Brian Kinsella
Senior Regional Fraud Manager, Elavon
Carding is the process where stolen or cloned card details are used to make a small online purchase, to test if a card is valid and active.
Often, a piece of automated software will try to make potentially thousands of small transactions until one is successful. Those details can then be used for larger fraud elsewhere. If it later turns out that the larger fraud was carried out because of carding on your site, you could find yourself exposed to reputation and legal implications. You could also face additional fees for excessive authorisations and declines from card brands.
Why SMEs are vulnerable
Brian Kinsella, Senior Regional Fraud Manager at Elavon, says: “We often see the types of businesses that fall victim to carding attacks are small companies that may not have invested heavily in website security.
“By taking a few simple, low-cost steps, you can prevent your business from falling foul of carding and any card fees for excessive declines.”
We often see the types of businesses that fall victim
to carding attacks are small companies that may
not have invested heavily in website security.
How to stop fraud
There are many ways you can protect your business from fraudulent carding activity.
- Having a good ‘captcha’ test on your website could frustrate carding attempts. A ‘captcha’ is a way to tell the difference between a human and a robot.
- 3-D Secure is the umbrella name for Visa Secure and Mastercard SecureCode, which have been introduced to add extra security for online shopping. By adding 3-D Secure to your ecommerce, you can fully authenticate the cardholder. While 3-D Secure cannot and does not eliminate chargebacks, it does vastly reduce the incidence of fraud.
- Removing the copy-and-paste function on your payments page makes it harder for an automated script to test transactions.
- Ask your payments gateway provider about other fraud-management products they have available, to identify and block attacks.
Elavon Financial Services DAC. Registered in Ireland with Companies Registration Office. The liability of the member is limited. United Kingdom branch registered in England and Wales under the number BR022122.
Elavon Financial Services DAC, trading as Elavon Merchant Services, is a credit institution authorised and regulated by the Central Bank of Ireland. Authorised by the Prudential Regulation Authority. Subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request.