Read about the latest news and developments at PagBrasil
Types of Card Fraud – Part 3: Card Testing Fraud
The third installment in our series on types of card fraud focuses on Card Testing Fraud. This type of card-not-present fraud is vastly used in the e-commerce environment. According to data from Radial’s E-Commerce Fraud Technology Lab, in 2017 alone there has been an increase of 200% in credit card testing. The study also shows a year on year growth of 30%. However, what exactly is Card Testing Fraud? In this article, we give an overview of this sort of card fraud.
What is Card Testing Fraud?
Unlike other card frauds, such as Friendly Fraud, the central purpose of Card Testing Fraud is not the product or service purchased but verifying if the stolen credit card details are valid. As the name suggests, the fraudster uses an e-commerce payment system to test such information, which is usually obtained through illegal lists sold on the Dark Web, via phishing or spyware software.
Such tests can be made manually, but fraudsters often use automated bots and scripts which allow them to test several cards simultaneously. Once the transaction is approved, fraudsters can be certain the details are still valid and can make fraudulent high value purchases on other websites, which would be classified as Effective Fraud. In many cases, such purchases are aimed at obtaining products that can be easily resold.
Consequences of Card Testing Fraud
Online businesses that fall victim to card testing fraud invariably face different consequences. Financial loss is the more evident one, but let’s list the main consequences of card testing fraud:
- High chargeback rates: Fraudulent transactions are the main driver of chargeback requests. An e-commerce business with a high volume of card testing transactions will see equivalent levels of chargeback rates.
- Financial losses: The financial impact of card testing fraud can be huge. Merchants will have to cover processing fees and chargeback fees, in addition to losing the sales amount, which will be refunded to the cardholder, as well as the merchandise sent to fraudsters.
- Problems with acquirers and payment providers: Credit card labels stipulate lower chargebacks rates for acquirers and payment providers. Due to high chargeback rates provoked by card testing fraud, merchants can face fines from the card acquirer or payment provider used to process the transactions. In extreme situations, it can even lead to contract termination.
- False conversion rates: As a high number of transactions won’t be successfully completed, online businesses won’t have an accurate conversion rate.
- Image damage: Ultimately, an e-commerce website that fails to control card testing fraud rates will see damages to its brand image and reputation. There are several online spaces where buyers can share their opinion of a company. Fraudulent transactions from a website is a common complaint and it can lead a business being classified as untrustworthy.
How to Identify and Prevent Card Testing Fraud?
Sometimes, it might be difficult to identify card testing fraud. However, there are some general transaction traits that can raise a red flag, such as:
- Small value purchases: As small value transactions usually don’t arouse suspicion and don’t impact the credit card limit, these are card testers’ preferred transactions. Apart from focusing on websites with small value products or services, NGOs’ websites are also a popular target for card testers as these entities accept low-value donations.
- Multiple credit card purchases in a short period of time: Because of the use of automated bots and scripts, card testers have the ability to run many cards through a website payment page in a very short period of time.
- Multiple credit card brands: Several attempts of completing a transaction by switching the card label can also be a warning signal pointing to card testing fraud.
- Failed authorization notification: Multiple transaction failure notifications are another signal of attempting to use stolen card data to complete a purchase.
- Higher traffic: Online businesses should constantly monitor their websites’ traffic. A higher traffic than usual, unless you have an online campaign in place which is expected to drive more traffic, can be a sign that an online store is being targeted by card testers.
Yet what can be done to prevent card testing fraud from impacting your e-commerce business sales? A very effective way is to implement a fraud prevention solution that provides real-time analysis, such as PagBrasil’s PagShield. Based on an intelligent self-learning algorithm, PagShield fights fraud in real-time, allowing merchants to automatically identify fraudulent transactions.
Another way of preventing card testing fraud is adapting the integration flow to make sure the payment response is given automatically only when a transaction is cleared. If the transaction is filtered by the antifraud service, no message should be automatically displayed. This way, card testers do not have a way of knowing if the card is valid and will avoid using your website for card testing purposes. In addition, preventing buyers from copying and pasting credit card details at the checkout form also makes it harder for fraudsters to test the stolen card details, especially when using automated testing processes.