Home
>
Merchant Communications
>
Security Reminder - Identify fraud and protect your business from card testing, brute force, and BIN attacks

Security Reminder - Identify fraud and protect your business from card testing, brute force, and BIN attacks

Nov 8, 2023
Stacey Ruggles

It has been widely reported that there has been a dramatic increase in payment fraud over the past 5 years. Fraud continues to grow, adapt, and put pressure on businesses to keep up with the ever-increasing complexity of attacks. Regulators, acquirers, and payment providers have also had to keep up with the changes and address new fraud risks as they emerge. 

Checkout.com would like to remind you of best practices to help prevent these attacks and other types of fraud across all card schemes.

What can you do to prevent attacks?

  • Make sure your business is aware of the risks associated with accepting payments online
  • Have incident response plans tested and in place ready to use should you need them
  • Contact your service provider quickly if fraudulent activity occurs
  • Implement fraud prevention tactics

What fraud prevention tactics could you apply?

  • Monitor and review the language and time zone of cardholders’ IP addresses and devices. This near-real-time authorization monitoring can help you detect anomalies or inconsistencies in the data and flag these transactions as higher risk
  • Add any IP addresses that have regularly failed payment attempts to your fraud block list for review

  • Use EMV 3DS (3DS2) checks
  • Use 3RI to authenticate MITs with 3DS
  • Lock a user’s account when multiple incorrect password/username attempts have been made
  • Monitor the IP address of a single account login. If the account is being used across multiple IP addresses, review and analyze if this is legitimate
  • Block the use of common or suspicious passwords and review any logins that use these currently
  • Review customer sessions for excessive bandwidth consumption. You can also monitor tracking elements for multiple transactions using the same email address and device ID but with multiple different cards
  • Use random pauses (throttling) on account checking and increase these checks on BINs that see higher fraud attempts
  • Implement CAPTCHA and RECAPTCHA controls along with botnet detection and fingerprint authentication
  • Think about implementing velocity checks on lower transaction values as well as large value items
  • Use Address Verification Service (AVS) and Card Verification Code (CVC) checks
  • Use anomaly detection to monitor transactions and sales patterns

How Checkout.com can help

See more about our 3D Secure Authentication tool

We also offer Fraud Detection

Return to Home

Unlock your payments potential today

Contact us