Stolen credit card data is big business, and it’s no secret that criminals use this information to target online retailers by making fraudulent purchases and then re-selling the merchandise. What’s less widely known is how small mom-and-pop businesses and charities fall victim to the same criminals who go after big retailers. These small entities can least afford the damage fraudsters can cause, but they’re also the most vulnerable to a particular kind of fraud known as card testing. Here’s what every non-profit organization and small business should know about this common and disruptive type of fraud.
What is card-testing fraud?
When criminals buy stolen card data on the dark web, there’s no guarantee that the card numbers are still valid, and the card data is often incomplete. It may be missing card verification values (the 3-digit security numbers on the back of each card), name and address information, and other key information that large retailers use to screen orders for fraud.
Without this information, criminals have to guess until they get it right for each card number. So they “test” by placing small orders with small online retailers or making donations to charities to see if the CVVs and billing zip codes they guess at are the right ones. When they find a match that results in a purchase or donation, they use that card and tested data to go after bigger retail targets.
Why do card testers target small business and charities?
In short, they do it because they’re most likely to get away with it. Major retailers, and even many small to midsize online sellers, have in-house and/or third-party fraud detection services to screen their transactions. Many also follow best practices that limit the number of times a customer or donor can enter card information incorrectly before the order is closed.
Many new and small businesses mistakenly think they’re too small for criminals to notice, or they’re unaware that this type of fraud exists, so they go without fraud prevention programs. Charities, meanwhile, must balance the need to making giving easy for donors with the need to prevent fraudulent gifts that can skew budget planning and incur costly bank fees.