Over the last few weeks, I’ve seen a disturbing trend with a few clients that I wanted to share with others in case this is something that may potentially impact you and your business.
When crooks are trying to test or create credit card numbers, they need a way to find out if those card numbers are still working or if they are in fact real credit card numbers. Often, the way this is done is by finding a website that the crooks can run a program on the website’s checkout page, which will automatically fill in all of the boxes that need to be completed such as the customer’s name, billing, and shipping address, credit card number, expiration date, etc. When the crooks run a program or “bot”, they can run hundreds or thousands of transactions in just a matter of minutes!
What’s The Damage?
Now, you’re probably thinking “What difference does that make? After all, if the transaction doesn’t go through, no one is hurt and if it does go through, I’m getting the money, not the crook!” While that may be true, there are other issues that a business owner may not have considered. Some of those are chargebacks which can cost the business owner fees and can possibly result in losing their ability to process payments if you have too many chargebacks.
Another issue that can be costly is the fees that come from those authorization attempts. You see, any time a credit or debit card is run, whether the transaction was approved or declined, there is an authorization attempt…and a fee that is charged by the card brands for that attempt. In addition to that authorization fee, since most of the authorization attempts come from overseas, there is also an additional fee called a Cross Border Fee, which applies to credit card transactions that originate outside the United States but are attempted on a website based in the US.
Contact Someone Today To Get Help
Have you been affected or know of a business affected by Authorization Testing? Contact us today to get help and start working with someone who can help.
To give you an example, a business recently had over 67,000 transactions attempted on their website, within a 6-hour time frame. All of those transactions were declined, but due to authorization fees and cross border fees, they incurred over $9,000 in fees! Thankfully, we were able to help them get those fees removed…but that isn’t always the case and in fact, with most processors…the business owner is responsible for all of those fees.
You can imagine how detrimental that could be to a business…imagine finding out you owe that much money but had no income to offset it. So, what can business owners do to protect themselves…and their website from these authorization testing attacks? Below are several recommendations that can be helpful and even if they don’t prevent the authorization testing from happening, you can at least make it difficult enough that the crooks will find another website to attack.
How to Mitigate against it:
- Make sure your website is secure and has a current and valid SSL certificate.
- Make sure you are using all of the security filters provided by your credit card processor, your web developer, and the shopping cart you are using.
- Make sure you use Captcha as part of your checkout process.
- The SSL requirement is part of the Visa / MasterCard requirements for accepting credit card payments through a website, but the other two items mentioned are not.
Unfortunately, many business owners bypass some or nearly all of the security recommendations due to either not understanding them or not wanting to “slow down” the checkout process.
Using Captcha can be a huge help! In case you’re not familiar with the name, Captcha is that annoying little puzzle with random pictures in it that asks you to click on all the pictures that have an airplane in them…or stairs…or signs. While it’s true that using Captcha as part of the checkout process does slow down the sale, it also makes it much more difficult for a hacker to run an automated program because the software cannot decipher which pictures have those items in them, so the software can’t run the transactions.
Have you had issues like this with your website?
Chris Clear is a trusted partner of Eldie Web Design and Marketing. He comes highly recommended from our team and we suggest if you aren’t using him you need to! His customer service is out of this world and we promise you won’t be disappointed with the savings you will garner from switching to him.