Fraud in the payments landscape is a moving target, and this means that merchants must be ever vigilant against increasing fraud threats. A great deal of focus is placed on stopping first-party or ‘friendly’ fraud, but preventing other methods to defraud merchants should not be neglected.
Card testing fraud is one such method that is easily overlooked. Because of the nature of card testing fraud, it often goes undetected by established fraud detection solutions. Card testing fraud is just as costly and damaging to merchants as friendly fraud and chargeback fraud.
A recent study conducted by Radial in the first quarter of 2017 reports, that of the merchants surveyed, card testing fraud was up 200% in the first four months of the year, compared to the same time period in 2016.
Card Testing Fraud Tactics
Card testing happens when fraudsters test stolen credit card details by making small online purchases. The fraudsters first check the validity of the credit card details, and once they confirm the card is valid they proceed with making larger fraudulent purchases. The small purchase testing tactic allows fraudsters to go mostly unnoticed by merchants’ detection solutions and by the innocent cardholder.
Typically, fraudsters use bots and scripts to test the credit card information, then target merchant sites that provide automated responses that provide decline details. With this information, fraudsters are able to adjust the credit card details in hopes of success. For example, when a merchant website indicates that the expiration date is incorrect, a savvy fraudster can use the Dark Web and other tactics to determine the correct expiration date.
The end goal for the fraudster is to find a valid credit card and make large purchases from the merchant site already tested. This fraudster now appears as a recognised customer, so there’s a good chance their order won’t be flagged.
Knowing the signs of card testing fraud allows merchants to make adjustments and improvements to payment solutions and fraud detection strategies.
- Small transactions. Have a solution that sends alerts for repeated small transactions from the same credit card number or IP address.
- Many purchases in a short duration. Bots and scripts used by fraudsters are programmed to make as many purchases as possible, as quickly possible. These purchases can be from the same credit card or with multiple cards.
- A high rate of authorisation failures. This can indicate that a fraudster is testing credit card details, looking for valid information.
- Address Verification Service (AVS) alerts. A large number of AVS messages can indicate card testing and invalid credit card use.
- Card Verification Value (CVV) errors. Often, the fraudster does not have the correct CVV information. Fraud detection solutions should be able to detect orders that are missing this crucial confirmation number.
While card testing involves the use of technically advanced software and tactics, it is possible for merchants to detect and prevent card testing.
Fraud Detection and Prevention
Being aware of and ready to detect and prevent friendly fraud, chargeback fraud, card testing fraud, and other fraud methods is key to business and customer satisfaction. There are two principal victims of card testing fraud: the merchant and the innocent cardholder.
The merchant loses with chargeback fees and penalties, stolen merchandise that is never recovered, lost revenue from the fraudulent sale, and brand loyalty damage.
The innocent cardholder experiences damage to their online transaction history, time and effort spent on recovering from the fraud, the additional danger to personal security, and loss of trust in the compromised merchant.
Merchants can detect and prevent card testing fraud by ensuring their e-commerce solution is using the best-in-class of multi-layered fraud detection technology. This includes enforcing AVS and CVV checks and taking advantage of key fraud tools, such as geolocation, biometric analysis, merchant co-op, and 3D Secure protocols.
Stay on top of updates for e-commerce and m-commerce tools to adjust for the response messages that fraudsters rely on for card detail verification. Contact us to learn how to adjust credit card authorisation response messages to circumvent card testing fraud.