As an Association or nonprofit, you likely rely heavily upon your members paying by Visa, MasterCard, AMEX, and Discover for membership dues, certifications, event registration, and more.
Now, imagine what would happen to your organization if you couldn’t accept credit card payments for any period of time. The prospect of not being able to accept credit card payments for even 30 minutes due to your services being down during the peak times would be a major problem.
Activities like carding could lead to an immediate suspension of your credit card processing services (also called merchant services) for an indefinite period of time – this in turn could result in significant loss of revenue or reputation to your Association.
What Is Carding?
Carding is a type of fraud in which a thief uses stolen credit cards to test its data against a merchant’s payment processing system, ultimately aiming to verify and identify missing values of stolen card details. Card cracking and carding are two common automated bot threats.
Fraudsters will typically visit e-commerce websites and initiate multiple transactions by submitting purchase requests on the Internet. Because credit cards are often canceled quickly after being lost, a major part of carding involves testing the stolen card information to see if it still works.
Methods such as Malware, Phishing, and Credit card skimming are used by criminals to steal your credit card information and use it for carding purposes.
Defense Strategies To Prevent Carding
Despite the liability that comes with creating and maintaining a payment processor gateway at your organization, there are ways to protect yourself! Some initial steps include using anti-spyware and malware-blocker software, as well as promptly running updates to that software.
Additional strategies to protect your organization include:
- CAPTCHA – a challenge-response test that helps an online merchant verify you’re a human shopper
- Address Verification System (AVS) – compares the billing address used in the transaction with the issuing bank’s address information on file for that cardholder
- IP Geolocation Checks – confirms if the details of a purchase made from a certain country correspond to other known banking and invoicing records
- BIN Number Tracking – participants in online transactions can detect cases of fraud and identity theft by matching the geographic location of the cardholder to the location provided by the BIN (The first four to six digits identify the financial institution that issued the card)
- Velocity Checks – merchants use this metric to identify irregular patterns in the checkout process that might show fraud
- Authorization/Capture – a merchant verifies that your card can be charged but holds off on collecting the funds from the card issuer
- Blacklist – build a customer blacklist to block individuals who are repeat fraud offenders
- Machine ID/Device Fingerprinting – determine whether or not a user is repeatedly visiting a merchant’s site using different payment attributes (names, addresses, IPs, credit cards, computer browsers, etc.) to mask their identity