Websites are increasingly being used by fraudsters to test cards, in a process called Carding.
They find an online service or shop that has low value transactions and the least amount of hurdles to get over and against it run an automated script which keeps testing, potentially, thousands of cards to repeatedly try to secure authorisations.
A successful authorisation, however small, is enough to show the card details are valid and active, and can be used for more extensive fraud elsewhere.
What are the risks
As well as inadvertently supporting criminals - ranging from hackers to international terrorists - in their attempts through apathy, ignorance or negligence of your security, you risk damaging both your reputation and bottom line.
If details emerge down the way that larger fraud was carried out because of carding on your site, you could find yourself exposed and vulnerable to reputation and legal implications. On the other end of that extreme, businesses also face additional fees for excessive authorisations and declines from Mastercard.
It’s solely the responsibility of your business to have taken additional security checks to expose and prevent carding. We can support you on that, but we do not reverse transaction charges if you haven’t taken the appropriate measure to fully protect against carding.
How to stop it
There are many ways you can protect your business from fraudulent carding activity.
- 3D Secure is the umbrella name for Visa Secure and Mastercard SecureCode, which have been implemented by the card brands to add an additional level of security for eCommerce transactions. By implementing 3D Secure in your eCommerce, you can fully authenticate the cardholder. This may mean a shift in the liability for chargebacks arising on transactions under certain circumstances, even where the cardholder is not enrolled for 3D Secure. While 3D Secure can't and doesn't eliminate chargebacks entirely, it does vastly reduce the incidence of fraud.
- Having a good captcha on your website could also frustrate a fraudster's carding attempts on your website. A captcha is a computer program, or system intended to distinguish human from machine input.
- Remove the copy and paste function on your payments page will also make it harder for a fraudster to run an automated script to generate these test transactions.
- Seek out other fraud management products which your payments gateway provider may have available that will help identify and block such attacks from happening.
Visa have more on this.
Please contact your gateway provider to ensure your website is secure and protected from carding attacks.