3 Ways to Help Prevent Card Testing

3 Ways to Help Prevent Card Testing

You’ve just seen an increase in sales on your website or shopping cart. You are undoubtedly excited that your business is thriving. After all, you’ve put in a lot of work to achieve those sales! But if many of those sales transactions are small and seem out of place, they could be fraudulent.

When a fraudster acquires a new stolen credit card number, they often want to ensure the card is active and the information is accurate. A common way they do this is by making a low-value purchase or a string of low-value purchases. If the card is accepted, the fraudster knows the subsequent transactions will likely be approved. This type of fraudulent activity is called card testing, and it usually occurs with online commerce/e-commerce websites.

As a business owner or manager, card testing can be challenging to catch without reliable fraud detection tools.  So, below are 3 ways to help prevent card testing. 


1. Password Protected Payment Pages

A simple but effective way to reduce card testing fraud is requiring users to create an account before making a purchase. Bots are becoming more sophisticated, but they can’t create user accounts yet. Placing your payment link behind a password-protected login can provide an added layer of protection against bots and humans alike.

2. Added Security Measures

Another way to reduce card testing fraud is by implementing additional security measures like a Rate Limiter, CAPTCHA, or reCAPTCHA on your payment pages:

• Rate Limiter: this places a limit on the number of transaction attempts within a period of time and can cut down on bot and human activity around card testing.
• CAPTCHA: this security measure requires the user to complete a task to confirm they’re not a bot.
• reCAPTCHA: this invisible captcha uses advanced risk analysis techniques to automatically determine if the user is a human or a bot without making the user complete a CAPTCHA task.

Click image to enlarge

3. Transaction Rules and Filters

A third way to help prevent card testing fraud is implementing transaction rules.

Rules that can deny transactions before the request is sent to the card issuer include:

• Amount: transactions can be denied if over or under a set amount.
• Velocity: transactions can be denied based on the card, account, or IP velocity.
• IP Address: transactions can be denied based on IP location, proxy status, or velocity.
• Address Match: transactions can be denied based on whether the address matches or not.
• Card Type and Card Brand: transactions can be denied based on the card type/brand.
• BIN Range: transactions can be denied based on the BIN range.

Rules that can deny transactions or alert you to potential fraud after the authorization request is sent to the card issuer include:

• AVS: Address Verification Service compares the billing address entered online with the address on record with the issuing bank. If the address, or a set number of address elements, doesn’t match, you can deny the transaction or set an alert to let you know the addresses don’t match.
• CVV/CVC: Card Verification Value / Code is the 3 or 4-digit code on the back of credit and debit cards. If the CVV code doesn’t match, you can deny the transaction or set an alert to let you know the CVV field value was empty or incorrect.

Card testing fraud is a threat to all e-commerce merchants, but you can help prevent it by taking these actions.

If your credit card processor is not providing you with this type of valuable information, it is time to look for a new processor. Fill out the form below or call us at (800) 386-0711 to learn more.

BASYS Processing as a business partner 

Does your current processor understand the unique struggles of your industry? Do they provide great rates and personal customer service? Are they offering solutions to grow your business and being proactive about helping you reduce risk and increase your savings? 

Contact BASYS today to learn more about innovative payment solutions that will save you time and money. We make accepting debit cards and credit cards convenient, safe and affordable. 

BASYS Processing features: 

A friendly, live voice will answer the phone when you call; no automated phone systems 
In-house PCI Compliance team to walk you through the process step-by-step, improving security and reducing costs
Accept payments in person, over the phone or online
Next-day funding options 

About BASYS Processing 

BASYS Processing provides credit card and debit card processing services, plus solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banks, associations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personal Payment Processing. 

Learn more at basyspro.com, and connect with us online at: