Nearly half of merchants (47%) have lost customers and revenue to fraud and Checkout.com continues to see an increase in BIN, card testing, and enumeration attacks.

Fortunately, there are many methods available that can help prevent fraud and protect your customers. We’d like to share the latest practices to prevent card testing attacks and other types of fraud.

Top tips

• Keep up to date with our managing fraud and risk blogs to understand how to balance fraud prevention against acceptance rates and protect your customers while letting good payments through
• Consider enrolling in the Fraud Essentials Course, offered free to Checkout.com merchants through our partnership with the Merchant Risk Council. This course breaks the topic down into specific elements related to your business processes, showing how fraudsters can exploit parts of the customer journey
• Have tested incident response plans in place and ready to use to respond to fraud events and contact your providers quickly if you or your customers experience fraud. The faster we know, the sooner we can help

Fraud prevention tactics

Monitoring and alerts

• Monitor and review the language and time zone of your customers’ IP addresses and devices. This can help you detect inconsistencies in data such as mismatch of billing address and IP and flag these transactions as higher risk
• Add IP addresses that have regular failed payment attempts to a block list for review
• Look for account usage across multiple IP addresses. While these may not always show fraudulent behavior, you may wish to add these IP addresses to a temporary block list to review their activity
• Set up alerting for high numbers of approved or decline transactions originating from a single BIN range
• Consider implementing velocity checks on small or large transaction volumes – where card testing occurs this is usually for transactions with a value of below $10 or a local currency equivalent  
• Use anomaly detection to monitor transactions and sales patterns

Card authentication and validation

• Use EMV 3D Secure (3DS2) to authenticate cardholders for high-risk purchases
• Use 3RI authentication to authenticate Merchant Initiated Transactions such as subscription and recurring payments
• Use AVS (Address Verification Service) and CVV (Card Verification Value) checks

Account security

• Lock a user’s account if they make a high number of incorrect password or username attempts
• Block users from using common or suspicious passwords, or regularly review logins that use these passwords
• Review customer sessions for excessive bandwidth consumption, and look out for multiple transactions using different cards from the same email address or device ID
• Use random pauses (throttling) when checking an account. This can slow down brute force attacks, particularly for BINs associated with high fraud  

Payment page security

• Use CAPTCHA control to prevent bots or scripts from making automated transactions on your payment pages, and consider investing in botnet detection and device fingerprinting systems

If you would like advice on implementing any of the above strategies, please contact your Checkout.com representative and we’ll be happy to assist you.

‍