How to get fraudulent ‘credit card testers’ to fail

October 30, 2020


How to get fraudulent ‘credit card testers’ to fail

By Donald Kasdon October 30, 2020, 12:01 a.m. EDT2 Min Read

It’s well known that the COVID-19 pandemic has led to an increase in fraudulent activity. Fraudsters are taking advantage of an increase in online shopping and finding new ways to steal financial data from both consumers and merchants. Credit card testing is specifically seeing massive spikes due to the pandemic.

Credit card testing is when attackers obtain stolen credit card data and test it on e-commerce websites by placing several small orders all at once. They can deploy a bot to automate the process and place thousands of orders within a very short timeframe. Credit card testing can be especially harmful for small e-commerce vendors because they are left to pay large transaction fees incurred.

For those looking to combat credit card testing, here are four tactics that merchants can employ:

Safeguard sensitive information. Hackers will always try to access proprietary and sensitive data when targeting a site, and they can do a lot of damage by accessing the gateway’s API key information. To combat this, vendors should set up protections for their gateway API and ensure APIs are refreshed and audited regularly. Another easy way to keep your site protected and secure is to maintain constant updates of plugins on the backend. A build-up of neglected plugin and API updates will often cause the gateway to crash and leave your site open to vulnerabilities.

Look at the IP addresses. Credit card testing transactions come from a handful of similar IP addresses. Automated software can limit the number of purchases made by a single IP address in a certain period. IP blocking and banning tools can also locate specific sources of fraud and prevent them from accessing their payment gateway in the future.

Authenticate customer identity. Merchants can verify their customers’ identity without making them jump through hoops. This can be done by requiring logins for all purchases, which prevents a scammer or bot from making several transactions with different cards. Merchants also need to be able to identify bots before they complete a checkout. Placing CAPTCHA checks at the shopping cart gateway is an effective solution to not only avoid bots but protect merchants from spam and password decryption as well.

Seek out value-added services. Credit card testing is more common than you might think, and incident rates are climbing during the pandemic. E-commerce merchants should understand that upfront costs will pay dividends in the long term. Making investments in external experts and software allows merchants to spend more time on what truly matters – growing the business and not worrying about constant, vigilant site monitoring.

Ultimately, e-commerce merchants should choose a partner that can offer and implement a comprehensive suite of security checkpoints, including IP verification and blocking, human checks, and backend updates and fortifications.

Most vendors naturally want to expect the best and never think cyberattacks will happen to them. However, when they are hit with credit card testing, it can be financially catastrophic for the business. That’s why I recommend e-commerce merchants seek solutions that can help protect their gateways and their business.