Fraud testing, although known as auth (authenticity) testing, is the practice of testing a credit card to see if it is still active and working. It’s a vulnerability test executed by fraudsters as the first step in exploiting businesses for criminal financial gain. They use stolen credit cards or stolen credit card data and attempt to execute a small transaction that will likely go unnoticed. If the transaction is successful, the fraudster knows that they can try to use their stolen card to take a larger amount. That’s why it’s important that merchants know how to combat this kind of activity. Here are five best practices experts recommend to help fight fraudulent auth testing:
Monitor Extremely Small or Large Transactions
Oftentimes fraudsters will charge tiny amounts to check whether a credit card is viable. These may be low dollar amounts or even just a few cents. They hope they’ll go unnoticed, so pay close attention for such unusual transactions. Look for unusually large transactions as well, that could be acts of blatant theft. Being vigilant is the key. One way technology can help is if the merchant sets transaction amount thresholds. Then when very high or very low transactions are made the system will automatically decline them or set them aside as “pending” for later manual review, before authorization of payment.
Vet Outside Vendors Carefully
Many fraudsters gain access or find loopholes they can exploit via merchant vendors. Then they deploy tactics such as auth testing of credit cards to attack. Naturally, third-party outside vendors can be valuable partnership assets when businesses need help to develop e-commerce websites or handle credit card processing. But be sure to vet them carefully. Verify that they follow best practices and utilize the latest, most advanced security technologies and protocols and keep computer source codes completely hidden. Otherwise, it can create dangerous vulnerability.
Limit Unauthorized Access to Payment Systems
It is also recommended that tools to detect bots versus human inputs be utilized, such as reCAPTCHA image identification programs. These prevent fraudsters from deploying bots to perform auth tests. Device fingerprinting technology and key stroke recognition tools can also help identify bots. Business networks should also use strong firewalls to control incoming and outgoing traffic, based on preset security rules and transaction parameters.
Use More Complex Pay Fields
Merchants can also inhibit auth testing by setting up more complicated “pay fields” or required information inputs from customers. Instead of merely requiring credit card information, for example, additional info such as email addresses or phone numbers can be requested. That makes it harder for fraudsters to penetrate the system and use a stolen card.
Scan for Malware and Spyware
Although it may seem quite basic, scanning for malware and spyware is still essential. Sometimes these most fundamental precautions are inadvertently neglected, or scans are simply not conducted frequently enough. But performing them on a regular schedule can be one of the first lines of defense against fraud.