Credit card testing, card cracking, card checking, or simply carding was one of the most widespread and damaging types of fraud in the US, UK, and EU in 2021, based on our know-how and industry insights. How to identify and prevent card testing fraud in real-time? What can a merchant do to ensure fraudsters can’t crack a credit card number on their website? Read on to find out!
What is card testing fraud?
Credit card testing is usually performed as a series of small orders coming in quick succession. There are several outcomes for fraudsters:
- Should these orders go through, it means the card is still active and credentials are valid, which makes it cost more on the dark web
- Successful payments create a positive history with that card and merchant, meaning that ongoing payments will less likely be declined
- Fraudster can now order more expensive items in bigger qualities to deplete the card before it is blocked.
However, let’s not forget about credit card testing fraud outcomes for merchants:
- Card checking orders can be aimed ad small, medium or enterprise businesses alike
- Merchant now faces quite a bunch of chargebacks at once when lawful cardholders discover the loss
- Merchant’s chargeback ratio will be increased, potentially putting them into a high-risk category, which will result in increased payment processing fees and the need to undergo Visa/Mastercard redemption program or pay for other chargeback solutions
- Even if your anti-fraud system identifies such transactions as card testing fraud timely and declines them, there still is quite a risk that payment gateway will put you into a high-risk category
- Even if an anti-fraud tool you use declines all the fraudulent transactions, it might disclose the reason for this decision, thus giving fraudsters the needed details to crack a credit card number
As you see, credit card testing fraud is a multi-faceted thread that cannot be taken lightly. Below we describe the most effective fraud prevention measures to ensure your business is secure from card testing fraud.
How to detect credit card fraud?
There are several signs showing that a payment request is, in fact, a card testing fraud attempt:
- Incomplete or missing customer credentials
- Delivery address mismatch with the billing address on file
- CVV mismatch
- Lots of orders in quick succession from the same IP but with different card numbers
- Vice versa, lots of orders with the same card number from different IP addresses or using VPN
- One or more of transaction identifiers is known as fraudulent
- much, much more
A modern antifraud system like Covery detects these signs and can alert a merchant on the fly while following a pre-configured risk logic scenario to prevent a credit card testing fraud attempt.
What merchants should do when they suspect card fraud?
Being proactive is the answer here. Investing in an anti-fraud tool might seem a bit too expensive, but the subscription cost totally fades in comparison with chargeback losses, dispute fees, and Visa/Mastercard redemption program (which incur up to $50,000 fees, keep that in mind).
But how to ensure your anti-fraud system can protect you from card testing fraud?
- AVS. Address verification system can automatically check whether the delivery address meets the billing address on file. This is one of the most common alert flags, as fraudsters rarely know the billing addresses of their victims. This is due to them receiving credit card details from skimmers or hacking badly-protected databases (we are looking at you, travel booking companies, yes). Only elaborate phishing can provide in-depth profile details.
- CVV. Same here, skimmers and database dumps can’t catch CVV codes. Thus, enabling simple 3D Secure verification with a CVV code or OTP (one-time password sent via SMS) can be a lifesaver here
- Decline reasons. Make sure your payment processor does not provide decline reasons for suspicious transaction attempts. Such details can be the final piece of the puzzle allowing fraudsters to crack a credit card number and defraud you.
- Real-time monitoring. Many credit card testing attempts are committed outside of business hours in your geolocation to give fraudsters a bigger handicap before detection. Enabling 24/7 automated transaction monitoring will safeguard your business.
Naturally, fraudsters are rarely manually trying to crack a credit card number. Most of them use automated bot software purpose-built for this task. Luckily, such massed attacks have their own distinctive identifiers that can be easily flagged. This way, having a fraud prevention system capable of automatically deflecting bot attacks is a great choice.
What happens if you fake credit card fraud?
As it seems that fraudsters can go unpunished, some merchants decide to follow in their tracks and fake some credit card fraud cases for illicit gain and recuperating from their losses.
We strongly recommend against it, because you will have to disable your anti-fraud solution to forge the proofs. Otherwise, you run the risk of giving false testimony in court, which is a punishable offense that can end up with a fine of up to $10,000 and/or 1-3 years of jail time.
The best way to minimize your losses to credit card testing fraud is to implement a cohesive combination of risk logic rules and fraud prevention measures to ensure your anti-fraud tool timely detects such attempts, prevents them, and gives fraudsters no details in return.
Covery is exactly such a system, due to having a wide range of features designed to fight fraud and chargebacks — device fingerprinting, IP screening, behavioral analysis, supervised Machine Learning and Trustchain — the global reputation record database.
Contact us for a free demo and see how Covery can help your business prevent credit card testing fraud!