Our website hasn't been under attack in about 5 years. The main reason we switched to Shopify was because our website kept getting attacked by Russian hackers, and I had a lot of sleepless nights fighting the hackers away. Shopify took control of the security of the website, and that was one less thing I had to worry about so that I could get back to coffee.
So that's been working out well, and technically, our website isn't getting hacked; but there's a scammer who buys thousands of stolen credit card numbers on the black market, and then uses our website to buy a $1.50 bag of tea with each card to test which ones are valid and which ones don't work. And then I'm sure the ones that work are either resold, or used to buy something really expensive. The scammer has some kind of program bot that automatically creates a customer, places the order, uses a unique card number, puts in a fake address and fake email address. And either it goes through or doesn't. The whole thing takes about 4 seconds, and we are getting hit with several fraudulent attempts per minute. We cancel the successful orders, take a hit on the credit card fee. It messes up our sales reports, messes up our customer database; but the worst part is that it feels like we are enabling a truly unethical person to successfully steal by using our website to test his stolen credit card numbers.
Shiopify won't help us block the scammer, so we had to make three annoying changes to the website today - and hopefully they aren't permanent - but for now, if you are trying to access the website from anywhere other the USA, it will block you. If you are trying to access the website using a VPN, it will block you. And if you are trying to checkout as a guest, it will stop you until you make an account with a verified email address.
I'm sorry for the annoyances. This is not our style, and as soon as the scammer goes away, we will undo the security blocks. If you're in another country and aren't a thief, we should be able to whitelist you and get your access back if you let us know.