Online payment fraud will exceed $206 billion by 2025. As online payments become more widespread, the reality is that card fraud will increase too.  

Fortunately, there are steps that your business can take to help prevent fraud events and protect your customers. We’d like to remind you of the best practices to help prevent card testing attacks and other types of fraud.

What you can do to prevent attacks

• Be aware of the risks associated with accepting payments – read our managing fraud and risk blogs to find out how to balance fraud protection and approval rates
• Have tested incident response plans in place and ready to use to respond to fraud events
• Contact your providers quickly if you or your customers experience fraud – the faster we know, the better the chance we can put action in place to protect your business

Fraud prevention tactics

• Monitor and review the language and timezone of your customers’ IP addresses and devices. This can help you detect inconsistencies in data such as mismatch of billing address and IP and flag these transactions as higher risk
• Add IP addresses that have regular failed payment attempts to a block list for review
• Use EMV 3D Secure (3DS2) to authenticate cardholders
• Use 3RI authentication to authenticate Merchant Initiated Transactions such as subscription and recurring payments
• Lock a user’s account if they make a high number of incorrect password or incorrect username attempts
• Monitor for account usage across multiple IP addresses. This may not always be fraudulent behavior, but could indicate the need for more investigation
• Block users from using common or suspicious passwords and review logins that are using these currently
• Review customer sessions for excessive bandwith consumption, and look out for multiple transactions using different cards from the same email address or device ID
• Use random pauses (throttling) on account checking and increase these checks on BINs that see higher fraud attempts
• Implement CAPTCHA and RECAPTCHA controls, botnet detection, and fingerprint authentication
• Consider implementing velocity checks on lower transaction values as well as high-value purchases
• Use AVS (Address Verification Service) and CVV (Card Verification Value) checks
• Use anomaly detection to monitor transactions and sales patterns

How Checkout.com can help

3D Secure Authentication

Fraud Detection

Implement our Risk SDK on your payment pages