New Credit Card Fraud Can Ruin Your Business Instantly
One of the newest forms of credit card fraud can destroy a business’s reputation with customers and potential customers, as well as the business itself, overnight.
The new scam is called “credit card spinning” or “credit card testing.” This is how it works:
How They Do It
Criminals purchase stolen credit card information in bulk over the dark web. They steal it through phishing schemes or by using spyware software. They can also buy “in bulk” can mean vital information for tens of thousands of credit cards.
Even with the stolen information, the criminals aren’t in the clear to make large purchases using the cards. Nor can they sell the information – yet. After all, many people discover their credit card information has been stolen and immediately report the issue to their bank or credit card company. So those cards won’t work.
But how does a fraud criminal determine which of the cards for which they’ve collected information are still usable? That’s where an unsuspecting business comes into play. Very often, a small business which doesn’t have rock-solid data security including elements such as captcha screening – are victims.
How Your Business Is At Risk
The fraud criminal searches out and finds businesses which have weak online security. To figure out which cards are still workable, they must first attempt to make a small purchase from a business to see if the transaction is completed. If successful, the card information has not been reported as stolen and is still usable for large purchases or to be sold on the dark web.
Since the fraud criminal has information on thousands of cards that must be tested, there’s no practical way for anyone to try and make those small “test” purchases. That’s where botnets come in.
What Is a Botnet
A botnet is made up of networks of compromised computers which are programmed by the fraud criminal to run thousands of small purchases at a time. The networks then report which cards were still working – and therefore, usable or saleable – to the fraud criminal.
How Much Damage Is Possible
The person didn’t know his or her credit card information was stolen is victimized. But the damage doesn’t stop there. Remember, every credit card transaction online results in small charge to the merchant. And when a botnet blasts say, 100,000 minor transactions through a small business’s website, those small charges (usually 10 to 25 cents per transaction) ad up amazingly quickly. Overnight a small business attacked by a botnet executing a spinning scheme can easily be hit with $50,000 or more in fees for authorization attempts.
Worse, since many charities and non-profits such as schools who accept online donations have low data security, they are frequent targets for these fraud criminals.
In either case, the damage adds up at a staggering pace and can compromise, destroy or just wreak havoc with a business or charity.
What’s the Solution
The solution? The keys are adding increased layers of security to operations and systems, regularly reviewing and updated security measures, and vigilantly testing systems. In short, preventing credit card spinning is similar to other data security objectives. It takes focus and dedication along with a commitment to security. It’s important to work with a firm who has expertise not only in data security, but who also takes the time to understand your business, your industry and your customers. For more information, contact us today.