Last week, I posted an article about fake WooCommerce orders, which was affecting one of our clients. In explaining the reasons behind this type of cyberattack, we included one called “card testing”. Card testing is has emerged as a significant threat for businesses and consumers alike. Thus, in this article, I will discuss what card testing is and explore the reasons behind this troubling activity.
What Is Card Testing?
In a nutshell, card testing, also referred to as carding, is a fraudulent practice where criminals use randomly generated or stolen credit card information, to test whether the cards are valid and to determine their available balance. Essentially, it involves making small online purchases, of low dollar value, to check whether a stolen credit card transaction will go through. If so, this means that the stolen credit card (information) is still active and usable for larger purchases, leading to a much higher dollar amount of fraud.
How Card Testing Works
Data Acquisition
Criminals often acquire card details through a variety of means, including data breaches, phishing attacks, or purchasing stolen information from the dark web.
Automation
To carry out card testing efficiently, fraudsters frequently use automated bots or scripts that can execute multiple transactions in a short period. This automation allows them to test thousands of credit card numbers and information, in minutes.
Small Transactions
Card testers typically start with small dollar amounts (often less than $5) to minimize the risk of detection and avoid raising red flags by financial institutions.
Validating Credit Cards
If a small transaction is successful, the fraudster can then use the credit card information for larger transactions or sell the valid credit card information to other criminals.
Why Is Card Testing Being Done?
The motivations behind card testing are straightforward. Here is a list of those reasons.
Profit Generation
For cybercriminals, the primary motivation for card testing is profit. Once a valid card is identified, it can either be used for larger fraudulent purchases or sold on the black market for a substantial return. In many cases, when a card has been verified as “good,” it can be a gateway to stealing goods, services, or even money directly from bank accounts.
Anonymity and Low Risk
The anonymous nature of online transactions and the difficulties in tracing back card details make card testing an attractive proposition for fraudsters. With services like virtual private networks (VPNs) and proxy servers, criminals can conceal their identities and locations, further complicating efforts to combat these acts.
Popularity of E-commerce Transactions
The surge in e-commerce, accelerated by the COVID-19 pandemic, has provided fertile ground for card testing. As more individuals and businesses shift to online transactions, fraudsters seek to exploit this growing trend. The sheer volume of online card transactions creates more opportunities for testing undetected.
Weak Fraud Detection Systems
Although many businesses have implemented measures to combat fraud, there are still gaps in the fraud detection systems. This is particularly true for small online retail businesses who do not have large budgets to allocate toward thwarting online fraud.
How to Protect Yourself and Your Business
Mitigating card testing requires taking proactive measures. Here are some strategies that both consumers and businesses can adopt.
For Consumers
Monitor Your Accounts
Regularly check your bank and credit card statements for any unauthorized transactions.
Use Virtual Cards
Consider using virtual credit cards for online purchases to enhance security.
Enable Alerts
Set up transaction alerts with your bank to receive instant notifications of card usage.
For Businesses
Use Strong Fraud Detection Tools
Using advanced fraud detection and prevention systems can help identify unusual patterns that indicate card testing activities.
Limit Transaction Attempts
Employ measures to limit the number of concurrent transaction attempts from a single IP address within a specified period of time.
Verify Transactions
Implement additional verification methods, such as CAPTCHA or two-factor authentication at checkout, to reduce automated attacks.
So as you can see, card testing represents a serious threat in the realm of online transactions, with fraudsters constantly seeking to exploit online vulnerabilities.
EMAIL US