This article will guide merchants through recommendations for handling suspicious transactions, card testing, and fraud prevention tips.

Credit card fraud and card testing are ongoing problems that cannot be completely eliminated but can be efficiently controlled. As a business owner, it is important to find a balance between applying methods to deter fraud and providing a smooth customer experience. The following recommendations emphasize proactive actions and procedures to help reduce credit card fraud.

Authorization:

An authorization approval does not guarantee payment to the merchant. It only means that at the time of approval, the card has not been reported as lost or stolen, and its credit limit has not been exceeded. If the card number is being used unlawfully, the cardholder has the right to dispute the 'approved' charges.

Validate Customer Information:

Before processing an order/transaction, verify the customer's information (email, phone number, address). Use the following tools to aid in this process:

• Address Verification Service (AVS): AVS checks the billing address provided by the customer against the address on file with the credit card company. For more information, see: What is Address Verification Service (AVS) and how to use and configure it?
• Card Verification Value (CVV) Check: The CVV is a 3- or 4-digit number on the back of a credit card. Asking for this number helps to ensure that the customer has the physical card in their possession. For more information, see: What is Card Code Verification (CVV) and how to use and configure it?
• Bank Identification Number (BIN) Check: The BIN is the first 6 digits of a credit card number, and it identifies the issuing bank. A BIN check can help identify cards issued in countries with high fraud rates.
• Different Billing and Shipping Addresses: Fraudulent transactions often have different billing and shipping addresses. If the addresses are different, it can be a red flag and worth additional scrutiny.
• Shipping Address Verification: There are services that can verify the validity of a shipping address. Using such a service can help ensure that the product is being shipped to a legitimate location.
• Email and IP Verification: Check if the email address is from a free email service, which is often used by fraudsters. Also, check the IP address of the transaction. If the IP address is from a different country than the billing address, it could be a sign of fraud.

Use Fraud Detection Tools:

Utilize advanced fraud detection tools that can identify suspicious patterns and flag potential fraudulent transactions. For more information, see: What Is the Advanced Fraud Detection Suite (AFDS) and how to use it?

Monitor Transactions:

Regularly monitor your transactions for any unusual activity. This could include multiple orders from the same IP address, large orders from new customers, or orders with expedited shipping. Always review transactions before settlement occurs. Monitor unsettled transactions and void any suspicious transactions on your account. Constant monitoring is the first step in detecting suspicious transaction activity.

For more information, see:

• How to identify transactions in a state of review from Advanced Fraud Detection Suite (AFDS)?
• What is and how to use Suspicious Transaction search Advance Fraud Detection Suite (AFDS) transactions?
• What reporting and search options are available in the Merchant Interface?
• How do I download transaction information and search results?

Secure Your Website and Systems:

Implement SSL encryption on your website to ensure all data transferred between your site and your customers remains secure. Regularly install and update firewalls. Firewalls monitor the activity of external connections to an internal network of servers, helping to eliminate the threat of undetected external activity and protect your network from vulnerabilities.

Regularly check for, and perform, patching and system updates. Ensure that firewalls are implemented and updated, and that anti-virus software is in use and up-to-date. Store all sensitive or confidential information, especially customer information such as credit card numbers, in a secure database on a server that is not connected to the Internet. Encrypt all stored information.

Additionally, consider implementing solutions like CAPTCHA/RECAPTCHA for additional user verification.

Implement Strong Authentication Methods:

Use strong authentication methods like two-factor authentication (2FA) to ensure that only the legitimate owner of an account can access it.

Follow PCI DSS Standards:

If you're accepting credit card payments, make sure you're following the Payment Card Industry Data Security Standard (PCI DSS) to protect your customers' card information. For more information, please see: What Is PCI Compliance, and How Do I Find out If I Am Compliant?

Other Actions and Considerations:

Review the blog on What you need to know about card testing fraud?

Consider maintaining a negative historical file, a positive database file, and performing pattern detection to further safeguard against fraud. Manage and control any file sharing, and share access to network drives and individual computers only with needed, trustworthy users. Avoid sharing access to files that store passwords and other confidential or sensitive information.

You may also report suspicious transaction activity to the Internet Crime Complaint Center (IC3), a partnership among the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA). The IC3 records complaints of online credit card fraud and other illegal activity online so that law enforcement agents in the U.S. and abroad may have access to previously reported incidents, which may contain clues that could assist current investigations. Learn more, including how to file a complaint, at the Federal Bureau of Investigation page.