With the increasing popularity of online sales, merchants are also seeing a rise in fraud. Carding, which is when fraudsters test stolen credit and debit cards, is particularly effective. For anyone using an online shopping cart for sales on their website or a payment link for their customers, the biggest question is how to avoid fraudsters and maintain the integrity of your business and your merchant account. Luckily, there are some simple changes you can make to your account in order to better protect against these activities.
Why is carding a concern?
Carding is a type of fraud that involves an individual testing stolen credit card numbers to check their validity before making illegal purchases or transferring funds. Many times the fraudsters creates a bot to run hundreds or thousands of card numbers against a website. These card numbers are often obtained from security breaches on servers where the information is saved, or from malware and phishing attempts on individuals.
This is bad enough in itself, but it also creates a direct threat and risk of financial loss to the merchant’s business. If the carding event is not caught early on, the merchant may rack up thousands of transaction fees and greatly increase the risk of chargebacks. Even a declined transaction is subject to a transaction fee.
What can you do about it?
Many online shopping carts provide security settings that can be enabled to protect against fraudulent activity, but may not be enabled by default. It’s important to review and become familiar with the options for your system. Here are some common features that can greatly lower the risk of carding:
There are three important things to note about carding. First, these transactions are usually under $10. Second, these transactions usually decline. And finally, these transactions come through at incredible speed. With these three points in mind, setting your velocity limits can be a great response to the threat of carding. Most shopping cards will allow you to set a minimum purchase amount. Look for settings related to how many transactions are accepted within a certain time period, and how many declined transactions are permitted.
Often, carding is done by a bot user in order to maximize time and efficiency. A simple measure to take against a bot is to have your system challenge it. This is usually done through use of Captcha verification or acceptance of cookies. These are prompts that will come up when a user attempts a transaction in order to verify they are a legitimate user and not a program attempting to attack your page. Some websites even require users to create an account before checking out, instead of having a guest checkout option; this is yet another example of a disruptive mechanism to protect against bots. Captcha has become the most-recognized verification system and most shopping carts will offer these features in some form.
The easiest way to identify whether an individual is an authorized user for a card is to get extra verification; most commonly, this is CVV and AVS. CVV stands for Card Verification Value; this is the 3 digit code on the back of credit cards used to prove that the user has the physical card. AVS stands for Address Verification System; this is the zip code associated with the billing address for the card, ensuring the user knows the billing address when attempting a transaction. If CVV or AVS provides a mismatch, the transaction will be declined. Asking for pieces of information such as CVV and AVS is a common fraud-prevention measure and all shopping carts will offer this, usually by default.
What comes next?
The biggest sign of a carding attempt is a sudden influx of declined transactions on your merchant account. If you see this happening, contact us right away! We can set you up with a new shopping cart and go over your security settings to better protect your business from fraud. There are many options CardConnect offers for remote and online sales and services.Credit Card Processing, Security