E-commerce Merchant Account Fraud and How to Protect Your Website


October 30, 2020

With Covid-19 on the rise so is e-commerce fraud. Merchants need to be aware of BIN and Credit Card testing that could take place on their e-commerce  website and should protect their payment gateway from this costly fraud.

E-commerce fraud is costly and credit card testing along with BIN attacks can leave merchants having to pay the transactions fees incurred if their e-commerce website is hit with credit card testing. Card testing is common, but both of them are not always an easy form of fraud to spot because it usually takes place in the middle of the night with automated bots when most e-commerce website owners are sleeping and may not be actively monitoring their website activities.

Below is a list of items that should be deployed either by your merchant processor or by the website owner.

  1. Ensure AVS and CVV are enabled by your merchant processor and matches for each transaction
  2. Integrating an IP blocking and IP banning tool on website to block potential fraudulent orders
  3. Keep your payment gateway’s API key info in a safe place and never share with anyone.
  4. Requiring login or session validation when performing certain actions, such as creating an account or making a purchase and limit the number of new customers that can be created by a single IP in one day.
  5. Monitor for any suspicious transactions or activity from similar IP addresses
  6. Enabling 3D Secure- though not widely deployed in the US this is going to be mandatory in Europe next year.
  7. Enable Captcha on your website
  8. Utilize fraud prevention plugin’s or third party apps that prevents or limits gateway fraud offered by your e-commerce platform.

For example Woo Commerce has the following plugin Woo Manage Fraud Orders  and NMI a high risk payment gateway offers iSpyFraud.