Best Practices - Prevent Card Testing (AKA Card Cracking)
Card testing fraud—also referred to as card cracking—is one of the fastest-growing types of fraud out there. In fact, in 2017 alone, cases of card testing fraud jumped more than 200 percent.
Here’s how it works: a thief gains access to a stolen credit card number (or maybe tens, hundreds or thousands of them). Then, in order to gauge the limits on these cards, they begin making test purchases. These are small, incremental purchases at first, but then grow into much more expensive, costly ones once the fraudster knows they’re possible.
In all, this type of fraud accounts for about 16 percent of all e-commerce fraud and 7 percent for larger e-commerce merchants. It’s particularly dangerous in that it can be easily done en masse, resulting in thousands of small purchases all at once—purchases that, when added up, equate to serious financial trouble for the merchant.
Want to keep this type of fraud from hurting your bottom line? Here are some in-house strategies and external tools that can help you do it.
In-house Strategies for Card Cracking Prevention
There are lots of small tweaks you can make internally to reduce your card cracking vulnerability.
For one, you can activate any AVS and CVV matching features in your online payment gateway.
This will give fraudsters an error message when attempting to use a stolen card, thus dissuading them from multiple attempts with other stolen cards as well.
Some other strategies you can try include:
- Monitoring small order activity. Card testing fraudsters often try placing multiple small orders at once or within a very short time frame. These purchases may be on the same card or dozens of different ones. The main point? They’re trying to test out their stolen card numbers to 1) see if they work and 2) determine how much the limit is on them. Keep an eye on orders of small amounts and analyze any out-of-the-ordinary spikes in them. It very well could be card cracking at work.
- Watch out for foreign IP addresses. The majority of card cracking fraud comes from outside the U.S., so be wary of small orders coming from foreign locations—especially if the shipping costs more than the product itself. If you’re not looking to run a global business, you might even consider blocking all foreign IP addresses just to be safe.
- Build a blacklist. If you expect someone has been testing cards with your business, put them on a customer blacklist and ban them from future purchases. Stats show that card cracking fraudsters are often repeat offenders, usually committing fraud an additional 3 to 4 times.
Finally, be on your toes during the holidays. Many fraudsters bank on merchants being too busy to spot inconsistencies, and they’ll use the season to take advantage of that. Be extra skeptical of foreign orders, rush orders or a high number of small-dollar purchases. Don’t be afraid to make a quick phone call or send an email to verify a purchase.
If you want to fight card cracking fraud, the best external tool you can invest in is a PCI-compliant payment gateway.
It should come with fraud screening features, as well as AVS and CVV matching.
Various automated fraud prevention tools can also help. These should do one of the following:
- Flag suspicious orders or IP addresses
- Allow for customer blacklisting/blocking
- Enable automatic blocking of potentially fraudulent orders
A chargeback prevention company can also assist with reducing this type of fraud, as they often come with proprietary tools designed to spot fraud and prevent it from the ground up.
How to Measure Effectiveness
Naturally, if you’re going to invest time and energy into reducing card testing fraud, you want to verify that your efforts are working. To do that, you’ll want to track the number of card cracking instances each year.
Tracking the chargebacks that result from this type of fraud is also important, as it can threaten your merchant accounts (and your ability to accept payment).
Keep in mind that even with high-end fraud prevention tools in place, you’ll need to tweak and manage your efforts as the year goes on. E-commerce fraud—and the methods thieves use to commit it—is constantly evolving, and that requires regular evolution in our prevention strategies as well
Get Help if You Need It
Internal changes and external tools can make a dent in your card testing fraud problem, but don’t be afraid to get help if they’re not moving the needle enough.
Card cracking fraud can lead to chargebacks, which mean lost time, money and maybe even merchant accounts.
If you’re not seeing the results you want, download our E-Commerce Fraud Prevention Guide or let a professional chargeback prevention team provide you more customized guidance.