The site you requested may not be relevant in your area.

country flag
Skip to main content

 

Over the past year, we have seen a steady rise in fraudulent Card Authorization Testing. This activity – also known more simply as auth testing – occurs when fraudsters steal a credit card number then test it with a small purchase on an unsuspecting merchant to see if the transaction gets authorized. If it does, then they start racking up bigger charges on the stolen card number.

To make matters worse, the existence of software applications, known as bots, can be programmed to test anywhere from hundreds to tens of thousands of stolen payment card numbers on a single digital checkout site. The bot allows the fraudster to automate the transactions at a rapid speed, testing the account status of the stolen payment card numbers.

With eCommerce more prominent than ever, this fraudulent activity can cost you valuable dollars, as every transaction comes with an authorization cost. It is important to be aware of the risk and costs to your business associated with fraudulent auth testing, along with ways to help combat it.

Five preventive measures

Here are several things you can do to minimize the risk of falling victim to fraudulent auth testing.

• Continually review high-ticket transactions or unusually low-ticket transactions. Many fraudsters auth test for as little as a penny. Business owners can set a transaction threshold that, if the transaction seems oddly low or much higher than their average transactions, can automatically decline the transaction or pend for later.
• Require more information when setting up pay fields, which will make things more difficult for auth testing. Many pay fields simply require the credit card information, but adding in email addresses, phone numbers and addresses make auth testing less likely as fraudsters need to build a much longer script with all that information.
• Since authorization testing often happens in large groups of transactions within a small period of time, set hourly or daily velocity limits within your payment acceptance platform. The goal is to specify an upper limit of expected transactions to occur within the selected timeframe to a specific IP address.
• Be especially cautious if you use an outside vendor to develop your eCommerce website. Coders may leave HTML source code exposed or accessible, leaving the door wide open for fraudsters to auth test thousands of cards through your website. Talk to your vendor about making sure your source code is well hidden.
• Scan systems for malware or spyware regularly.

Please note that if you use Converge, most of these security measures are built-in options within the platform that just need to be enabled. I can help you get these security settings turned on if you give me a call. If you use a different company for online payment acceptance, we encourage you to contact them to find out what security settings are available to you.

 

Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7. 

This contact form is for CA customers only. If you are looking for one of our other locations, please visit elavon.ca/country-selector.html to find your country or region. 

Form submitted successfully

An Elavon representative will reach out to you shortly

Please fill the required fields and submit again


I agree to receive news, information and updates via electronic mail; phone calls and text message from Elavon Canada. You can withdraw your consent at any time by contacting us or clicking on the unsubscribe link in any email you’ve received from us.

Please refer to our privacy policy or contact us for more details.

Sales

Monday - Friday
9:00 AM - 7:00 PM EST
1-844-352-8661

Customer Service

Available 24/7
1-866-310-3345