Ecommerce websites are increasingly being used by fraudsters to test cards, in a process called carding.
They find an online service or shop that typically has lots of low-value transactions and the fewest hurdles to get over. They then run an automated script, which keeps testing potentially thousands of cards to repeatedly try to secure authorisations.
A successful authorisation, however small, is enough to show the card details are valid and active – and can be used for more extensive fraud elsewhere.
Brian Kinsella, Elavon’s senior regional fraud manager, said: “We often see that the types of businesses that fall victim to carding attacks are small companies that may not have invested heavily in website security.
“By taking a few simple, low-cost steps, you can prevent your business from falling foul of carding and any card fees for excessive declines.”
As well as inadvertently supporting criminals – ranging from hackers to international terrorists – in their attempts through apathy, ignorance or negligence of your security, you risk damaging both your reputation and bottom line.
If details emerge down the way that larger fraud was carried out because of carding on your site, you could find yourself exposed and vulnerable to reputation and legal implications. On the other end of that extreme, businesses also face additional fees for excessive authorisations and declines from Mastercard.
“It’s solely the responsibility of your business to have taken additional security checks to expose and prevent carding,” says Brian. “We can support you on that, but we don’t reverse transaction charges if you haven’t taken the appropriate measure to fully protect against carding.”
There are many ways you can protect your business from fraudulent carding activity.
For more about carding and protecting your business from fraudsters, check out Visa’s advice.
Please contact your gateway provider to ensure your website is secure and protected from carding attacks.