Default HubSpot Blog

Current Articles | RSS Feed RSS Feed

Protect your business from merchant account fraud. Card Testing.

Posted by Alex Neir on Tue, October 05, 2010 @ 03:27 PM
Merchant Account Fraud
Does your business accept payments from a payment gateway or ecommerce site? What you pass back to the customer when the credit card is declined may expose your business to a new form of merchant account fraud, called card testing and end up costing you a bundle.

Maxx typically recommends making the response to the customer as vague as possible and specific as necessary. After all, the goal is to retain the customer’s order through offering helpful messaging in the case of an error. There is a very important balance here as you do not want to provide too much information making it advantageous for card testers to use your site.

Card testing fraud is a two step procedure. Step one is the practice of using a computer program to test credit card numbers until a valid card number is found. Step two is to use a similar program to then find the correct expiration date to validate the transaction.

Your merchant account and gateway charges you for every transaction regardless of weather the transaction is approved or declined. There for if your site is providing the correct information to a card tester they will typically attempt as many transactions as necessary to get a card number and expiration match. The result – hundreds, if not thousands of attempts. Depending on you’re contracted per transaction rate, this could result in substantial costs to your business.

How can you protect your business?

First, block the IP addresses for known card testers. Here is a list of the IP addresses for know card testers.

Second, develop an error messaging strategy with different responses depending on the error passed from the gateway. Again, a good practice is to be as vague as possible and specific as necessary.  

Some Examples:

General: We are terribly sorry but the card you are attempting to use has been declined. Please use an alternate credit card and submit your order again. If you are still experience difficulty please contact us directly at (800)xxx-xxxx and we’ll be happy to assist you.”


AVS mismatch, or other error: We are sorry but the address and zip code entered does not match the information on file with your credit card issuer. Please re-enter the address and zip code. If you are still experience difficulty please contact us directly at (800)xxx-xxxx and we’ll be happy to assist you.”

It is always a good idea to monitor your transaction closely to insure you are not victimized by fraud attempts. If you feel you are experiencing an abundance of merchant account fraud attempts there are numerous tools available to help mitigate credit card fraud. If you would like information on these tools please contact us at (800)917-8026.

Tags: Payment Gateway, Maxx Payment Gateway, Merchant Account Fraud