Stolen Credit card numbers are all the rage these days ever since the chip card (EMV) initiative began. Fraud Alert ! It seems that data encryption inherent in the new EMV activated point-of-sale devices has forced fraudsters to move to ecommerce sites, using their “card testing” schemes. Fraud rings have developed specialized servers that program scripts to reach out to ecommerce-enabled web sites to run large batches of card numbers to determine whether a card number is valid. We have seen this happen multiple times – primarily affecting small nonprofits, but any ecommerce merchant is vulnerable – ostensibly due to the fact that these smaller organizations are not keeping their eye on the ball when it comes to reviewing the activity coming through their website. Thousands of authorizations can be run in very short time that can be quite costly to the merchant. For example, an automated program that can run 20,000 requests through a website could cost the merchant 5 to 10 cents for the gateway fee plus another 10 cents or so from the merchant service provider resulting in up to $4,000 in costs to the merchant. Here are some stats about this type of fraud: 200% increase in card testing this year versus 2016; 30% year-over-year increase in online fraud; $264 billion in false-positive transactions.
The solution: set the velocity filter from within the payment gateway interface, which would quickly terminate authorization requests from that IP address. If you have questions about how to set your fraud filter, please, reach out!