Testes de cartão | Card Testing
Testes de cartão | Card Testing

Card testing: learn more about this type of fraud in ecommerce

Fraud is always a debatable topic in ecommerce. And with the Covid-19 pandemic, the subject is even more in evidence, after an impressive increase in Brazilian online sales. According to a study carried out by Neotrust, ecommerce sales in Brazil were boosted by 57.4% in the first trimester of 2021.

The increase in online sales raises awareness about fraud in ecommerce – especially merchants who need to stay alert to ways of reducing the risk of online attacks in order to maintain a sustainable operation. According to the study Mapa da Fraude, carried out by Clearsale, there has been a 32.7% increase in credit card fraud attempts in Brazilian ecommerce in the first half of the year when compared to the same period of 2020.

And one of the most common type of fraud is card testing. But what exactly is this?

 

Understand card testing fraud

As the name suggests, this type of fraud occurs when criminals test a credit card number by carrying out small online purchases or signing in to subscription plans with the purpose of verifying the card’s details. This can be done through online stores with checkout pages that offer immediate payment attempt confirmation.

This type of test allows fraudsters to validate the card without raising the cardholder’s suspicion, as many don’t pay attention to purchases of low amounts.

Further, fraudsters often take advantage of websites that validate cards through the zero auth feature, where the debit equals zero – and therefore requires no charges or refunds. This way, the verification is nearly imperceptible to the cardholder. Recurring subscription websites or websites that allow customers to register their credit cards for 1-click purchases can also be a target for these criminals since these sites usually use the feature.

After successful attempts, criminals gather valid credit cards to purchase in many other online stores. In addition, valid credit card lists can be sold by fraudsters on the dark web and used by other criminals.

 

How do criminals obtain the credit card number?

Cards used in this type of fraud are either cloned – because of security vulnerabilities in financial institutions – or randomly generated by fraudsters, with algorithms that test thousands of different numeric combinations.

 

How to protect your ecommerce from card testing

There are a few ways your digital business can shield itself from this type of fraud. Learn more!

Protect your checkout from automation scripts

Some security solutions offer technologies that identify and avoid transactions generated by automated scripts, using algorithms and rules to differentiate robots from humans.

Establish minimum payment thresholds

Websites that accept donations or custom payment amounts can also be vulnerable to card testing fraud, since they normally offer more flexible antifraud rules. Criminals can run tests with a low amount or equal to zero to confirm if a card is valid without raising suspicion. This is why it is important to establish a minimum payment threshold that is sufficient to prevent this type of fraud.

Pay attention to abnormal behaviors

Did the number of daily transactions spike or the approval rate suddenly drop? This might be a sign of massive card testing attempts.

To detect and stop this kind of behavior, tools such as Velocity Check are important allies in fraud detection. These features help identify and ban repeated purchase attempts with similar patterns.

Work with reliable technological partners

And finally: work with trusted business partners that help your business safely sell online. PagBrasil is always looking out for security in payment processes. We are driven by continual improvements, constantly optimizing protection systems, and works with tools specifically developed to prevent card testing. Get in touch with us to learn more about our solutions and rely on a dedicated team to maintain your operation securely and efficiently.

Leave a Reply

Your email address will not be published. Required fields are marked *