to do random testing of using
and not using each across a large customer base.
-David
