When it comes to retail fraud prevention, every transaction matters, no matter how small. A declined credit card purchase of a few dollars or even a few cents can be a sign that your retail or e-commerce company has been targeted by card testing fraudsters.
Article at a glance
- Card testing fraud involves obtaining stolen credit card information and using an automated script to parse through which cards are valid and which are invalid.
- Credit card testing can lead to an excessive number of support requests, infrastructural strain, and reputational damage.
- Mastercard’s Identity Insights for Card Cycling offers behavioral and device insights that can flag automated bot behavior and minimize the impact of card testing.
Credit card testing (or cycling) is a fraud tactic that involves using an automated script to “test” stolen card numbers by initiating small transactions, like e-commerce purchases or online donations.
As thousands of these cards are declined, fees stack up fast — and acquiring banks may start to take notice, flagging the targeted merchant as risky and potentially declining future transactions. Additionally, merchants face the headache of addressing chargebacks and disputes on the transactions that do go through. It’s death by a thousand cuts for a merchant’s bottom line.
Because the dollar values involved are so small, card testing fraud often flies under the radar. But that doesn’t mean you should let your retail or e-commerce company become an unwitting victim. Ultimately, you need a sustainable way to minimize the impact of card testing that doesn’t jeopardize the overall user experience for your customers.
Credit card testing: A user experience dilemma
For e-commerce brands, a frictionless user experience is vital. Your business probably invests significant resources in optimizing the checkout experience and reducing any barriers that get in the way of a smooth transaction.
But when it comes to preventing card testing, merchants are faced with the dilemma of stopping credit card testers in their tracks without jeopardizing the overall user experience.
The obvious solution to card testing threats is to put customers through a more extensive gauntlet of security checks for each transaction. When you notice increases in card authorization volume, false declines, or bank authorization mismatches, you can easily integrate CAPTCHAs, 3-D secure protocols, and other advanced security measures. However, these steps introduce more friction for the user, jeopardizing sales and the quality of the customer experience.
How merchants can fight back against card testing fraudsters
Common signs of a card cycling event in progress include an influx of authorization requests for inexpensive transactions and/or a spike in declines. However, your system should ideally stop fraudsters before they’re able to achieve noticeable transaction volumes.
In general, the goal should be to thoroughly monitor your checkout platform, evaluating every transaction for fraud potential. Some instances of card testing will be obvious — if a series of small purchases with different card numbers come in from the same user, it’s a clear indication that something fraudulent is afoot. However, fraudsters are typically more cunning than that, which means you need the help of behavioral analytics tools to assist you and your team.
Mastercard’s Identity Insights for Card Cycling can help by using behavior, device, and payment data to provide actionable insights for your fraud team. The reputation of a user’s IP address, the device they’re using, and other behavioral patterns paint a comprehensive picture of a user — even if this is their first time interacting with your brand.
This increased visibility pays dividends when it comes to both user experience and security. If you flag several transactions from the same IP address in a short period of time, additional friction and security checkpoints make sense. But if another transaction has none of these warning signs, you can keep your baseline security measures in place without needing to press the issue further.
Identity Insights helps you strike right balance between UX and security
Card testing fraud is inherently problematic because of its volume, but that doesn’t mean there aren’t steps you can take to minimize its impact. Leveraging identity and behavioral tools can help you get ahead of fraud before your network is flooded with hundreds or thousands of declines.
These tools can help catch any hint of automated behavior the moment it pops up in the checkout process. With a nuanced approach to managing risk, your business can balance security and UX priorities — mitigating fraud while preserving a frictionless checkout experience.
