The fraud landscape is a moving target, and this means that merchants must be ever vigilant against fraud threats. A great deal of merchant focus is on stopping friendly fraud, and while this is a key area of fraud traffic, other fraud methods should not be overlooked.
Card testing fraud is one such fraud method that is easily overlooked. Because of the nature of card testing fraud, it often goes undetected by merchant fraud detection solutions and is only detected when it’s too late. Card testing fraud is just as costly and damaging to merchants as friendly fraud and chargeback fraud.
Card Testing Fraud Tactics
Card testing happens when fraudsters test stolen credit card details by making small online purchases. The fraudsters need to check the validity of the credit card details, and once they confirm the credit card is valid they proceed with making larger fraudulent purchases. The small purchase testing tactic allows fraudsters to go mostly unnoticed by fraud detection solutions and by the innocent cardholder.
Typically, fraudsters use bots and scripts to test the credit card information, then target merchant sites that provide automated responses that provide decline details. With this information, fraudsters are able to adjust the credit card details in hopes of success. For example, when a merchant website indicates that the expiration date is incorrect, a savvy fraudster can use the Dark Web and other tactics to determine the correct expiration date.
The end goal for the fraudster is to find a valid credit card and then to make large purchases from the merchant site they already tested. Or just sell these validated credit card info on dark web market.
There is no need for merchants to feel helpless in the face of this technically savvy fraud. Knowing the signs of card testing fraud allows merchants to make changes to payment solutions and fraud detection strategies.
- Small transactions. Have a solution that sends alerts for repeated small transactions from the same credit card number or IP address.
- Many purchases in a short duration. The bots and scripts used by fraudsters are programmed to make as many purchases as possible, as quickly possible. These purchases can be from the same credit card or with multiple cards.
- A high rate of authorization failures. This can indicate that a fraudster is testing credit card details, looking for valid information.
- Card Verification Value (CVV) errors. Often, the fraudster does not have the correct CVV information. Fraud detection solutions should be ready to detect orders that are missing this crucial confirmation number.
While card testing does use technically advanced software and tactics, it is possible for merchants to detect and prevent card testing. Working with experts in payment solutions and fraud detection gives merchants the upper-hand in the fight against fraud.
New Trend using bank IVR
Fraudsters are nowadays using the merchant’s MID ( merchant ID) through bank’s down-time processing IVR line to obtain an authentication code and then pre-authorise a card transactions in the event of bank outages.
Fraudsters are using bots and auto scripts to play with IVR line to brute force ‘guessing’ authentication code and then pre-authorising small value transactions on compromised cards.
It is similar to eCommerce online website processing and testing stolen cards. However, in this offline preauthorisation fraudsters are easy to be anonymous and very hard to be detected by online event and transaction monitoring.
Fraud Detection and Prevention
Detecting and preventing fraud must be a critical component of any merchant’s business strategy. Being aware of and ready to detect and prevent friendly fraud, chargeback fraud, card testing fraud, and other fraud methods, is key to business and customer satisfaction.
There are two principal victims of card testing fraud: the merchant and the innocent cardholder.
The merchant loses with chargeback fees/penalties, stolen merchandise that is never recovered, lost revenue from the fraudulent sale, and brand loyalty damage.
The innocent cardholder loses out with damage to their online history, time and energy spent on recovering from the fraud, the additional danger to personal security, and in trusting the innocent merchant.
Merchants can detect and prevent card testing fraud by ensuring their e-commerce solution is using the best-in-class of multi-layered fraud detection technology. This includes enforcing CVV checks and taking advantage of key fraud tools, such as geolocation, biometric analysis, merchant co-op, and 3D Secure protocols.
In addition, it’s important for merchants to have a secure e-commerce website and mobile apps that are in tune with card testing fraud methods. Merchants should update their e-commerce and m-commerce tools to adjust for the response messages that fraudsters rely on for card detail verification.