E-commerce Websites & Card Testing By Fraudsters – Up By 200%

If your business has a website that takes credit cards, beware of a fraud that is increasing. Non-profit businesses are more at risk because the obstacles to prevent the fraud are normally not used. The fraudsters’ use e-commerce websites to test stolen credit card numbers to see which ones are still good. This type of fraud is up 200% in the first four months of 2017 compared to the same period last year according to a report from Radial’s E-commerce Fraud Technology Lab.

They can high-jack the use of the site for running test transactions. This is done by a very sophisticated manner using bots and scripts, repetitive tasks at lighting speed and attempting hundreds of card payments online in minutes. If this happens at your site, it will cost in transactions fees just for the tests. Any good payments funded can later result in charge backs. If you have too many charge backs that exceed a threshold, per the card brands, this may result in the shutdown of your merchant account.

To protect your business from being a victim of this type of fraud, review your security settings to make it harder for the “bots” to run scripts. Do this by turning on or add an extra requirement for verification. This feature will require the person, prior to entering credit card info, to enter a security code from a randomly generated image. Consider turning on an email notification so every time a credit card is used for a purchase on your site, you will receive an email. This will alert you to the attempted fraud so that if you are attacked, you will receive numerous emails very quickly. Depending on the software/services you may be using, there may be additional security features available.

In some gateways, you can also limit how many transaction will be allowed to go through in one day. It’s called ‘daily velocity’. If you use authorize.net, you might want to consider their Advanced Fraud Detection Suite by using Authorize.net 13 fraud-fighting filters and tools.
Last, if you find you are attacked, turn off your gateway so no new transactions can be attempted until you have made your site secure to stop the bot testing. If any fraudulent transaction were good, void or refund them depending on the status.

​If you have questions about this subject or other concerns related to Point of Sales Systems or credit card processing, contact us anytime via email [email protected] or call us at 727-916-7294