But wouldn't this 'attack' be really trivial to detect on the credit card processor's side? There isn't a legitimate use case that would explain multiple attempts at the same time?
"I got everybody to pay up front...then I blew up their planet." "Now why didn't I think of that?" -- Post Bros. Comics