Card Testing and Digital Products: Small Tickets, Big Vulnerability?
Imagine you work for a cyber-criminal gang.
Your crew has just got its hands on a data dump with thousands of stolen records. You can make between $250,000 and $1 million by selling the stolen credit card accounts from within that data dump. In order to generate the most money, however, you need to test those accounts quickly.
- Stolen accounts that are active and have been confirmed as active with working cards can be worth up to 50 times more than unchecked credit card numbers (which is why card testing was up 200% in early 2017).
- The faster you can test and then sell the stolen accounts—before the legitimate cardholders become aware and cancel them—the more money you can get.
What type of eCommerce operation would make the best target for you and your gang?
|eCommerce Site||Fraudster Needs|
|Screen transactions for fraud||Provide baseline vetting / account confirmation|
|Process large numbers of transactions in a short amount of time||Use bots and/or automated tools to rapidly test large data sets|
|Accept small ticket orders without raising suspicion||Retain largest credit balance possible on stolen credit card account|
|Sell product with small or zero footprint||Minimize or avoid warehousing of stolen merchandise|
In the real world, you and your criminal conspirators know that this description fits many eCommerce sites that sell digital goods or digital products which is why you unleash your bots, automated tools and digital “mules” on unsuspecting digital goods merchants. And so do thousands of other fraudsters and cyber criminals, which is why fraud prevention has such a big impact on sellers of digital products.
- In-house fraud and chargeback management account for an average of $10.1 million per year for digital goods merchants, an average of 20% of digital goods merchants’ annual operational budgets.
- Digital goods merchants employ nearly five times the fraud personnel as physical goods merchants.
In addition to the loss of the digital goods, there are fees from chargebacks plus other problems, like TC-40 claims. TC-40 claims get filed every time a cardholder reports their card has been used fraudulently. These claims are reported to card brands and issuers. However, many issuers won’t process chargebacks for TC-40 claims below a certain amount (e.g., $20) because the chargeback fee will cost more than covering their loss on the transaction.
For this reason, merchants selling lower-cost digital products may suddenly get blind sided with complaints from customers that their credit cards are being declined for no apparent reason. This is because the processor has flagged the merchant’s site as an easy target for fraud due to all the TC-40 claims that have been filed (again, unknown to the merchant because they have not received any chargebacks). Or the digital products eCommerce merchant may receive notice from their processor that they are being fined or, even worse, that the processor will stop processing transactions altogether!
There are a number of practices that digital products merchants can implement to protect themselves against card testers, including:
- Multiple, advanced screening technologies that create more barriers for fraudsters.
- Multi-stage checks that deter fraudsters without impacting legitimate users.
- Chargeback alerts that provide electronic warnings as soon as TC-40 claims are filed.
- Account registration that provides more data for fraud screening and frustrates fraudsters.
- Biometrics that help screen out bots and other automated fraud tools.
- Two-factor authentication that provides a strong, final line of defense against criminals.
- Advanced AI and Machine Learning technology that help improve results in low-information scenarios, such as first-time fraud.
Want to know even more ways that eCommerce operations selling digital products can fight card testing and other forms of online fraud? Download the eBook “Fraud in a Digital World” and get more insights and strategies for beating fraud, reducing mitigation costs, and increasing sales in the digital goods world.