A growing type of ecommerce fraud that doesn’t get a lot of attention is silently taking over the payments space – it’s called card testing. This article will provide more information on card testing and how it could impact your business and how to help prevent it.
What is Card Testing?
Card Testing occurs when a fraudster uses a merchant’s website to “test” stolen credit card information to determine if the card is valid. Fraudsters can purchase lists of credit card numbers online on the “Dark Web” at a low cost but often do not know if the cards they are purchasing are active. To test these cards, fraudsters often use automated bots and scripts to run many of these numbers through a merchant’s checkout page. If a transaction is approved, the fraudster knows that the card is valid and can make fraudulent high value purchases elsewhere.
How to Identify Card Testing
While it is sometimes difficult to identify card testing, there are a few common red flags to look out for:
Any combination of the above activities can signal that a merchant is being targeted by card testing fraud.
Why Card Testing Fraud is Costly
Card testing fraud can be extremely costly due to financial charges and loss of goods. As chargeback disputes typically take 6 weeks to materialize, ecommerce merchants end up paying a high price for fraud. The following costs may apply if your business has been hit by card testing:
How to Detect and Reduce Card Testing Fraud
Implementing CVV checks and AVS are effective ways of minimizing the risk of card testing. A mismatch of either of these fraud tools may indicate a fraudulent transaction. Ensuring that CVV and AVS are activated can go a long way in preventing card testing on a website.
Google reCAPTCHA offers an additional layer of protection by offering automated software which can differentiate the human user from a bot. The solution is low friction and requires the user to click a checkbox to continue.
Two factor authentication adds an extra layer of security on top of the use of a username and password. Card testers often target checkout pages that have the least amount of friction. It is recommended that the payment page use more than one method of identifying the user.
Fraudsters will typically move on to a new website if they encounter any friction on the checkout page. When it comes to protecting your business against fraud, a layered approach is most effective in catching the highest amount of fraud.
What Moneris Merchants can do to avoid Card Testing
Any merchant interested in fraud protection features at Moneris should contact the Moneris Sales Department at 1-844-204-8626 to request the Fraud Tools package. Once added to the merchant’s profile several fraud protection features become available for integration into the payment website:
Details regarding using these fraud solutions can be found on the Moneris Developer Portal at https://developer.moneris.com. It is highly recommended that you implement AVS and CVV validation checks into your website to combat card testing fraud as a baseline protection. Please note that when a financial transaction is processed that includes AVS or CVV data, the response will not affect the authorization of the transaction. The best validation solutions require decision logic that should manage the transaction based on the returned result. For example, should a “NO MATCH” response be received, this means the data the customer provided did not match the data on the card. Therefore the merchant may choose to deny the transaction and request another form of payment. Ultimately these decisions are up to the merchant, their business processes, and their risk appetite.
For more information on AVS and CVV response codes please visit our Developer Portal at the attached links below:
AVS Response Codes
CVV Response Codes
For assistance implementing any of our Fraud Tool solutions please feel free to reach out to our Technical Support team at 1-866-319-7450. We are here to help 7 days a week 24 hours a day!
Patrick Brophy, CPPProduct Manager, Online PaymentsMoneris Solutions
As the Product Manager for Online Payments at Moneris, Patrick is responsible for ecommerce and omni-channel solutions, most notably the Moneris Gateway. With 13 years of experience in the payments industry and a focus in integrated and emerging customer solutions, Patrick carries a broad expertise on many subjects important to the online merchant experience.