Chargebacks911 Warns of Latest Fraud Threat: Credit Card Testing Up 200%

Recent data shows credit card testing fraud is on the rise. Loss prevention specialist Chargebacks911 advises eCommerce merchants to be aware of this growing trend and take action to deter and reject fraudulent orders.

(Tampa Bay, FL) November 6, 2017 – An analysis published by Radial earlier this year revealed that credit card testing by fraudsters increased 200% in the first quarter of 2017 compared to the same quarter of the prior year.* Chargebacks911, a leading dispute mitigation and loss prevention firm, aims to educate eCommerce merchants on how to identify and thwart this fraud tactic and what they can do to prevent related financial losses.


When fraudsters obtain stolen credit card numbers via the black market or darknet, they conduct card testing to determine which numbers are associated with an active account that hasn’t been maxed out or shut down yet. This typically involves using automated scripts to place small-value orders on eCommerce websites to test the validity of the card data; when they get a hit, they quickly move on to large-value transactions. Beyond the documented rise in credit card testing, Radial’s data showed that fraud climbed 30% year over year.*


“eCommerce merchants need to be able to recognize and halt card testing, or they may soon face growing fraud losses,” warned Monica Eaton-Cardone, co-founder and Chief Operating Officer (COO) of Chargebacks911. “Those who accept orders made with stolen credit card data are liable for the costs, including the merchandise loss, shipping, processing fees and chargeback fees. Even low-value transactions can add up to big losses, especially when they cause merchants to exceed a card network’s chargeback threshold.”


Eaton-Cardone advises merchants to watch out for orders that contain random character strings in the customer’s name, address and/or email fields. While transactions with invalid address fields are unlikely to be processed in the first place, they are often the first sign that a fraudster is using a retailer’s website to conduct card testing. To help identify and prevent credit card testing and related fraud, Eaton-Cardone urges merchants to take the following precautions:


  1. Use CAPTCHAs to deter bots. Order forms that use a CAPTCHA or Google reCAPTCHA can help protect eCommerce sites against credit card testing, as bots and automated scripts will not be able to submit the order without passing the CAPTCHA challenge.


  1. Validate the billing address via AVS. Use the Address Verification System (AVS) to ensure the address on the order matches the cardholder’s billing address. A mismatch generally indicates card testing or a fraudulent order.


  1. Confirm the CVV code. Always require a card verification value (CVV) code for all credit and debit card purchases, and flag any orders with an incorrect CVV. Not only should these orders be rejected, but the IP address should be added to fraud filters.


  1. Flag multiple order attempts from the same IP address. If an IP address is linked to multiple orders or transaction failures with different credit card numbers over a short period of time, it is likely a case of card testing or fraud.


  1. Review orders from foreign IP addresses. In addition to confirming the cardholder’s billing address, merchants should verify that the IP address is from the same country. Orders that have a non-U.S. IP address and/or shipping address should prompt further review.


“As fraud tactics continue to evolve, eCommerce merchants need to stay abreast of these developments to protect against losses,” stated Eaton-Cardone. She advises online retailers to take a multi-pronged approach to combating fraud, and to seek a partner with proven expertise in fraud prevention. She also counsels merchants to guard against revenue loss from other sources by engaging in dispute mitigation and chargeback management. “The key is to remain proactive; the more aggressive you are in protecting your financial interests, the more effective you’ll be in fighting fraudsters.”


Chargebacks911 is dedicated to educating and supporting eCommerce merchants in their efforts to maximize profits, reduce chargebacks and prevent fraud. To that end, Monica Eaton-Cardone and her team will be participating in a number of upcoming industry events, including MRC Connects Dublin, the IATA Global Fraud Prevention Event in Lisbon and TRUSTECH 2017 in Cannes. For details on Chargebacks911’s comprehensive risk management solutions, informative articles and other merchant resources, visit https://chargebacks911.com.


About Global Risk Technologies and Chargebacks911:

Chargebacks911 is a division of Global Risk Technologies, which is internationally recognized as a leading provider of comprehensive risk management solutions to the payment processing industry. With offices in Europe and the United States, Global Risk Technologies manages over 200 million transactions worldwide each month. Chargebacks911 is headquartered in Tampa Bay, Florida, and specializes in chargeback mitigation and dynamic loss prevention. Founded by merchants in direct response to rising chargebacks and friendly fraud, Chargebacks911 combines insider expertise with proprietary technology and deep analytics to isolate threats, resolve disputes and maximize revenue. From small merchants to the nation’s largest retailers, today thousands of businesses rely on Chargebacks911’s scalable, customizable and fully turnkey solutions to achieve sustainable growth and guaranteed ROI. For more information, visit https://chargebacks911.com.


* Groenfeldt, Tom. “Card Testing by Fraudsters Is Up 200 Percent This Year”; Forbes; May 1, 2017. https://www.forbes.com/sites/tomgroenfeldt/2017/05/02/card-testing-by-fraudsters-is-up-200-percent-this-year/

Advice Disclaimer. This information is not intended to be a substitute for professional public relations or legal advice. Do not disregard professional legal advice or delay seeking professional PR or legal advice because of something you have read here. Contact an attorney to obtain advice on any particular legal issue or problem. Use of this Web site or any of its e-mail links do not create an agency-client relationship between JoTo PR and the user.