Recent times have seen the rise of a new form of e-commerce fraud, card testing. While early forms of credit card theft involved manually sifting through hundreds of stolen accounts, criminals now have a more reliable way of making use of their ill-gotten cards.
Credit card testing involves loading account data into automated programs to submit small-dollar orders on multiple e-commerce websites simultaneously.
These programs can rapidly test which accounts are still active and use them to make as many purchases as possible before the’ credit card provider ultimately closes them. The result is heavy losses to the merchant due to numerous chargebacks and false-positives.
Combating test transactions is a tricky endeavor, but the situation isn’t entirely hopeless. Below are a few effective tips to minimizing the risk of card-testing fraud.
- Knowing what to look for
Fraud rings are investing in complex software resources that can be used to test large batches of accounts quickly. Consequently, card testing happens at lightning speeds and often goes undetected.
Nevertheless, although you can never be entirely safe from internet bots and scripts, you can minimize the impending losses by paying attention to some common red flags.
- Small value transactions – Card testers usually order small-value items that are likely to raise little suspicion. Cheap recurring transactions can be an indication of an ongoing testing operation.
- Multiple transactions – Fraudsters use bots to run many cards through a website in a short period.
- Failed authorization attempts – The trial-and-error nature of card testing typically results in multiple transaction failures.
- Multiple credit card brands – Rapid switching of credit card brands may point to card testing.
- Implementing AVS and CVV checks
Enforcing Address Verification Service and Card Verification Value checks are effective ways of minimizing the risk of credit card testing. A mismatch of the address provided by the customer to the billing address can indicate fraudulent activity in which the client is using a stolen card. Similarly, validating the security code on the back of the card (CVV) before authorizing a transaction can verify that the customer is in possession of the actual card.
- Two-factor authentication
Adding an extra layer of security to a customer’s log-in process can go a long way in preventing card testing. On top of a username and password, you can include measures like entering a security code sent to the customer’s phone or email. Additionally, you can make use of Google’s reCAPTCHA software, which differentiates human users from bots with simple, low friction tests.A payment page should always use more than one method of user identification.
Credit testers pose a real threat to online trading but with the right measures, a merchant can effectively manage the risk. Moreover, the new crop of payment service providers offers subscribed merchants proper fraud protection tools to better deal with credit card testing. eMerchantBroker, for example, offers a comprehensive package with features like AVS and CVV, chargeback detection and other useful services.Are you an online merchant? Follow the tips above, and shield your business from credit card testers.