As e-commerce volumes grow, so do opportunities of online fraudulent activities. Card testing in particular has seen a spike in occurrence detected on merchant sites, confirmed in recent merchant monitoring reports by acquiring banks.
Created by fraudsters, card testing is a technique used to test the validity of stolen card numbers by making small purchases on unsuspecting sites. Card numbers are either computer generated or purchased online illegally and in large quantities, meaning testing large amounts of card numbers by hand can be very time-consuming for fraudsters. Thus, bots are employed to automate this procedure, to reduce the time and effort required to test large amounts of card numbers. These bots help to submit numerous small transactions at high speeds to filter out the inactive or blocked cards.
When it comes to choosing their targets, fraudsters have a preference towards small- to medium-sized businesses, or charities and organizations that accept small donations. This is largely due to their lack of sufficient payment security or risk tools to detect or prevent fraud activity, as well as the ability to make small transactions on these sites, revealing the perfect vulnerability to fraudsters.
Due to its level of defenselessness, i.e., a lack of security measures to prevent high velocities of transactions from the same IP address, or bot-blocking tools, these smaller businesses become susceptible to card testing attacks. Further, fraudsters tend to target sites that allow small transaction amounts because when a targeted card is still valid and active, a small transaction that will appear on the cardholder's statement may pass by unnoticed or unreported by the cardholder. This allows the fraudster to complete a larger fraudulent purchase later on.
The impact of card testing attacks is like other fraud attacks, with the end result being chargebacks, extra costs, and even high decline rates. Therefore, it is important to be aware of card testing attacks, and of course, fraud in general being conducted on e-commerce sites.
