Card testing may not sound as harmful as other types of fraud, but it can cost merchants in lost revenue, dispute fees, lost merchandise, and increased dispute rates. In this post, we will dive into how fraudsters test cards and how merchants can detect and prevent card testing.
What is Card Testing?
Card testing is when a fraudster obtains a list of card credentials and attempts an online purchase with the stolen card number to test it. Once the fraudster can confirm that the credentials are valid, they can move on to larger purchases or sell the information for a more significant amount on the dark web. A fraudster may just be testing one card, or they could have thousands of card numbers.
If a card testing fraudster is successful at purchasing on the merchant's site, then that transaction will be disputed by the actual cardholder. The dispute will be a true fraud dispute which is not winnable by merchants. Because of the Zero Liability Guarantee, it is the merchant's responsibility to prevent fraudulent purchases from being accepted. So the merchant is liable for the stolen funds. While one card testing purchase may only cost merchants $5 in lost revenue, if a fraudster tests hundreds of card numbers successfully, the fraud cost will start to add up. Not to mention, the increase in disputes will raise the merchant's dispute ratio.
How do Fraudsters Test Cards?
The typical way for fraudsters to test cards is to make small online purchases. Fraudsters can use a bot or a script to check cards. Here are a couple of ways fraudster test cards without being detected by the merchants:
- Small Transactions: By making small transactions, a fraudster can draw less attention to the purchase and sneak past fraud filters. Merchants will usually have stricter fraud filters on larger purchases. Card testers also stick to small purchases to minimize the amount of credit they use.
- Making a Small Transaction on the Site First: If a fraudster wants to make a large purchase on the site and make sure the stolen card number will be accepted, they will make a smaller purchase on the site first. By doing this, a fraudster is now a recognized cardholder by the merchant's system, which means their next purchase will be less likely to be caught by the fraud filters.
How Can Merchants Prevent This Type of Fraud?
Monitor Every Transaction
Card testers focus on small transactions, which means merchants need to prepare their fraud filters for every size of transaction that comes through. Even if the fraudster is just testing on your site to turn around and make a purchase somewhere else, you will still incur a loss.
Monitoring the Number of Transactions
If you receive a spike in small purchases coming from the same IP address, this indicates card testing. A bot or script is going through a list of stolen cards as quickly as possible. This IP address should be blocked as soon as the spike in transactions starts.
Be Careful What You Display
A merchant can make themselves an easy target for card testing if they display why the transaction did not go through. For example, if the customer or fraudster did not put in the right CVV number and your site lets them know that's what the incorrect information was. This makes the fraudster’s job a lot easier because the merchant's site is helping them narrow down what they need to correct to crack the card number.
Look into a High Number of Failed Transaction Attempts
A cardholder may accidentally type in their card number wrong once, maybe twice, but many failed attempts can indicate card testing. If merchants catch this type of behavior at check out, they can block the transaction for being able to go through.
Always Keep an Eye on Your Dispute Data
All the details surrounding your company's disputes and the dispute response process is crucial for gaining insights into your business and the fraud you face. Dispute analysis can show merchants where there are problems with their operations, logistics, billing, communication, or even the dispute response process itself. If a merchant has a surge of disputes around small amount transactions, preventative actions should be put in place immediately.
To prevent true fraud, like the fraud coming from card testing, merchants need to put into place fraud filters. Fraud filters are a tool used by merchants to help assess if a purchase is fraudulent. These fraud filters are customizable and should be based on your industry, customer behavior, and other factors. There are many layers or filters that companies can add on top of each other and in a specific order.
When set up correctly, fraud filters can be extremely helpful in preventing true fraud disputes while still letting legitimate customers in. When set up incorrectly, it can cost merchants in fraud and loss of sales. Which is why merchants should make sure their fraud filters are set up to prevent card testing.