Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Protecting Against Card Testing

            Modified on Sun, 1 Sep at 1:58 PM

            What is Card Testing?

            Card Testing refers to the practice of individuals using your website to try out multiple card numbers to determine which ones are valid for making other purchases. These card numbers are often stolen or bought on the black market to identify usable ones for fraudulent transactions. This practice may also be known as card checking, account testing, or carding.


            Unfortunately, card testing and other types of fraud are unavoidable and come with having an online presence. However, preventing card testing is crucial as it has a direct financial impact. If possible, efforts to stop this activity benefit all parties involved in the payment process—the merchant, Allied Payments, the card networks, and the card brands.


            Card testing is highly prevalent for three main reasons:

            1. It is among the most impactful forms of fraud.

            2. Fraudsters often target small and medium-sized businesses lacking internal fraud prevention teams.

            3. Detection often occurs too late to prevent significant damage.


            Below, we’ll delve deeper into what card testing entails and discuss methods to protect against it.


            How does card testing work?

            Fraudsters aim to remain unnoticed while conducting as many test transactions as possible before they are detected and must move on to a different site. They typically employ one of two strategies:

            • Authorization only: In this method, a card is authorized, but funds are not captured. The transaction does not appear on the customer's credit card statement but does show as a pending charge in their online portal. So, a customer's call about an unexpected authorization may be your first warning sign.

            • Small value transactions: Card testers often prefer small payments that are less likely to attract attention. These small transactions are less prone to being noticed by customers or reported as fraudulent. Donation pages or businesses with low average transaction amounts are common targets. A sudden spike in small-value donations or orders is usually a red flag.


            The consequences of card testing

            The most obvious consequence is the monetary cost, as every authorization, successful or not, incurs a fee for the merchant.


            Additionally, disputes and chargebacks can drain both time and money. Customers who notice fraudulent charges are likelier to report them to their bank than ask you for a refund.


            High decline rates also pose a problem. Merchants are evaluated on various metrics, including decline rates. A high decline rate can negatively impact your reputation with banks and processing networks, making even legitimate transactions riskier and more likely to be declined in the future.


            Moreover, your website may not be designed to handle thousands of transactions in a short period, leading to server overload, loss of legitimate transactions, and potential downtime.


            Some ways to prevent Card Testing

            Utilize fraud filters built into most payment gateways to combat card testing or slow it down for early detection and intervention:

            • Velocity Filter: This filter automatically limits the number of sales that can be processed through your website per day or hour, preventing fraudsters from testing thousands of cards rapidly.

            • Set a minimum transaction size: Ensure your minimum transaction size is set to an appropriate amount. Fraudsters often test with small amounts to preserve their funds while validating card numbers.

            • AVS/CVV checking: Decline or "hold for review" transactions that do not have a matching billing address. Always asking for a billing address reduces the chances that fraudsters will test cards without complete information.

            • IP Blocking: Control where sessions on your website originate. If your business only serves domestic customers, limit your e-commerce platform to IP addresses recognized as domestic.


            Please get in touch with your web team or e-commerce vendor for additional ideas and insights.


            Take all necessary steps to avoid falling victim to card testing:

            1. Configure your gateway fraud filters to block as much unwanted activity as possible.

            2. Check your merchant portal daily for suspicious orders or declines.

            3. Set up notifications on your website for any unusual activity.

            Although you cannot completely stop fraudsters from attempting to misuse your website, you can take significant measures to prevent their success.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0