diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index 6c21edc0da..8f06586a68 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -4986,6 +4986,7 @@ phutil_register_library_map(array(
     'PhortuneAccountViewController' => 'applications/phortune/controller/account/PhortuneAccountViewController.php',
     'PhortuneAdHocCart' => 'applications/phortune/cart/PhortuneAdHocCart.php',
     'PhortuneAdHocProduct' => 'applications/phortune/product/PhortuneAdHocProduct.php',
+    'PhortuneAddPaymentMethodAction' => 'applications/phortune/action/PhortuneAddPaymentMethodAction.php',
     'PhortuneCart' => 'applications/phortune/storage/PhortuneCart.php',
     'PhortuneCartAcceptController' => 'applications/phortune/controller/cart/PhortuneCartAcceptController.php',
     'PhortuneCartCancelController' => 'applications/phortune/controller/cart/PhortuneCartCancelController.php',
@@ -11227,6 +11228,7 @@ phutil_register_library_map(array(
     'PhortuneAccountViewController' => 'PhortuneAccountProfileController',
     'PhortuneAdHocCart' => 'PhortuneCartImplementation',
     'PhortuneAdHocProduct' => 'PhortuneProductImplementation',
+    'PhortuneAddPaymentMethodAction' => 'PhabricatorSystemAction',
     'PhortuneCart' => array(
       'PhortuneDAO',
       'PhabricatorApplicationTransactionInterface',
diff --git a/src/applications/phortune/action/PhortuneAddPaymentMethodAction.php b/src/applications/phortune/action/PhortuneAddPaymentMethodAction.php
new file mode 100644
index 0000000000..09a8cd2f5d
--- /dev/null
+++ b/src/applications/phortune/action/PhortuneAddPaymentMethodAction.php
@@ -0,0 +1,22 @@
+<?php
+
+final class PhortuneAddPaymentMethodAction
+  extends PhabricatorSystemAction {
+
+  const TYPECONST = 'phortune.payment-method.add';
+
+  public function getActionConstant() {
+    return self::TYPECONST;
+  }
+
+  public function getScoreThreshold() {
+    return 60 / phutil_units('1 hour in seconds');
+  }
+
+  public function getLimitExplanation() {
+    return pht(
+      'You are making too many attempts to add payment methods in a short '.
+      'period of time.');
+  }
+
+}
diff --git a/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php b/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php
index 521508e0e8..847fbf5716 100644
--- a/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php
+++ b/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php
@@ -82,6 +82,15 @@ final class PhortunePaymentMethodCreateController
         ->setProviderPHID($provider->getProviderConfig()->getPHID())
         ->setStatus(PhortunePaymentMethod::STATUS_ACTIVE);
 
+      // Limit the rate at which you can attempt to add payment methods. This
+      // is intended as a line of defense against using Phortune to validate a
+      // large list of stolen credit card numbers.
+
+      PhabricatorSystemActionEngine::willTakeAction(
+        array($viewer->getPHID()),
+        new PhortuneAddPaymentMethodAction(),
+        1);
+
       if (!$errors) {
         $errors = $this->processClientErrors(
           $provider,