Recently, we’ve been experiencing a surge of Card Testing fraud attempts on our clients’ WordPress sites with e-commerce functionality. This phenomenon seems to be on the rise.
What is Card Testing?
By phishing and/or fraudulently collecting lists, fraudsters end up with lists containing hundreds or thousands of credit card numbers. They need to confirm whether these credit card numbers are valid, before they can make real purchases (online or offline).
M.O. (modus operandi)
Of course, scammers don’t spend their entire day filling out payment (“checkout”) forms. Therefore, they look for websites offering e-commerce and payment forms that are vulnerable or easy to exploit. Then, using bots (automated scripts), they automatically fill out forms testing each of the credit card numbers on their list to find out which numbers are valid.
Are you a bot?
Typically, people don’t get excited when they have to click on the “Are you human?” checkobox or figure out an unreadable code in a web form. Let’s be honest: in a fast-paced world, this feature seems to be more of a waste of time than a benefit. However, this is still the easiest way to minimize the risk of being attacked by this kind of fraud. If your checkout page doesn’t contain any bot-blocking technology, such as a Captcha or reCaptcha, the chance of getting your site targeted for this type of fraud is dramatically higher.
Closing your merchant account
In most cases, e-commerce site owners who are vulnerable to card testing only find out when their payment service provider sends them an email alerting them that they are a victim of this type of attack. Sometimes the period of time given by payment service providers to fix the issue is very short, and the account may even be temporarily suspended. When this happens, it will definitely have an impact on your business and your revenues. It is essential to determine if you are at risk and take the necessary steps to address the situation. As the saying goes, “better safe than sorry”!
Validate or correct the problem
Not sure how to check if you’re at risk or how to correct the problem?