What You Need to do to Protect Your Website
The recent rise in card number testing on websites, reminds me of the movie Caddyshack. As the golf course grounds keeper, Bill Murray tries different schemes to get rid of the pesky gopher that is destroying the golf course. The gopher just keeps showing up in different places.
Those of us who have spent our careers fighting fraud are well aware of this phenomenon. Shut down fraud in one area, and it rears up in another.
Ecommerce fraud and stolen credit card testing on ecommerce websites are at a very high level and growing every day. We continue to post alerts about the accelerating migration of fraud to ecommerce sites. Last year, we continued the alert in a Facebook live event with specific messaging on this topic. Clicking play will start the video at the moment Steve Staden and I begin to discuss card testing.
So…What’s Causing This?
When the industry moved to the more-secure chip cards, it caused a “squeeze effect” on physical counterfeit card fraud and forced fraudsters to migrate to less secure territory — ecommerce.
A second factor right now is the global pandemic. As ecommerce transactions have risen, so has ecommerce fraud. Fraud goes where the money is.
How Do I Detect Card Testing on My Website?
The way stolen card testing typically works is that a bot will make transactions on your website for small amounts, such as $1. If the purchase is approved, that means the card number is good and a much larger transaction can be made – either on your website or on someone else’s.
If you monitor your online activity, you will spot the spike in activity immediately. Your payment processor should also pick up on the testing and alert you.
What Do We Do About It?
You definitely want to take action now versus waiting until your website has been targeted. Aside from the nuisance of dealing with this if it occurs, additional costs such as authorization fees, chargeback fees, and potential fines from the payment card brands come into play.
While there is no silver bullet, below are three things you can do to mitigate card testing on your website:
- Use a solution such as reCaptcha (by Google). It’s free, and it helps distinguish human interaction from automated machine activity.
- Consider having users register on your website before they can make purchases.
- Credit card gateways used for e-commerce often have anti-fraud solutions such as velocity controls. A nominal fee may apply but is well worth it as you’ll receive an added layer of protection.
You Have the Power to Prevent This
Our recommendation is not to be Bill Murray from Caddyshack. Your business has the option to head off stolen credit card testing on your e-commerce website. Don’t let the gopher be the last one standing.