Card testing fraud—also referred to as card cracking—is one of the fastest-growing types of fraud out there. Stolen credit card numbers are readily available for purchase on the dark web, and with EMV chips increasing the security of credit cards themselves, more fraudsters are moving to the world of eCommerce.
Here’s how it works: a thief gains access to a stolen credit card number (or maybe tens, hundreds or thousands of them). Then, in order to find out which cards have expired or been reported stolen and which are still active, they attempt to make a small test purchase with each and keep track of which transactions are approved. For cards that are approved, the fraudster then moves on to making larger purchases in order to get as much value from the card as possible before the fraud is detected.
Want to keep this type of fraud from hurting your bottom line? Here are some in-house strategies and external tools that can help you do it.
There are lots of small tweaks you can make internally to reduce your card cracking vulnerability.
For one, you can activate any AVS and CVV matching features in your online payment gateway.
This will give fraudsters an error message when attempting to use a stolen card, thus dissuading them from multiple attempts with other stolen cards as well.
It's important to note, however, that CVV matching alone won't deter most fraudsters. With software capable of attempting thousands of purchases in mere seconds, and only 1,000 possible CVV numbers for a given card, a fraudster can easily brute force the CVV number if you don't have the anti-fraud measures in place to prevent it.
The easiest method of prevention here is to have a system in place to automatically reject any further attempted transactions using a particular card number after it has been declined a certain number of times. Five or ten attempts should be more than enough for any confused customers, but too few for a brute force attack to work most of the time.
Of course, the best way to prevent not only card testing but fraud in general is to take advantage of all the anti-fraud tools available to you. While CVV matching may not do much by itself, when you add AVS and 3-D Secure 2.0 into the mix, you've made a pretty good start on making life difficult for any fraudsters targeting your business. Unfortunately, no method of fraud prevention is perfect, which is why you want as many anti-fraud tools as possible at your disposal.
Some other strategies you can try include:
If you want to fight card cracking fraud, the best external tool you can invest in is a PCI-compliant payment gateway.
It should come with fraud screening features, as well as AVS and CVV matching.
Various automated fraud prevention tools can also help. These should do one or more of the following:
A chargeback prevention company can also assist with reducing this type of fraud, as they often have proprietary tools designed to spot fraud and prevent it at every level.
Naturally, if you’re going to invest time and energy into reducing card testing fraud, you want to verify that your efforts are working. To do that, you’ll want to track the number of card cracking instances each year.
Tracking the chargebacks that result from this type of fraud is also important, as it can threaten your merchant accounts (and your ability to accept payment).
Keep in mind that even with high-end fraud prevention tools in place, you’ll need to tweak and manage your efforts as the year goes on. eCommerce fraud—and the methods thieves use to commit it—is constantly evolving, and that requires regular evolution in our prevention strategies as well
Internal changes and external tools can make a dent in your card testing fraud problem, but don’t be afraid to get help if they’re not moving the needle enough.
Card cracking fraud can lead to chargebacks, which mean lost time, money and maybe even merchant accounts.
If you’re not seeing the results you want, download our eCommerce Fraud Prevention Guide or let a professional chargeback prevention team provide you more customized guidance.
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com