It’s time to put on our serious face as we explore an issue that has reared its ugly head in the payments industry. Credential Stuffing, or Carding, has been a problem for years, but lately, it has become all too frequent.
We often say knowledge is power when protecting your business. Understanding how Carding works is a great place to start. For this particular type of fraud, there are security measures you can take to deter fraudsters from pulling a fast one on your business.
As fraudsters continually find new ways to test stolen credit card information, businesses must stay proactive in protecting their business from these types of brute-force attacks.
What Is Carding?
The strategy behind Carding is simple. Fraudsters obtain a massive list of cardholder information and proceed to “stuff” those credentials into the checkout form.
Attackers aren’t manually entering in credit cards one at a time. Instead, they create an automated script that can test multiple (we’re talking thousands or more) cards in a short time. One of the worst data breaches in recent history included 2.2 billion records.
Why Should You Care?
If you accept payments online, you are at risk since you will never have the physical card to validate.
While most websites have protections in place to block floods of activity, attackers have tools to bounce their requests around the web, making it look like they are coming from different IP addresses or browsers.
Once they get approval, they can use that winning card anywhere. And you can bet they are going to spend as much as possible.
What Can You Do?
There are a handful of practical methods that you can use to protect your business from Carding.
- CAPTCHAs: You might recognize these as those simple math or word based problems at the end of a payment form. While these vary in complexity, they are basically just an extra step that a human would have no problem filling out but would stop a bot or script from going that extra step.
- Verified by Visa/Mastercard: Visa and Mastercard provide free tools that authorizes the card before it is processed. They also shift the liability to themselves for fraudulent transactions when businesses use these tools. Stopping fraud and avoiding liability is a win-win.
- Forcing Manual Entry: Browser are quick to auto-fill fields now, even payment forms. Making the manual entry of specific fields (like the credit card number) in your payment form can help make it more resistant to scripts.
- Enable Risk Thresholds: This one is unique to Worldline. We can determine the risk by monitoring different variables within a transaction.
From a fraudster’s perspective, Carding is a simple technique. Often they have another script looking for Checkout forms that don’t have extra security measures in place. Ensuring your Checkout is secured, and staying vigilant will keep your business safe and secure from this type of fraud.
Related articles
-
Safeguarding within payments: a modern approach to fraud management
-
The power of multi-network ecosystems in the financial industry
-
Central Bank Digital Currencies (CBDCs), the future of money?
-
SWIFT Connectivity with Worldline – a dynamic solution for modern challenges
-
G20 targets for cross-border payments: ready for revolution or evolution?
-
2023 Capgemini World Payments Report: Finding the value in cash management
-
From fraud management to customer relationship management: An AI revolution
-
Exploring the future of money: is it digital and instant?
-
Leading by example – Worldline’s CSR approach and strategy
-
Boston Consulting Group (BCG) – Global Payments Report 2023: 'Investor scrutiny provokes a moment of truth'
-
Sibos 2023: further developing the payment industry together
