October 24, 2018
Are you ready to lose $500? You could if you don't update your authorize.net account settings.
Recently, an identity thief entered 2,000 different credit cards on a retailer's Bridge website. They did so using a bot that entered in card information automatically into the website.
Please note: an identify thief can do this process on just about any e-commerce platform—it’s not unique to Bridge. Credit card fraud is widespread online. Many thieves buy files of 1,000s of stolen credit cards and ’test’ them on innocent e-commerce sites like ours.
Even though many of the entered cards were 'not good,' the Bridge retailer was charged small amounts for each of these attempts which added up to hundreds of dollars. About 40 of the 2,000 attempts did get approved, and even though the retailer didn't ship the goods 'purchased,' the retailer was charged $1,400 in credit card processing fees by the processor, gateway, and network. (Bridge did not charge the customer any fees.) The processor refunded $800 of the fees, but the network FirstData didn't refund its share--about $500. As such, the retailer was left with about a $500 loss.
There are steps you can take to avoid this in the future.
Here is how to reduce the likelihood of this fraud and a $500 lose happening to you:
1. Login to authorize.net.
2. On the left hand side, under "Tools," click on "Fraud Detection Suite."
3. If you have not already, active the Fraud Detection Suite. There is no an extra charge for using this service. Click the yellow button to activate it.
4. On the Fraud Setting page, click on "Transaction IP Velocity Filter".
5. On the Transaction IP Velocity Filter page, click on "Enable filter."
6. Enter a "6" in the allow transaction per hour from the same IP address.
If you'd like, you can pick a number that is lower.
7. Click on the radio button "Do not authorize, but hold for review.."
8. At bottom of page, click on "Save."
We also recommend:
1. Setup a maximum transaction limit. You can do that from the Fraud Detection Suite home page by clicking on "Amount Filter."
2. Activate the Suspicious Transaction Filter. You can do that from the Fraud Detection Suite home page by clicking on "Suspicious Transaction Filter."
3. Use the Enhanced Address Verification Service (AVS) Handling Filter. Please see screen shot below. We recommend at least requiring a zip code match.
Here are more tips about preventing fraud:https://support.authorize.net/s/article/Merchant-Credit-Card-Fraud-Prevention-Tips