Card testing is a old one but good one. Card testing has a long history and serves mainly two purposes for fraudsters:
1: Understanding if the card has been deactivated already
2: Understanding if the card has a remaining balance than can be exploited
This fraud pattern has left the real world and most of this behaviour exists in online payments only as no fraudsters want to be caught in real life and take the risk of arrest or identification with a stolen card.
The analytics of this cards behaviour is simply when you understand how this process works.
Either the card numbers have been stolen, bought off the dark web or someone has worked out how to understand card string numbers. This is usually easier for gift cards when you can usually see the card numbers on the subsequent cards hanging on the shelf of most convenience stores that sell these.
Often real and good merchants are used to test these. There is next to no consequence for the merchant or criminal here outside of chargeback fees that the merchant may need to pay when these small transactions are disputed. The real fraud transaction is done for a much larger transaction elsewhere.
It is highly recommended for merchants to refund these small transactions as soon as possible to avoid chargeback fees and reputation damage with the schemes.
Card testing, also known as carding or card checking, is a fraudulent activity where criminals test the validity of stolen credit or debit card information. This is done by making small, often unnoticed transactions to see if the card details are still active and can be used for larger fraudulent purchases. Here’s a breakdown of how card testing typically works:
- Acquisition of Card Details: Criminals obtain card details through various means, such as data breaches, phishing scams, or purchasing them on the dark web.
- Small Transactions: They perform small transactions, often with low-value amounts, to avoid detection. These could be online purchases, donations, or any other type of payment.
- Monitoring Responses: The criminals monitor whether the transactions are approved or declined. Approved transactions indicate that the card is active and can be used for larger fraudulent activities.
- Escalation: Once the card is confirmed to be active, the criminals may use it for larger purchases or sell the validated card details to other fraudsters.
Indicators of Card Testing:
- Multiple small transactions in quick succession.
- Use of multiple cards
- Unusual or frequent attempts from different IP addresses or locations.
- Declined transactions followed by approved small transactions.
Impact:
- Financial loss for cardholders and merchants.
- Increased chargebacks and fraud-related costs for businesses.
- Damage to the reputation of merchants and financial institutions.
Prevention:
- Implementing fraud detection systems that identify unusual transaction patterns.
- Using CAPTCHA to distinguish between human and automated transactions.
- Requiring additional verification steps for small transactions, such as CVV or 3D Secure authentication.
- Monitoring and flagging multiple small transactions from the same card or IP address.
By understanding and identifying card testing behaviour, businesses can better protect themselves from chargeback fees and reputation damage with the card schemes.
