What is Credit Card Testing?
Card testing is a trick used by people who are attempting fraud with credit cards and credit card numbers. These people attempt to see if cards that are stolen or acquired from the dark web can be used by purchasing small items to see if the cards are still valid. If the cards are still valid and not reported as stolen, the fraudsters will purchase larger items. They will also sell these cards that are valid on the dark web for a bigger fortune.
Card testing is done by botnets to make sure that the fraudsters will be able to test many cards at once. These are all small amounts that are charged so that no one is wiser about the attempted fraud. If you want to find out some information about different credit cards, you can click here. Some of these cards may be used for card testing.
What are Botnets?
Botnets are computers that can run thousands of credit cards at a time to see if they are valid. These botnets can assist the fraudsters in determining which cards or card numbers they can use again and which ones they need to throw away. Botnets can help fraudsters to take advantage of the consumer and the business in a big way.
Who Can Be Affected by Card Testing?
Card testing usually affects business such as those companies that allow transactions without a physical credit card. This can include restaurants and gas stations that allow touch pay and other businesses that do the same.
Individuals can also be affected because it could be their credit cards and credit card numbers that are being used to try to purchase items from these places. This is just one more way that fraudsters can use your credit cards and numbers to try to take advantage of you and your bank account.
Card testing can affect businesses in more ways than one. Another way that these businesses can be affected is by the chargebacks that they will experience once the consumer finds out their cards have been used to purchase things that they did not authorize. If a business has too many chargebacks, they can not only lose money, but they can alsobe placed in expensive dispute monitoring programs, and this can cost them lots of money.
How Can a Business Protect Themselves from Card Testing?
There are ways that businesses can protect themselves from card testing and it takes more than one way to use these protections. You can learn more about card testing if you do just a little research. Make sure that as a business you are being vigilant in using these protections so that you can save your business the heartache of losing money or having to be a part of the dispute monitoring programs.
Perform Risk Reviews
You need to perform periodic risk reviews to determine if they are being card tested. You need to make sure that you have account verifications and basic velocity checks at specified time frames. When you do these periodic checks and reviews you will be able to stop these card testers before they get started.
Set Minimum Limits
If you, as a business, accept donations or custom payment amounts, make sure that you set a minimum limit for those donations. Card testing is done usually using amounts of less than five dollars, so make the minimum more than that. This way the fraudster will not be able to charge the low amounts to check the cards they are using. If you are setting minimum limits, you are protecting your business from the card testing.
Identify Any Anomalies Early On
If there is a sudden spike in your average daily transactions, check it out. It could be a card tester trying to take advantage of your business. Check for a sudden increase of credit card declinations, this could also be a signal that your business is being targeted. Make sure that you are checking out things like your email address, IP address, and your device fingerprint.
How Can You Detect Fraud?
You can detect red flags in your account when you check your account. Here are some of the red flags that you can check for:
- Are there unusually high abandonment rates for your shopping cart?
- Are there a lot of chargebacks?
- Do you have small shopping cart sales?
- Are there a high proportion of declined sales?
- Is there a disproportionate use of the payment step in your shopping cart?
- Have there been multiple payments from the same customer in a matter of seconds or minutes?
- Do you have too many transactions with the same bank identification number?
- Do you have many declined transactions from the same user, the same IP address, or the same session?
If you see any of these things, or more than one of these things, you may be targeted by card testers and you may want to make sure that you report the actions.
How Can You Protect Your Business?
If you are a small business, there are things that you can do to protect your business from card testing. Here are a few of the things that you can do.
- Check your historical operational trends. If you have an increase in customer support calls and an increase in chargebacks, you might be a target of card testers. You might also check for an increase in declined transactions.
- Install automatic blocking software. There is software that exists to help you to detect fraud and card testing. Install this software or have your engineers create your own fraud detection software. This can detect the card testing as soon as it begins, saving you and your customers money.
- Have a secure payment processor partner. You need to make sure that the payment processor partner has bot protection so that you are not a target to card testers. If you have bot protection, you cannot be targeted by the card testers because they cannot use their bots to make the transactions.
- Use devise fingerprinting. By doing this you can find the source of the customer using your system. Since card testing takes several attempts, fingerprinting can identify the source of the card testing.
- Know the purchasing patterns. Purchase habits and human behavior have specific patterns. These can include URLs that are accessed, the mouse movements that are made, and site engagement.
- Check your traffic. By watching your traffic, you can determine where the bots are coming from. If you see patterns in your traffic, you can stop the bots from affecting your site.
- Use address verification systems. Using the address verification system, you can match the billing address with the address on file with the credit card company. If you do this, you can stop the bots when their addresses do not match.
- Require the security codes from the card. Stores and business cannot save this information, so if you ask for this information you can tell if it is a real person. If they cannot provide the information, it may be fraudulent.
- Challenge your purchasers. Use a captcha and the “are you a robot” prompts to ensure that only humans are using your system. If they cannot answer these prompts, they could be bots.
This is just a little bit of information about card testing and what it can do to you as an individual or as a business owner. If you need more information, you can do a little research and find out more information.