Be Prepared for Card Testing Fraud

The fraud landscape is a moving target, and this means that merchants must be ever vigilant against fraud threats. A great deal of merchant focus is on stopping friendly fraud, and while this is a key area of fraud traffic, other fraud methods should not be overlooked.
Card testing fraud is one such fraud method that is easily overlooked. Because of the nature of card testing fraud, it often goes undetected by merchant fraud detection solutions and is only detected when it’s too late. Card testing fraud is just as costly and damaging to merchants as friendly fraud and chargeback fraud.
A recent study conducted by Radial in the first quarter of 2017 reports that of the merchants surveyed, card testing fraud was up 200% in the first four months of the year, compared to the same time period in 2016.
Card Testing Fraud Tactics
Card testing happens when fraudsters test stolen credit card details by making small online purchases. The fraudsters need to check the validity of the credit card details, and once they confirm the credit card is valid they proceed with making larger fraudulent purchases. The small purchase testing tactic allows fraudsters to go mostly unnoticed by fraud detection solutions and by the innocent cardholder.
Typically, fraudsters use bots and scripts to test the credit card information, then target merchant sites that provide automated responses that provide decline details. With this information, fraudsters are able to adjust the credit card details in hopes of success. For example, when a merchant website indicates that the expiration date is incorrect, a savvy fraudster can use the Dark Web and other tactics to determine the correct expiration date.
The end goal for the fraudster is to find a valid credit card and then to make large purchases from the merchant site they already tested. This fraudster is now a recognized customer, so there’s a chance the order won’t be flagged.
There is no need for merchants to feel helpless in the face of this technically savvy fraud. Knowing the signs of card testing fraud allows merchants to make changes to payment solutions and fraud detection strategies.

  • Small transactions. Have a solution that sends alerts for repeated small transactions from the same credit card number or IP address.
  • Many purchases in a short duration. The bots and scripts used by fraudsters are programmed to make as many purchases as possible, as quickly possible. These purchases can be from the same credit card or with multiple cards.
  • A high rate of authorization failures. This can indicate that a fraudster is testing credit card details, looking for valid information.
  • Address Verification Service (AVS) alerts. A large number of AVS messages can indicate card testing and invalid credit card use.
  • Card Verification Value (CVV) errors. Often, the fraudster does not have the correct CVV information. Fraud detection solutions should be ready to detect orders that are missing this crucial confirmation number.

While card testing does use technically advanced software and tactics, it is possible for merchants to detect and prevent card testing. Working with experts in payment solutions and fraud detection gives merchants the upper-hand in the fight against fraud.
Fraud Detection and Prevention
Detecting and preventing fraud must be a critical component of any merchant’s business strategy. Being aware of and ready to detect and prevent friendly fraud, chargeback fraud, card testing fraud, and other fraud methods, is key to business and customer satisfaction.
There are two principal victims of card testing fraud: the merchant and the innocent cardholder.
The merchant loses with chargeback fees/penalties, stolen merchandise that is never recovered, lost revenue from the fraudulent sale, and brand loyalty damage.
The innocent cardholder loses out with damage to their online history, time and energy spent on recovering from the fraud, the additional danger to personal security, and in trusting the innocent merchant.
Merchants can detect and prevent card testing fraud by ensuring their e-commerce solution is using the best-in-class of multi-layered fraud detection technology. This includes enforcing AVS and CVV checks and taking advantage of key fraud tools, such as geolocation, biometric analysis, merchant co-op, and 3D Secure protocols.
In addition, it’s important for merchants to have a secure e-commerce website and mobile apps that are in tune with card testing fraud methods. Merchants should update their e-commerce and m-commerce tools to adjust for the response messages that fraudsters rely on for card detail verification. Contact us to learn how to adjust credit card authorization response messages to circumvent card testing fraud.
We want you to be protected from all types of fraud – including card testing fraud, friendly fraud, chargeback fraud, account takeover, eGift fraud, and more. Using the best-in-class payment and fraud detection solutions allows you to be protected from all angles at all times.