At first, these small unauthorized credit card changes aren’t a big deal, the charges are small after all. But then you start getting calls from customers about purchases they never made. When the calls have subsided, you start adding up all the chargebacks and authorization fees and realize that this month’s profits—and maybe even this year’s profits—are down the drain. Unfortunately, you are not alone. Businesses of all sizes continue to be the victims of debit and credit card testing.
What is card testing?
Fraudsters use card testing to validate credit card numbers for later use. Testing typically falls into two types: testing card numbers that have been illegally obtained, or intelligently guessing card numbers based on a known bank identification number (BIN). Fraudsters will send a high velocity of fraudulent purchases to an unsuspecting merchant’s site to see if each card is active and approved. This process reveals which cards have been canceled or deactivated—and which ones are still valid. Once the canceled or declined card numbers are weeded out, fraudsters move on to make larger purchases or resell the validated information.
How do botnets work?
The advancement of botnet technology in recent years has allowed card testing to grow exponentially. Unlike manual testing—which is time consuming and labor intensive—fraudsters can program networks of compromised computers (botnets) to run thousands of transactions at a time. The velocity of these fraudulent transactions can rack up thousands of dollars in transaction fees in a matter of minutes, leaving the unsuspecting business holding the bill. Not to mention serious brand damage and a major tax on their time and resources.
Which businesses are at risk?
Card testing attacks often target small and medium businesses as well as organizations that accept donations or even tuition. Often these types of businesses and organizations lack the tools and technologies to protect themselves—making them easy prey. Businesses and organizations that don’t sell a physical good tend to be particularly vulnerable because they assume fraud isn’t a worry—the fraudsters know this and deliberately target them as a result. Take nonprofits for example. Since many nonprofit donation pages collect little information from donors, and fail to place minimum limits for giving, they provide an ideal environment for card testing and other types of fraud. Source
No comments:
Post a Comment