In the last few months, we have seen a noticeable increase in unsophisticated form of credit card testing, especially with our Yahoo Store merchants. “Card testing" happens when fraudsters use online stores as testing grounds for the credit card information they have. Usually, they don’t care about the actual goods or services being purchased during the transaction. Their only goal is to “test” the cards to make sure they have not been blocked/canceled and the credit limits have not been reached.
For example, we came across different variations of the following:
For example, we came across different variations of the following:
Name: weratawreta fsgsdfg
Address: dfgsdfgs
Miami, FL 33166
Email: dfdsfsdf@yahoo.com
Name: rtretertr trtrtrt
Address: 456 4ffdefs
544
los angeles, ca 90021
Email: hgfdfgff@gmail.com
These two cases are SO obviously fraudulent because of the gibberish information they contain, they are easy to spot. However, sometimes card testing can be a little more sophisticated and not so out rightly fake. Here are 5 other things that should help you determine whether you are under a card testing attack!
1. No AVS Match of CVV match
Since fraudsters only want to verify the legitimacy/credit limit of the cards, they don’t care if the orders actually pass muster. If you see many orders with gibberish data combined with a “N” for AVS response codes, these are likely card testing orders.
2. Same IP Address/Phone Number/Email Address
Definitely beware of the influx of orders coming from the same IP address/phone number/email! Often these card testing orders are automated (althouhg some are still done manually), and because they are not really looking for the order to go through, they do not bother changing the order details.
3. Non-US IP Address
Additional precautions should be taken for orders coming from abroad. Don’t just check where the billing address and shipping address are located, check where the order is coming from. Orders placed from non-US IP addresses (e.g. Venezuela, Nigeria, Ghana, etc.) still carry much higher risks. Be extra EXTRA careful if the physical addresses don’t match the IP address.
4. High Velocity
You know your traffic. You know how much marketing efforts you put it. It could be the new SEO algorithm your tech guy implemented. But before you jump for joy, make sure you do a sanity check. Is it realistic? Is it too good to be true? High velocity can mean two things in fraud: 1. your store has been targeted or 2. a “bot” is being used to carry out the attack.
5. Low Ticket Items
Many fraudsters know that merchants sometimes flag higher ticket transactions for review because of the higher potential loss. In the case of card testing, fraudsters go for low ticket items to try to stay under the radar.
In the next post, we'll talk about strategies for combating card testing!
In the next post, we'll talk about strategies for combating card testing!
