In the following sections, you'll find some of the security settings available in Checkout that can be enabled by the Update orderForm configuration endpoint.

Setting the requiresLoginToPlaceOrder field to true allows purchases to be made only by customers who have gone through the authentication process. The customer must be logged in using the same email address provided when products were added to the cart.

When you choose to enable this field, SmartCheckout will be disabled for all your customers.

By setting a numeric value for the minimumPurchaseDowntimeSeconds field, you can determine the minimum time in seconds a buyer must wait before placing another order. This setting prevents customers from creating multiple orders in a short time.

We recommend setting this field to 90 seconds and using this setting in combination with Require login when placing an order.

Setting a numeric value in the cartAgeToUseNewCardSeconds field specifies how many seconds a new cart needs to exist before a new credit card can be used.

This setting reduces the risk of creating multiple carts and adding new credit cards. Activating this field does not affect orders placed with cards previously saved in the customer account.

We recommend setting this field to 30 seconds.

When the requiresLoginToUseNewCard field is set to true, the system requires the customer to be logged into the store in order to add a new credit card as a payment method. This setting enhances transaction security and helps prevent unauthorized use of credit cards.