How to Prevent Card TestingBuilding a Wider Checkout Moat
Strategies to Prevent Card Testing & Cracking Attacks on Your Website
The most effective way to deal with a card testing attack is to prevent it from happening in the first place.
From velocity checks and rate limits to more advanced tools, this article provides actionable strategies you can implement to fortify your business and keep card testers at bay.
Card Testing
Criminals validate stolen credit card information by making small, inconspicuous purchases. Once they confirm the card details are valid, they may proceed to make larger unauthorized transactions. This tactic helps fraudsters avoid detection until they have successfully exploited the stolen card.
My Best Advice? Use a CRM.
My best advice is to monitor absolutely everything.
Most businesses use some type of CRM (Customer Relationship Manager). If your business isn’t currently using a CRM, now may be the time to make the investment.
A CRM can help you reveal payment discrepancies, better communicate with customers, and manage and monitor social media accounts. And, for our purposes, it can help you keep track of metrics and analytics that can identify card testers posing as customers. CRM data should pair seamlessly with your payment gateway and also integrate with anti-fraud measures.
10 Additional Tips to Stop Credit Card Testing Fraud Attacks
Of course, investing in or upgrading your CRM is just one idea. Here are 10 additional steps you can take to fight card testing fraud today:
#1 | Implement the Right Fraud Tools
Setup may be a time-consuming process, but ultimately worth it. Card testers will struggle to overcome safety measures like AVS, CVV matching, velocity checking, and IP monitoring if they’re all in place as part of a coordinated, multilayer strategy.
Pro Tip:
Integrate all or as many of these systems with your CRM as possible, and never authorize transactions that do not meet pre-required criteria.
#2 | Use a VPN
Ensure that your payment gateway and CRM data are accessed only through a VPN, or Virtual Private Network. As we’ve alluded to, basic firewall protections cannot stop every hacker. The security of your — and your client’s — accounts could be compromised.
Pro Tip:
If you offer WiFi for your customers, DO NOT take payments or access sensitive CRM data on the same network!
#3 | Enable SSO
SSO (Single Sign-On) can centralize password data under a secured framework, which will make it that much more difficult to compromise. This applies for you and your customers; SSO can help you safeguard your computers and terminals as well.
Pro Tip:
Google’s CAPTCHA (Completely Automated Public Turing Test) is a great addition to your SSO arsenal. Card testers often run automated scripts that CAPTCHA can block.
#4 | Designate Officers
Choose managers to “gatekeep” certain access points that could lead to data breaches. Also, make sure all employees must log in to the system securely to operate within it and are compliant with PCI standards.
Pro Tip:
Not everyone in your organization needs access to every portal. Make sure your crucial details are only accessible by accredited individuals.
#5 | Set Rate Limits
Flagging specific transactions based on the dollar value can be quite effective at stopping card testing. If you’re experiencing a specific, recurring amount associated with card testing, set your limits to exclude them.
Pro Tip:
Limit the number of IP addresses that can be used to create new accounts in a single day.
#6 | Limit Checkout Attempts
Remember, card testing often utilizes brute force tactics, such as many cards at once in hopes that one will prove fruitful. Limiting the number of transaction attempts can dramatically decrease these attacks.
Pro Tip:
You should also limit the number of times a cardholder can attempt to run a single card during checkout.
#7 | Block Cross-Border Transactions
Unfortunately, a majority of card testers and botnet companies are located and operated outside of the US. While becoming a global retailer is a fantastic goal for merchants, you should be extremely cautious of international IP addresses.
Pro Tip:
Try segmenting orders based on IP address. Orders from countries or regions known to have elevated fraud levels can be subjected to additional screening.
#8 | Encourage Customer Sign Up at Checkout
While guest checkout can speed up the payment process, it can also leave you vulnerable to fraud. Encouraging users to register before checkout will deter many fraudsters from targeting you.
Pro Tip:
Encourage — even incentivize — your buyers to create an account, but don’t mandate it. This is one of the leading drivers of shopping cart abandonment.
#9 | Set a Botnet Firewall
If you don’t already use a firewall on your website, stop reading this and go install one right now. Firewalls and various anti-fraud services generally include botnet prevention tools, which can deter card testing attacks.
Pro Tip:
Most card testing attacks are performed by bots on a large scale. Having a firewall in place can alleviate a lot of risk.
#10 | Deploy Third-Party Fraud Monitoring
If you lack the bandwidth or staff to effectively monitor and manage fraud prevention, many reputable third-party companies exist to help. Professional services utilize expert industry knowledge to detect, isolate, and help you recover from fraud attacks.
Pro Tip:
Many services combine fraud detection with chargeback prevention methods, which can protect your business from threats while you focus on increasing your revenue.
Get More Help With Card Testing Fraud
We certainly understand that this is a lot for anyone to take in. Of course, that’s no excuse to be complacent.
Fraud of any stripe can be a costly challenge for your business, and card testing is perhaps one of the most insidious. It can wreak tons of havoc within your organization and cause many problems that can leave lasting, painful scars. Chargebacks, for instance, are just one factor in the equation.
Now that you are familiar with the problem and the various ways in which you might combat card testing fraud… are you ready to fight back? Continue below and learn how today.
