Is this an adequate outline for a basic filter to prevent testing of stolen credit card numbers on my credit card charge script?

I have a web store with Stripe integration that has been used by one or more individuals to test stolen credit card numbers. Their method of testing the cards is to direct a large number of charge attempts at my credit card charge script both in a short period of time and over many days.

I can do some PHP scripting but am not a full-time or formally-trained developer and so want to stop the fraudulent use of my Stripe account in a manner that keeps things as technically simple as possible for me.

My plan is to develop an IP-based filter for my credit card charge script. Below is my general concept for the filter.

  1. Create a MYSQL database with fields for IP, date of this IP’s last charge attempt, number of charges by this IP today, all-time total number of charges by this IP and blocked user.

  2. When someone makes a charge attempt, before sending it to Stripe, check whether their IP is already in our database of IPs that have made a charge attempt in the past.

    A. If the IP is not in our database, add it to the database and allow the charge attempt to be sent to Stripe.

    B. If the IP is in our database, check to see if the blocked user field is set to “yes”. If so, do not allow the charge attempt and present an error message to the user.

    C. Check to see if the date of this IP’s last charge attempt is today.

    i. If the IP’s date of last charge attempt is not today, store today’s date in the date of this IP’s last charge attempt database field, set the number of charges today to 1, and allow the charge attempt to be sent to Stripe.

    ii. If the date of last charge attempt by this IP is today, increment the number of charges by this IP today database field. If the number of charges hits a predetermined limit, do not allow the charge attempt and present an error message to the user. If the number of charges by this IP today is below the predetermined limit, do not block the charge attempt.

    iii. increment the all-time total number of charges by this IP field. If the number of charges hits a predetermined limit, do not allow the charge, present an error message to the user, and set the blocked user field to “yes” for this IP. If the all-time total number of charges by this IP is below the predetermined limit, allow the charge attempt.

The above filter concept assumes individuals testing stolen credit card numbers will not be able to frequently change their IP to circumvent this primitive rate limiter. Is this a safe assumption? Are there any other potential problems with the above approach or better ways to do this?