opinion

How to Thwart Attacks, Fraud in Payment Processing

How to Thwart Attacks, Fraud in Payment Processing

If personal fitness was among your New Year’s resolutions, great! Fitness is essential for your overall health and well-being — and the same can be said about ensuring the “fitness” of your business. To keep your business fit in terms of its overall financial health and well-being, it’s critical to have an effective strategy in place for dealing with fraud.

While it is only February now, I can confirm what all the pundits, analysts, doomsayers and I were prophesying at the end of 2021 with regards to ecommerce fraud, as there is no question that there was a record amount of attempted and successful ecommerce fraud this past holiday season. You may have noticed that I included “attempted” fraud; that is because, as expected, merchants who have enrolled in protective services from payment processors were not as dramatically affected. As I mentioned during the billing panel at XBIZ 2022 in Los Angeles, our Order Insight and Rapid Dispute Resolution capabilities have proven invaluable in preventing fraudulent purchases and disputes.

Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or user account can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks.

Since the COVID pandemic took off in March 2020, card testing has increased in popularity amongst the steal-from-home fraudsters. Card testing is done by cybercriminals to test the validity of credit card information they obtain. While the purchase may not go through, your business is going to be charged a transaction fee, say $0.20 for example. While that may not make or break you, when you have a criminal deploying a bot on your payment page that can test thousands of card numbers in an hour, those $0.20 transaction fees can add up quickly.

The thing about card testing is that virtually every ecommerce merchant that accepts credit cards is a potential victim of card testing; that being said, it is one of the easiest and least expensive means of ecommerce fraud to combat. The act of adding CAPTCHA to your checkout page will significantly reduce card testing attempts as scripts and bots can have a problem getting around it. There is no need to make it a difficult CAPTCHA as you are only trying to thwart robots, not frustrate your buyers. Any decent shopping cart will provide a CAPTCHA option.

A few other free tools are likely already available to you through your gateway provider. Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or username can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks. For example, suppose you run a membership site and offer a seven-day trial that converts into a 30-day membership. In that case, there’s no reason a single user, or more importantly, a single IP address, would need to attempt multiple transactions, since they would gain access with a single transaction. Allowing for normal declines, you could even up that number to six attempts every 30 days and still spare yourself having to worry about card testing.

Since it is the beginning of the year, how about setting up a best practices schedule for your ecommerce security? For example, set up a regular schedule for changing passwords for your individual employees as well as your ecommerce gateway. If you check out the December 2021 issue of XBIZ World, I go into greater detail on methods of fighting ecommerce fraud.

To those of you that I got to see at the shows last month, it was good to reconnect. Whether you are an existing, new or potential client, I enjoyed the opportunity to have a drink, chat, get reacquainted and get up to speed with the latest developments in our businesses. I hope you find some value in my suggestions, and may 2022 be off to an excellent start for you.

Jonathan Corona has nearly two decades of experience in the electronic payments processing industry. As chief operating officer of MobiusPay, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards mandated by the card associations, including, but not limited to, maintaining a working knowledge of BRAM guidelines and chargeback compliance rules defined in both Visa and Mastercard operating regulations.

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

Ricci Levy on Standing Up for the Right to Be Heard

When Ricci Levy speaks about human rights, she does not use detached, academic language. She speaks with urgency, emotion and the kind of passion that immediately makes it clear just how deeply personal this work is for her.

Women In Adult ·
opinion

Lessons From Decades of Building the Adult Internet

After my first year of college, I needed a job. So I did what people did back then: I opened the newspaper and started scanning the classifieds. One listing stood out: “Image Librarian.” I had no idea what that meant, but I applied, and got the job.

Tanguy ·
opinion

How to Build a Cross-Border Payment Strategy

Pull up your analytics and you’ll likely find that international traffic is already on your site. Some of those visitors convert, but a lot more bounced at checkout — and a meaningful chunk tried to pay but were declined.

Joe Fredricks ·
opinion

The KPIs That Keep Payment Processing Humming While You're Away

I always look forward to the summer as my kids are home and I can plan little trips with them to reconnect and have some fun. If you’re like me, however, you probably never go on vacation without your laptop, so you can check in or lurk in the background to make sure all systems remain go.

Cathy Beardsley ·
opinion

What Utah's SB 73 Means for Compliance Requirements

Utah has once again positioned itself at the center of the national battle over online age verification and adult-content regulation.

Corey D. Silverstein ·
profile

Clips4Sale's Christy on Backing Creators and Fueling Growth

Understanding the industry from within goes beyond data. For Christy, Manager of Creator Experience at Clips4Sale, that insight is shaped by front-line conversations and years spent listening not just to trends, but to people.

Women In Adult ·
opinion

Breaking Down AI-Powered Moderation and Platform Safety

Adult platforms, including content sites, cam services and dating apps, consistently face a range of high-risk challenges. These include verifying consent, particularly for user-uploaded content, addressing nonconsensual material such as leaks and so-called revenge porn, and ensuring effective age verification and protection for minors. At the same time, platforms must manage content moderation at scale while addressing payment fraud, scams, harassment and user abuse.

Christoph Hermes ·
opinion

How to Optimize Subscription Billing for Compliance and Stability

The Federal Trade Commission’s “click to cancel” rule is coming back around. Last year, a federal appeals court vacated the FTC’s Negative Option Rule, aimed at addressing deceptive or unfair practices and making it easier for consumers to cancel online subscriptions.

Jonathan Corona ·
opinion

Key Strategies for Streamlining Payment Processing Approval

Why is it taking so long to get my account approved? It's frustrating for everyone involved, but it's all part of the process. Over the past year, timelines have stretched to 60 days or more for merchants to complete onboarding, from internal compliance review to banking partner approval and final card brand registration.

Cathy Beardsley ·
opinion

What to Know About Alabama's Regulatory Push on Adult Content

Over the past two years, Alabama has quietly but aggressively transformed itself into one of the most restrictive and unfriendly jurisdictions for the adult entertainment industry. Through the enactment of House Bill 164 and related enforcement mechanisms, the state has layered taxation, compliance burdens and content restrictions in a way that goes far beyond traditional regulation.

Corey D. Silverstein ·
Show More