Carding: Fraud That Impacts Merchants

For merchants, battling against credit card fraud is an ongoing task when trying to run a business. But a type of fraud called “carding” is proving to be more than just a headache.

Merchants across the United States, who are victims of this type of fraud, are being caught off-guard by thousands of test transactions coming through their website. These fraudulent transactions negatively impact a merchant’s business. Carding costs owners time, money and can even take down their eCommerce site which impedes their overall operation. But it is preventable.

What Exactly is Carding?

Carding is a form of credit card fraud in which a credit card or debit card is stolen, tested, and then sold illegally to others or are used to purchase products or gift cards that can eventually be turned into cash.

Carding typically starts when a fraudster finds a business whose credit card processing environment, payment page, or eCommerce site is vulnerable. The fraudster obtains a list of credit and debit cards and security codes (CSC or CVV codes), and then tests the cards – typically by the thousands. The fraudster then sells the verified stolen card numbers, identities and false logins to carders on “carding forums”. These lists are then used for larger purchases elsewhere which is a problem in itself, but the testing is also costing merchants unnecessary fees, chargebacks, and time sorting all these issues out.

Unfortunately, the United States is a large target for card fraud because card use is so common and because cards typically only have a magnetic stripe or require chip and signature technology, rather than the chip and personal identification number (PIN) technology which would offer more protection to cardholders and merchants. Fraudulent transactions can cause loss of inventory and chargeback fees from illegitimate purchases, and authorization fees in addition to chargeback fees from card testing, which both scenarios are harmful to a business. But there are ways that both consumers and merchants can stay educated and take measures against this type of fraud.

How Can You Protect Your Business from Carding?

1. Perform an Address Verification Service (AVS) Match

The resulting code will inform you whether the address mentioned on the checkout page matches the cardholder’s billing address. Do not ship to addresses other than the matched billing address for the highest level of protection.

2. Implement reCAPTCHA Technology

This will help ensure that every action is taken by a human and not an automated script or robot. Other alternatives exist to help detect bots or automated scripts.

3. Set a Minimum Transaction Amount

Most carders initiate transactions between $0.01 and $15 to verify the authenticity of the stolen card. Be sure to set reasonable limits to help detect fraud.

4. Implement Fraud Filters

Add third party or built-in fraud filters on payment gateways, shopping carts, or even use external services to help validate the data. These fraud filters will let you accept or reject transactions that seem risky by scoring transactions based on a number of additional factors.

Merchants need to maintain an ongoing assessment of their payments environment to ensure the security of their eCommerce sites, so this type of fraud doesn’t happen to them.

Learn How i3 Commerce Technology Can Help Protect Your Business:

Contact us online or call 1-800-621-8931.

Check out i3 Commerce Technology’ newsroom.