Fraudsters can get long lists of stolen credit card numbers, expiration dates and even ZIP codes and CVVs. However, this data is useless to the fraudster until they can verify which ones are still valid and active.
To accomplish this, the fraudster finds a simple webpage where they can run small test transactions (usually automating thousands of transactions in a very short time). This process is known as “card testing”. 99% of these transactions will decline – however, the 1% that do go through are now this hackers’ golden pass to his new Yacht or Rolex watch!
So how does this affect me – I don’t sell Yachts or Rolex watches?!Your website can be a victim of such card testing! This can be very expensive – paying transaction fees on 20,000 declined transactions! Moreover, if even one transaction gets approved you will have to deal with chargeback nightmares. If you think this is something that rarely happens – you are sadly and badly mistaken. Card testing fraud is up 200% this year…
So how can I protect my website from card testing?
The first line of defense is implementing simple solutions like Cloudflare and Google’s reCaptcha to prevent automation tools from processing transactions in the first place.
For out-of-the-box websites like WooCommerce, BigCommerce, Gravity Forms or Give, make sure you have the latest versions of the reCaptcha plugins installed. Even ecommerce sites that require ‘User Logins’ must have protection in place – as fraudsters can simply create an account and begin the fast-paced feeding-frenzy of card testing.
For custom software and websites, ensure that you are using a developer who is familiar with spam protection. Feel free to have you developer reach out to our team for assistance.
The second line of defense is your gateway fraud module. Every gateway has fraud prevention modules that are designed to prevent velocity card testing. Be sure to set proper rules in place. As always, reach out to our knowledgeable representatives for assistance.
Lastly, stay alert! If you are getting a barrage of transaction emails, don’t ignore them – reach out to us immediately. Unfortunately, once you are a victim of card testing, you are more likely to have another attempt in the future, as your website will get passed around as an easy target.
Stay safe! Moishe