While having a website enabled to accept card payments for your goods and/or services may increase your sales, there's an important need to ensure your website will not permit the submission of transactions other than valid sales from your bona fide customers. Unfortunately, invalid transactions can result in unexpected and unwanted costs. Let’s discuss card testing fraud, a growing type of fraud that is silently threatening the payments space, and how to effectively combat it.
First, let’s define what card testing fraud is. When a fraudster obtains stolen credit card numbers, they need to determine if the cards are valid before making any significant purchases. To do this, they will attempt to make a small online purchase to determine if the card is approved and therefore eligible for use in fraudulent purchase transactions elsewhere. Additionally, they will be on the lookout for whether or not the Address Verification Service (AVS) and Card Verification Value (CVV) responses match. Typically, they will utilize bots or scripts that can run thousands of test transactions at a time. The successful cards are then used to make large, fraudulent purchases at various online retailers.
In addition to the consumers who have had their financial information compromised, any merchant that accepts credit cards online is at risk for card testing fraud. Card testers look for websites with the least amount of friction and user verification requirements for making an online purchase. Non-profit organizations and charities are especially vulnerable to this type of fraud since their websites are specifically designed to make it as easy as possible to make a purchase or give a donation.
When a merchant experiences card testing on their website, there are several potential costs. Whether a sale is approved or declined, online transaction fees are still charged to the merchant. Completed sales that are not voided or refunded are subject to chargebacks and any associated fees. In addition to these fees, merchants will lose time and effort when dealing with the damage inflicted upon their brand and reputation as a result of the fraud attempt.
When it comes to detecting this type of fraud, be on the lookout for multiple small-dollar transactions from different card numbers submitted within a short period of time. A majority of these transactions will either decline and/or have mismatched AVS and CVV responses. To reduce the likelihood of card testing, you can implement several measures that will improve your website’s security. There will always be a balancing act between tighter security measures and ensuring your customers have an easy checkout experience, but most consumers are already familiar with many of these security measures:
- Add a Captcha to your website: This makes it more difficult for bots and scripts to be used when testing cards. If you’re interested in getting this added to your website, make sure to contact us for assistance.
- Set AVS and CVV restrictions: These restrictions prevent sales from being accepted if there is a mismatched address, zip code, or CVV response. Most of the time, card testers will not have a valid address or CVV when testing illegally obtained credit card information. This will make their testing unsuccessful and often cause them to move onto less secure websites to perform their testing. To ensure the ultimate safety of your customers, we will set up your payment gateway to automatically perform this type of AVS and CVV filtering.
- Block fraudulent sales with IP restrictions: Another step you can take is to implement IP restrictions that will decline sales coming from outside of the United States, which is where most card testing happens. You can also set threshold limits on the number of sales that can be submitted from the same IP address. Most payment gateways and shopping carts already have these tools available.
- Fraud alerts: As an extra precaution, you can add an additional fraud monitoring product or software to your website to enforce transaction thresholds and alert you if potential card testing occurs.
If you’re interested in learning more about card testing fraud and how to prevent it in your online shop, please contact us today! Ensuring the security of you and your customers is our top priority.