The CCSS doesn't currently mention spam transactions at all, but depending how you deal with them there is certainly a DoS component to consider. I'm working on a project right now that could be susceptible to such an attack and I'm looking for some guidance on how best to deal with them.
My concern is that if I simply ignore transactions under a certain amount it may lead to added support requests (i.e. agitated customers), or even audit anomalies (i.e. agitated revenue agencies). If I deal with them by logging, or if I just process it like any other transaction, then my database fills up with data that isn't profitable and potentially slows down the system for everyone else.
This issue is just on the cusp of security, so an answer of out of scope is acceptable, but I would love to hear other opinions/suggestions on it.
The CCSS doesn't currently mention spam transactions at all, but depending how you deal with them there is certainly a DoS component to consider. I'm working on a project right now that could be susceptible to such an attack and I'm looking for some guidance on how best to deal with them.
My concern is that if I simply ignore transactions under a certain amount it may lead to added support requests (i.e. agitated customers), or even audit anomalies (i.e. agitated revenue agencies). If I deal with them by logging, or if I just process it like any other transaction, then my database fills up with data that isn't profitable and potentially slows down the system for everyone else.
This issue is just on the cusp of security, so an answer of out of scope is acceptable, but I would love to hear other opinions/suggestions on it.