Why Online Food & Beverage Businesses Are Prime Targets for Card Testing Fraud (And What To Do About It)
Data breach after data breach is making millions and millions of stolen credit card accounts available on the Dark Web.
- Credit card numbers recently stolen from a leading QSR just went on sale on the Dark Web for $25-$50 per account (they’re fresh, so they cost more).
- One “card” shop advertised nearly 20 million stolen credit card numbers for sale at once.
- Prices of stolen credit card accounts on the Dark Web have actually dropped from $4 to $1 per account due to oversupply and aging.
With so many cards for sale, criminal gangs and fraudsters worldwide are buying stolen credit card accounts in batches of hundreds and thousands on a daily basis. And as noted above, fresh cards sell for more because stolen accounts become less usable as they age.
Sophisticated fraudsters know this and avoid using just-purchased stolen cards on the sites where they want to fraudulently obtain high-value or high demand goods. Why? If the accounts have been canceled or otherwise flagged as stolen, the fraudsters could be detected by the merchants’ antifraud systems. To avoid premature discovery, fraudsters engage in low-level card testing (also known as “carding”) to make sure that when they do go for the “big score,” they don’t get identified as a source of fraud and get blocked from future transactions.
Of course, fraudsters and criminal gangs want to maximize the amount of credit remaining on stolen accounts after testing. And that’s where quick service restaurants (QSRs) and restaurants come into play. For these merchants, small online transactions are quite common in the normal course of business. And because these small-ticket transactions (sub- $20) don’t attract scrutiny, QSRs and restaurants have become prime targets for card testers.
(It should be noted that there are other prime targets for card testing, too. For example, nonprofits, digital goods and download sites, games/gaming sites, etc.—basically anywhere a fraudster can make a small, sub-$20 trial purchase without arousing suspicion and confirm that the stolen credit card account has not been shut down.)
With online card testing often taking place at automated speeds, issues can pile up rapidly for QSRs and restaurants:
- Hundreds of chargebacks and/or TC-40 claims
- Operational disruption as kitchens prepare food for fraudulent “test” orders
- Higher fees as card-not-present chargebacks contaminate the general merchant account
Fortunately, enterprise-class fraud antifraud systems that employ best practices provide repeatable, predictable detection and prevention of card testing (and many other fraud issues). With literally hundreds of channels, technologies, techniques, and tactics that fraudsters can use to attempt card testing attacks, the comprehensive implementation of the following best practices is the surest way to defeat fraudsters:
- Multiple, advanced fraud screening technologies. Deploying multiple technologies provides more trip points and a self-reinforcing web of prevention.
- Real-time data orchestration hub. The greater the amount of data analyzed, the more likely fraudsters can be identified and blocked. Real-time is critical, because fraudsters can more easily game stale data.
- Advanced Artificial Intelligence (AI) & Machine Learning technology. The massive computing and memory capabilities of computers can analyze billions of discrete data points and detect and deter fraud at speeds impossible for humans to match.
- Human Intelligence with deep fraud fighting expertise. Systems and rules developed by fraud industry experts enable a strategic response to the rapidly metastasizing attacks of professional criminal gangs and fraudsters.
- Integrated, comprehensive fraud prevention platform that employs multi-layer approach. The more obstacles, technologies, and processes you can use to screen and block fraudsters, the greater your success.
To hear deeper insights into how to beat card testers (and CNP fraud in general) from fraud experts at Dunkin’ Brands and Wendy’s, attend our webinar "Less Naughty, More Nice – Fighting Holiday Fraud in Food & Beverage".