You may not even be aware, but if you accept any form of payment on your website, bots may be testing fraudulent card numbers this very moment – and it could cost you some serious dollars. We posted a blog about the rising trend in stolen card testing earlier this year, but I thought I’d address the subject again as we are seeing a significant rise in card testing on the ecommerce sites of small and medium businesses (SMB).
Cybercriminals often test stolen card numbers on websites to make sure they are valid for purchasing large ticket items elsewhere. Typically, they will use bots that make a purchase for a nominal amount (e.g. $1) on unsuspecting websites. The bots will test hundreds to thousands of stolen cards in a short period of time. If the charge is accepted, they know the card is valid. The next step will be to charge a larger purchase on someone else’s.
SMB websites are particularly attractive targets as cybercriminals believe, and rightfully so in many instances, that those sites are less likely to be protected against fraudulent card testing. The gateway and authorization fees can quickly add up – regardless of whether the transaction is approved or declined. Some payment processors (Wind River included) will work with you to reverse charges before they hit a cardholder statement to avoid chargebacks. While the transactions may be fraudulent, the authorizations are real, and those costs fall to you unless you prevent them in the first place.
The good news is a simple addition to your website can help you reduce bot testing. The great news is this simple addition costs you virtually nothing beyond the time to implement.
Our number one recommendation is to work with your developer to implement bot prevention using reCAPTCHA or another “CAPTCHA” product such as hCaptcha. These tools can typically be implemented in a short amount of time and are effective at mitigating fraudulent card testing.
Thanks to the sharp increase in ecommerce transactions prompted by the pandemic, this type of fraudulent activity will continue to grow. But you can protect your website and the size of your payment processing invoice by taking steps to block as many bots as possible!
reCAPTCHA – https://developers.google.com/recaptcha/intro
hCaptcha – https://www.hcaptcha.com/