I'm actually in the same space selling "hoverboards" and have been massively hit with fraudulent transactions. Luckily we realised fairly quickly and enforced draconian fraud checks, we're missing out on potential sales but the Buzzfeed is article is the alternative.
I'm not sure which processor Candy Japan uses, but you can usually request to implement advanced fraud rules and strict settings that require Zip/postal code to match exactly.
I'm not sure how strict you should go, we have gone to the absolute maximum - and have to deal with customer service issues / abandoned checkouts daily. But even requiring the ZIP code to be correct made a big difference.
We're also using shopify which has helped quite a bit with their built in fraud analysis (Not 100% but I think it's either signifyd or kount providing the data).
Alternatively, you could use Paypal Pro to negate the account requirement?
I'm considering a bit going to some platform like Shopify, because I'm writing way more Python doing my own platform anyway. Integrating some solution would be just a few clicks if I were on some platform that they already support, instead of another API integration.
The company I work at uses Shopify with Sift and it seems to work well. You can have different levels of automation as far as autocharging high-legitimacy transactions, flagging suspicious customers, etc.
