Want to keep this type of fraud from hurting your bottom line? Here are some in-house strategies and external tools that can help you do it.
In-house strategies for preventing card testing
There are lots of small tweaks you can make internally to reduce your card cracking vulnerability.
For one, you can activate any AVS and CVV matching features in your online payment gateway.
This will give fraudsters an error message when attempting to use a stolen card, thus dissuading them from multiple attempts with other stolen cards as well.
It's important to note, however, that CVV matching alone won't deter most fraudsters. With software capable of attempting thousands of purchases in mere seconds, and only 1,000 possible CVV numbers for a given card, a fraudster can easily brute force the CVV number if you don't have the anti-fraud measures in place to prevent it.
The easiest method of prevention here is to have a system in place to automatically reject any further attempted transactions using a particular card number after it has been declined a certain number of times. Five or ten attempts should be more than enough for any confused customers, but too few for a brute force attack to work most of the time.
Of course, the best way to prevent not only card testing but fraud in general is to take advantage of all the anti-fraud tools available to you. While CVV matching may not do much by itself, when you add AVS and 3-D Secure 2.0 into the mix, you've made a pretty good start on making life difficult for any fraudsters targeting your business. Unfortunately, no method of fraud prevention is perfect, which is why you want as many anti-fraud tools as possible at your disposal.
Some other strategies you can try include:
- Monitoring small order activity. Card testing fraudsters typically place multiple small orders at once or within a very short period of time. These purchases may be on the same card or dozens of different ones. Keep an eye on orders of small amounts and analyze any out-of-the-ordinary spikes in them. It very well could be card cracking at work.
- Giving foreign IP addresses extra scrutiny. The majority of card cracking fraud comes from outside the U.S., so be wary of small orders coming from foreign locations—especially if the shipping costs more than the product itself. If you’re not looking to run a global business, you might even consider blocking all foreign IP addresses just to be safe.
- Building a blacklist. If you expect someone has been testing cards with your business, put their information on a customer blacklist and ban them from future purchases. Stats show that card cracking fraudsters are often repeat offenders, usually committing fraud an additional 3 to 4 times.
External anti-fraud tools
If you want to fight card cracking fraud, the best external tool you can invest in is a PCI-compliant payment gateway.
It should come with fraud screening features, as well as AVS and CVV matching.
Various automated fraud prevention tools can also help. These should do one or more of the following:
- Flag suspicious orders or IP addresses
- Allow for customer blacklisting/blocking
- Enable automatic blocking of potentially fraudulent orders
A chargeback prevention company can also assist with reducing this type of fraud, as they often have proprietary tools designed to spot fraud and prevent it at every level.
How to measure anti-fraud effectiveness
Naturally, if you’re going to invest time and energy into reducing card testing fraud, you want to verify that your efforts are working. To do that, you’ll want to track the number of card cracking instances each year.
Tracking the chargebacks that result from this type of fraud is also important, as it can threaten your merchant accounts (and your ability to accept payment).
Keep in mind that even with high-end fraud prevention tools in place, you’ll need to tweak and manage your efforts as the year goes on. eCommerce fraud—and the methods thieves use to commit it—is constantly evolving, and that requires regular evolution in our prevention strategies as well
Get help with fraud if you need it
Internal changes and external tools can make a dent in your card testing fraud problem, but don’t be afraid to get help if they’re not moving the needle enough.
Card cracking fraud can lead to chargebacks, which mean lost time, money and maybe even merchant accounts.
If you’re not seeing the results you want, download our eCommerce Fraud Prevention Guide or let a professional chargeback prevention team provide you more customized guidance.
FAQ
What are BIN attacks?
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com