3 Ways to Help Prevent Card Testing

3 Ways to Help Prevent Card Testing

You’ve just seen an increase in sales on your website or shopping cart. You are undoubtedly excited that your business is thriving. After all, you’ve put in a lot of work to achieve those sales! But if many of those sales transactions are small and seem out of place, they could be fraudulent.

When a fraudster acquires a new stolen credit card number, they often want to ensure the card is active and the information is accurate. A common way they do this is by making a low-value purchase or a string of low-value purchases. If the card is accepted, the fraudster knows the subsequent transactions will likely be approved. This type of fraudulent activity is called card testing, and it usually occurs with online commerce/e-commerce websites.

As a business owner or manager, card testing can be challenging to catch without reliable fraud detection tools.  So, below are 3 ways to help prevent card testing. 


1. Password Protected Payment Pages

A simple but effective way to reduce card testing fraud is requiring users to create an account before making a purchase. Bots are becoming more sophisticated, but they can’t create user accounts yet. Placing your payment link behind a password-protected login can provide an added layer of protection against bots and humans alike.

2. Added Security Measures

Another way to reduce card testing fraud is by implementing additional security measures like a Rate Limiter, CAPTCHA, or reCAPTCHA on your payment pages:

• Rate Limiter: this places a limit on the number of transaction attempts within a period of time and can cut down on bot and human activity around card testing. 

• CAPTCHA: this security measure requires the user to complete a task to confirm they’re not a bot.

• reCAPTCHA: this invisible captcha uses advanced risk analysis techniques to automatically determine if the user is a human or a bot without making the user complete a CAPTCHA task.

3. Transaction Rules and Filters

A third way to help prevent card testing fraud is implementing transaction rules.

Rules that can deny transactions before the request is sent to the card issuer include:

• Amount: transactions can be denied if over or under a set amount.

• Velocity: transactions can be denied based on the card, account, or IP velocity.

• IP Address: transactions can be denied based on IP location, proxy status, or velocity.

• Address Match: transactions can be denied based on whether the address matches or not.

• Card Type and Card Brand: transactions can be denied based on the card type/brand.

• BIN Range: transactions can be denied based on the BIN range.

Rules that can deny transactions or alert you to potential fraud after the authorization request is sent to the card issuer include:

• AVS: Address Verification Service compares the billing address entered online with the address on record with the issuing bank. If the address, or a set number of address elements, doesn’t match, you can deny the transaction or set an alert to let you know the addresses don’t match.

• CVV / CVC: Card Verification Value / Code is the 3 or 4-digit code on the back of credit and debit cards. If the CVV code doesn’t match, you can deny the transaction or set an alert to let you know the CVV field value was empty or incorrect.


Card testing fraud is a threat to all e-commerce merchants, but you can help prevent it by taking these actions.

If your credit card processor is not providing you with this type of valuable information, it is time to look for a new processor. Fill out the form below or call us at (800) 386-0711 to learn more.

BASYS Processing as a business partner

If your processor isn’t delivering top-notch customer service and strategies to help grow your program, please call BASYS Processing at (800) 386-0711.  Let’s talk about creating a true business partnership that will help you meet and exceed your goals.

BASYS Processing features:

–  90% + Customer Retention Rate
–  Live operator when your merchant customers need support – no automated voice systems
–  Dedicated relationship manager for questions and concerns
–  Proactive contact with every merchant to walk through the annual PCI process
–  In-house PCI Team to assist with questions and concerns
–  Founded by a family who previously owned a bank
–  Track record of successful bank partnerships
–  Thorough Market Analysis followed by mutual plans and goals to grow your portfolio
– High-quality service mentality, similar to your bank
–  Vested interest in protecting your bank’s hard-earned reputation
–  In-depth initial bank training
–  On-going bank training via weekly call and boot-camp programs
–  Open line of communication between BASYS, you, and your customers
–  Quick response time for your questions and concerns; you are a priority


About BASYS Processing

BASYS Processing provides credit card and debit card processing services, and solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banksassociations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personalized Payment Processing.

Learn more at basyspro.com, and connect with us online at: