Increase in card testing, BIN and brute force attacks
Here at Fortis, we continued to see an increase in the number of card testing attacks globally. We encourage you to be diligent, increase your awareness and review your current detection controls to help prevent these fraudulent attacks.
Please share this with your technology partners, developers, and staff. Fees resulting from card testing can be VERY costly and prevention is the best cure.
What can you do?
OmniFund and Fortis continue to develop and improve fraud detection and prevention in the software and gateways. Use these tools, the notifications, and the reporting you have available to help prevent and mitigate issues from card testing.
WorldPay and the Card Brands have collaborated to produce the list of best practices below to assist with any mitigation efforts as well. While most of these may not apply to your specific situation or card processing environment, one extra cautionary step can save thousands of dollars in unnecessary fees.
- Leverage authentication and CAPTCHA controls to prevent automated transaction initiation by bots or scripts (e.g. 5 authorizations from one IP address or Account)
- Utilize fraud detection systems that support device fingerprinting and botnet detection
- Use a layered validation approach that employs Card Validation Codes and Address Verification Services
- Analyze time zone differences and browser language consistency from the cardholder’s IP address and device. Classify these transactions as potentially high risk and perform more stringent reviews
- Inject random pauses (i.e. throttling) when checking an account to slow brute force attacks that are dependent on time, especially for Bank Identification Numbers (BINs) that have been determined to have a high fraud incidence
- Include IP address with multiple failed card payment data in a fraud detection blacklist database for review and analysis
- In addition to velocity checks for small and large transactions, use velocity checks for low amounts or authorization-only transactions
- Look for excessive usage and bandwidth consumption from a single user
- Look for multiple tracking elements in a purchase linked to the same device (e.g. multiple transactions with different cards, using the same e-mail address and same device ID)
- Look for logins on a single account coming from many IP addresses
- Review logins with suspicious passwords that hackers commonly use
- Lock out an account if a user guesses the username/password and any account authentication data incorrectly on “x” number of login attempts
