As business owners begin to settle into a more digital world and adjust to the new normal, there are some needed adjustments to combat the increase in digital data. With more and more data circulating, it, unfortunately, adds the chances of cardholder information being stolen. One of the cons that saw a significant increase is called Fraudulent Authorization Testing, or Auth Testing.
Auth testing is when a stolen credit card number is tested by running a small transaction on the merchants’ payment system. If the transaction is authorized the charges start to become higher and higher.
With the use of bots and other applications, hackers can test anywhere from hundreds to tens of thousands of stolen credit card numbers on a single digital payment gateway. With eCommerce more popular than ever and at this point, almost a necessity, the fraudulent activity can cost business owners a considerable amount of money since each attempted transaction comes with an authorization cost.
There is no one way to combat fraudulent authorization testing, with that said, these are some suggestions to have a multi-layered approach.
Tools to Help Defer Fraud
Firewalls – Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules and transaction parameters.
CAPTCHA or reCAPTCHA – A program or system aimed at distinguishing human input from bots with images.
Honeypots – Decoy systems that operate alongside production systems that lure in fraudsters.
Device Fingerprinting – Helps identify bots with technology that detects the originating device.
Keystroke recognition – A biometric tool that uses the unique manner in which an individual types to recognize as human and not a bot.
Steps To Consider
Ensure HTML source code is hidden. Coders may leave HTML source code exposed or accessible, leaving a door wide open for fraudulent auth testing. It is important to ensure your source code is well hidden. Using tools like CAPTCHA can help, just know that it may require the help of a developer to disguise these codes from fraudsters.
Require more information for payment fields. Many pay fields will require the credit card number itself and leave out the rest of the information. When adding in email addresses, phone number and cardholder addresses make auth testing less likely as hackers would have to take the time to build a much longer script with the additional information to obtain authorization. Our Software Technical Support (STS) team can install tools like Address Verification Service (AVS) to help confirm and require additional information in the fields is a match.
Continually monitor transactions. Since authorization testing typically happens in large groups of transactions within a small period of time, set hourly or daily velocity limits within your payment gateway. The goal is to specify an upper limit of expected transactions to occur within the selected timeframe to a specific IP address. Continually review high-ticket transactions or unusually low-ticket transactions. Business owners can set a transaction threshold that, if the transaction seems oddly low or much higher than their average transactions, can automatically decline the transaction or pend for later manual review prior to attempting the authorization.
Scan systems. Check for malware or spyware regularly.
How We Can Help
Fraud is a challenge to everyone as eCommerce takes over. Platinum Payments continues to stay a step ahead to help decrease the risk of fraud attacks on customers’ websites from the onset of boarding.
It is important to note that our Website Development Team ensures there is a secure checkout page.
Additional fraud filters, such as CAPTCHA, are a business’s decision and responsibility to add.
The first rule of fighting authorization fraud is calling 866-921-2982
The second rule of fighting authorization is using Converge.
Converge is a very robust Omni commerce software equipped with several of the tools available, and accessible via the settings tab.