It can be challenging to know what payment fraud defense strategies you need based on the varying types of fraud attacks. Our Loss Prevention teams offer guidance for combating one of the fastest growing forms of eCommerce fraud – authorization (auth) testing.
How it works
Fraudsters attempt to test stolen payment card numbers with a small online purchase on an unsuspecting merchant to see if the stolen number can be authorized. If it does, the fraudsters quickly start racking up bigger charges on the stolen card. Since every transaction comes with an authorization cost, this fraudulent activity can cost you valuable dollars and put your business at risk of chargebacks, lost revenue and a decrease in customer trust.
Common indicators of fraudulent auth testing
- Unusually high card-authorization volume for low dollar amounts in a short period of time. Many fraudsters auth test for as little as one penny.
- High identical authorization request volume.
- A significant increase in declines and specific decline codes.
- A significant increase in issuing bank/payment brand authorization mismatches.
If you identify any of these fraudulent auth testing indicators, contact Software Technical Support at 800-377-3962.
- Set hourly or daily velocity limits within your payment acceptance platform and monitor for large groups of transactions within a short period of time.
- If you use an outside vendor to develop your eCommerce website, make sure no HTML source code is left exposed or accessible.
- Require more than card information for payment authorization. Include pay fields for email address, phone number and cardholder address.
- Scan systems for malware or spyware regularly.
- Consider employing some of these common fraud-deterrent tools:
- Firewalls – Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules and transaction parameters.
- CAPTCHA or reCAPTCHA – Program or system that uses images to distinguish human input from bots.
- Honeypots – Decoy systems that operate alongside production systems that lure in fraudsters.
- Device fingerprinting – Technology that detects the originating device to help identify bots.
- Key stroke recognition – Another biometric tool that uses the unique manner in which an individual types to recognize as human and not a bot.
Article Originally Published in Elavon’s U.S. Payment Smart Newsletter