Have you noticed small, unexplained card payments to your firm?
Criminals use ‘pay online’ website links to test stolen credit and debit card information, which can ultimately lead to much larger cases of card fraud.
If you allow just anyone to make a card payment to your firm through your website, you may inadvertently be enabling card fraud. In this article we discuss what your firm can do to stop the criminals using your website in this way.
What is card testing fraud?
Card testing fraud, also known as card cracking or account testing, is a type of fraudulent activity in which criminals test stolen or generated credit or debit card information to see if it is valid. This information can be obtained through phishing attacks, data breaches, or other malicious means.
Once the criminals have a list of card numbers, they will attempt to make small, unauthorised transactions through the payment pages of company websites – such as those of a law firm.
These transactions are typically for low amounts, such as £1 or £2, and are often made at different times and locations. If a transaction is approved, the criminal knows that the card is valid and can then use it to make larger purchases or sell it to other criminals.
Consequences of card testing fraud
Card testing results in remote purchase (card not present) fraud. According to the latest figures from UK Finance over 2 million cases were recorded in the last year alone (July 2022 – June 2023) with losses totalling more than £370m.
Card testing fraud can have a number of negative consequences for both the company taking the card payment, as well as their customers:
- The company may lose money on fraudulent transactions that are approved.
- Companies may also be charged fees by their payment processors for fraudulent transactions.
- Customers will face the inconvenience of cancelling their existing cards, as well as potentially having to identify and claim back money lost through their bank.
- Customers may also have their credit scores damaged as a result of fraudulent activity – especially if they cannot pay other bills because their balance is lower than it should be due to fraudulent activity.
How law firms can prevent card testing fraud
There are a number of things that law firms can do to prevent card testing fraud taking place through the payment services on their website today:
- Set a minimum card payment amount to prevent criminals testing low amounts (e.g. £100 minimum).
- Implement website traffic checks to limit the number of times a given IP address can access payment pages in a given period of time.
- Require additional authentication factors before the website payment page can be accessed (e.g. make it password protected).
In order to better prevent card testing fraud in the long term, firms should consider using a secure payment gateway such as Safe Capital. In addition to helping to prevent card testing and other payment fraud, Safe Capital helps firms ensure that card and bank payments are only coming from known clients. Read our latest white paper to find out more.
