Security reminder - protect your business from fraud attacks
Security reminder - protect your business from fraud attacks
May 2, 2025
Omair Mirza
Nearly half of merchants (47%) have lost customers and revenue to fraud and Checkout.com continues to see an increase in BIN, card testing, and enumeration attacks.
Fortunately, there are many methods available that can help prevent fraud and protect your customers. We’d like to share the latest practices to prevent card testing attacks and other types of fraud.
Top tips
Keep up to date with our managing fraud and risk blogs to understand how to balance fraud prevention against acceptance rates and protect your customers while letting good payments through
Consider enrolling in the Fraud Essentials Course, offered free to Checkout.com merchants through our partnership with the Merchant Risk Council. This course breaks the topic down into specific elements related to your business processes, showing how fraudsters can exploit parts of the customer journey
Have tested incident response plans in place and ready to use to respond to fraud events and contact your providers quickly if you or your customers experience fraud. The faster we know, the sooner we can help
Fraud prevention tactics
Monitoring and alerts
Monitor and review the language and time zone of your customers’ IP addresses and devices. This can help you detect inconsistencies in data such as mismatch of billing address and IP and flag these transactions as higher risk
Add IP addresses that have regular failed payment attempts to a block list for review
Look for account usage across multiple IP addresses. While these may not always show fraudulent behavior, you may wish to add these IP addresses to a temporary block list to review their activity
Set up alerting for high numbers of approved or decline transactions originating from a single BIN range
Consider implementing velocity checks on small or large transaction volumes – where card testing occurs this is usually for transactions with a value of below $10 or a local currency equivalent
Use anomaly detection to monitor transactions and sales patterns
Card authentication and validation
Use EMV 3D Secure (3DS2) to authenticate cardholders for high-risk purchases
Use 3RI authentication to authenticate Merchant Initiated Transactions such as subscription and recurring payments
Use AVS (Address Verification Service) and CVV (Card Verification Value) checks
Account security
Lock a user’s account if they make a high number of incorrect password or username attempts
Block users from using common or suspicious passwords, or regularly review logins that use these passwords
Review customer sessions for excessive bandwidth consumption, and look out for multiple transactions using different cards from the same email address or device ID
Use random pauses (throttling) when checking an account. This can slow down brute force attacks, particularly for BINs associated with high fraud
Payment page security
Use CAPTCHA control to prevent bots or scripts from making automated transactions on your payment pages, and consider investing in botnet detection and device fingerprinting systems
If you would like advice on implementing any of the above strategies, please contact your Checkout.com representative and we’ll be happy to assist you.
ABOUT THE AUTHOR
As Director of Scheme Relationships, Omair plays a pivotal role in bridging the gap between Checkout.com and the major card schemes – Visa, Mastercard, American Express, and JCB. With over 11 years of experience in scheme relationships, Omair is an expert at navigating the complexities of scheme requirements, helping you keep up to date on key changes that affect our merchants.