Card testing fraud (AKA “carding,” “account testing,” or “card checking”) is a method by which fraudsters check for or “test” the validity of stolen credit or debit cards before conducting card-not-present fraud. To help explain this common but complex fraud vector, let’s explore this phenomenon from both the fraudster's and merchant’s perspectives.
If you are already familiar with how card testing works as well as its negative impact on merchants, scroll down to the solution section where you’ll find actionable steps you can take today to prevent card testing from harming your business.
The best way to understand the ins and outs of card testing is to put yourself in the fraudster’s shoes.
Imagine for a moment that you’re a fraudster scrolling through the dark web, browsing for stolen credit card data to purchase. You find a batch of credit card numbers that have been stolen during a recent data breach of a popular online retailer. After haggling with the seller, you decide to purchase 10,000 stolen credit card data.
Because banks deactivate credit and debit cards frequently, however, you know that a good number of these purchased credit card credentials won’t actually work. The challenge now is to determine which stolen credit cards are useless and which ones are still active. This is where card testing comes into play.
To quickly weed out the deactivated cards, the fraudster finds an unsuspecting online merchant and, using bots to accelerate the process, makes small purchases on every card. Fraudsters intentionally make small purchases from inconspicuous merchants so as not to raise suspicions from cardholders. If the purchase does not go through, they remove the card info from their file. If the purchase does go through, they either sell the card’s data on the dark web for more money or make larger fraudulent purchases on the card down the road.
There’s a common misconception that fraud and other financial crimes are victimless. This could not be further from the truth. The consequences for merchants that fall victim to card checking are enormous. In fact, a number of small and medium-sized businesses have even had to shut down their operations as a direct result of card testing fraud.
Let’s take a look at the situation from the merchant’s perspective to understand the negative impact of this crime. Remember, in this context, a merchant is “any type of business that accepts card payments in exchange for goods or services.”
Imagine your baking skills have earned you a wonderful reputation and you’ve decided to open the first gluten-free cupcake shop in your community. So far, things are going great and your business is processing about 200 online transactions a day.
This morning, however, you noticed a disturbing anomaly. Your Point of Sales system is processing thousands and thousands of transactions an hour. Even on your busiest day, you aren’t making those kinds of numbers. Even stranger, these transactions are taking place rapid fire, one after the other.
For a moment, you wonder if all of your marketing efforts have finally paid off. Soon, reality sets in, and you realize that something must be wrong. To make matters worse, angry cardholders from around the country are calling you and asking why your small business is appearing on their credit card statements without their consent.
After contacting your POS (point of sales) provider, you learn that you are a victim of card testing. While the credit card company will reimburse the cardholders who dispute these fraudulent charges, you’re still on the hook for all of the transaction fees and chargebacks for every fraudulent transaction. Because there were so many card checks, this one incident has wiped away months of hard work and completely emptied your savings.
To complicate matters further, the actual operations of your business are now under strain. How can you serve your legitimate customers when you can’t figure out which transactions are real and which are fraudulent? As a direct result of card checking, you have no choice but to close your business.
Sadly, the nightmare scenario described above is a reality for far too many business owners. For victims, it can be difficult to identify both the short-term and long-term consequences of card checking. For a more detailed view, here is a helpful list from Stripe of the negative impacts of card checking:
Although this blog has focused primarily on smaller merchants because they experience the most outsized impact of card checking, it’s important to note that even larger multi-national merchants with robust fraud controls have fallen victim to card checking. In fact, without identity-proofing technology, any merchant can fall victim to this pernicious crime. That’s why every merchant needs to take measures to protect themselves.
Whether you’re a small business owner or a fraud exec at a major merchant, you need to protect your business from card testing to protect your bottom line. Fortunately, with Prove’s technology, you can easily identity-proof your customers without adding friction to the customer journey.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.