Maxx typically recommends making the response to the customer as vague as possible and specific as necessary. After all, the goal is to retain the customer’s order through offering helpful messaging in the case of an error. There is a very important balance here as you do not want to provide too much information making it advantageous for card testers to use your site.
Card testing fraud is a two step procedure. Step one is the practice of using a computer program to test credit card numbers until a valid card number is found. Step two is to use a similar program to then find the correct expiration date to validate the transaction.
Your merchant account and gateway charges you for every transaction regardless of weather the transaction is approved or declined. There for if your site is providing the correct information to a card tester they will typically attempt as many transactions as necessary to get a card number and expiration match. The result – hundreds, if not thousands of attempts. Depending on you’re contracted per transaction rate, this could result in substantial costs to your business.
How can you protect your business?
First, block the IP addresses for known card testers. Here is a list of the IP addresses for know card testers.
Second, develop an error messaging strategy with different responses depending on the error passed from the gateway. Again, a good practice is to be as vague as possible and specific as necessary.
|“General: We are terribly sorry but the card you are attempting to use has been declined. Please use an alternate credit card and submit your order again. If you are still experience difficulty please contact us directly at (800)xxx-xxxx and we’ll be happy to assist you.”|
|“AVS mismatch, or other error: We are sorry but the address and zip code entered does not match the information on file with your credit card issuer. Please re-enter the address and zip code. If you are still experience difficulty please contact us directly at (800)xxx-xxxx and we’ll be happy to assist you.”|
It is always a good idea to monitor your transaction closely to insure you are not victimized by fraud attempts. If you feel you are experiencing an abundance of merchant account fraud attempts there are numerous tools available to help mitigate credit card fraud. If you would like information on these tools please contact us at (800)917-8026.