You may have heard of, or been a victim of, the growing crime of card testing fraud. It is far more than a nuisance. It can cost your business fees, expenses, and your reputation. And, when bad actors finish attacking your business, they commit fraud on a higher level. Take steps now to minimize this growing cyber security threat to your business.
Bad actors “test” stolen credit cards, or just random numbers, by attempting to make purchases on e-commerce websites. They use bot tools and scripts to test quickly and in large numbers. In recent years, these tools have become available for purchase, increasing the amount of card testing fraud. If the card number is legitimate, they make small purchases. Then they sell the “validated” cards or the cardholder information on the dark web. The legitimate cardholders see charges on their statements and will investigate and demand reimbursement.
Is your website a victim?
To see if card testing is taking place on your website, look for multiple, small charge attempts from the same card number or similar numbers happening in the same period of time. You may see multiple charges from the same card number but with different expiration dates or zip codes.
What Does Card Testing Cost Your Business?
Card testing fraud costs businesses more than they may realize. The full cost includes at least:
- Transaction fees for illegitimate sales: Your business pays 1.5 to 4% per transaction fee to payment processors and an interchange fee that goes to the issuing bank, whether the transaction was legal or not.
- Purchase price refunds: In addition to refunding the price of the illegitimate purchase, you may incur return shipping charges and the expense of processing the package upon return.
- Chargeback fees: The bank that issued the card charges merchants a chargeback fee every time they receive a chargeback. Fees can run from $20 to as much as $100.
- Damaged Reputation: A high chargeback ratio can cause customers to view a business as unreliable, causing lost sales. Credit card networks may impose penalties if chargebacks continue to rise.
Ways to Prevent or Minimize Card Testing Fraud
Card testing fraud should be an important part of your website’s cyber security design and maintenance. Take these steps to lower your risk of card testing fraud:
- Require addresses and zip codes and check that they match the card number information.
- Add a Human vs. Computer tool to detect bot tools and scripts: Perhaps the most common one is Captcha, requiring human input to prove they are not a computer. These are effective tools, but bots are quickly outsmarting them. Alternative tools may prove more effective for your site without costing too much. WordPress offers free options. Your website designer will work with you to find your best option.
- Require CVV Numbers: They offer an additional level of security. Bad actors often have access to credit card numbers but not CVV numbers.
- Don’t allow multiple transactions from the same IP address: Bad actors may try several different credit card numbers from the same IP address, meaning they are testing cards. Limiting the number of attempts will lower your risk of fraud.
- Limit checkout attempts: Similar to trying multiple transactions from the same IP address, bad actors may try using the same card number with different addresses or zip codes.
- Block transactions geographically: If you believe card testing on your site originates from countries outside the US, don’t allow transactions from those countries.
- Review transactions for questionable behavior: Check regularly for signs of card testing. Spotting problems will alert you to change or update security measures.
- Alert employees: Train all employees who see credit card transactions to know the signs of card testing and how to respond.
Card testing fraud is especially important for small businesses. Bad actors target small to medium-sized businesses or non-profits who are less likely to use expensive security products to prevent the attacks.
Card Testing Fraud is just one cybersecurity risk your website faces. Read our blog on “Your Small Business is Vulnerable to Cyber Attacks” to learn more.
Wheaton Website Services understands the need to keep your website secure, competitive, and running flawlessly. Contact us to learn how we help small businesses design and maintain their websites.
Leave A Comment