Cybersecurity should not be taken for granted, especially if you’re running a business online. With numerous credit card processing attacks happening, it’s critical to know how to protect your eCommerce site from card testing attacks. These types of attacks are carried out by hackers using stolen credit card information to test whether the card number is valid or not. It often results in high per-transaction costs for the merchant leading to lost revenue and time. In today’s blog, we’ll discuss card testing attacks and learn how to prevent them, so you can keep your WooCommerce site secure from these kinds of attacks.
What is Credit Card Testing
It is essential to understand the risks associated with card testing attacks and how they can impact your WooCommerce site. Card testing attacks occur when cybercriminals generate or purchase lists of stolen credit card numbers, and then algorithmically test them to determine which ones are still active. The issue here is that these transactions come at a cost to the merchant, and when thousands of cards are run in a short period, it can add up to substantial financial losses. Merchants get charged anywhere from $0.10 to $0.40 per transaction run through the site. When hackers are running 40-50k transactions checking credit card numbers, that cost adds up very quickly.
Fortunately, there are steps you can take to help prevent these attacks.
Best Practices in preventing Credit Card Attacks
Recaptcha:
Consider implementing Recaptcha on your site. Recaptcha is a popular tool that can help confirm human users and deter bots from accessing your site. However, it is important to note that fraudsters have found ways to bypass this protection. Therefore, we recommend using additional layers of security.
Cloudflare:
Cloudflare is an excellent tool that can detect and block card testing attacks proactively. Their security services make it difficult for hackers to access your site and use it for card testing attacks.
Location Control:
Limit the visibility of your site in countries with a high likelihood of being the source of these attacks. For example, countries such as Eastern Europe, Russia, North Korea, China and Iran are often associated with these types of fraud. Disabling your site’s visibility in those countries can help ward off potential attacks. As website owners we all hold out hope that we can get orders from all over the world, take a critical look at where you are actually able to ship your products and who you can actually service.
Site Security:
General best practices for your website are also important, not just for protecting against credit card attacks. Work with a hosting company (servers) that does regular backups and stores those backups for a long time (some hosts only store backups for the last 7 days, by the time you realize what has happened the backups may have already been overwritten). Consider 3rd party backup solutions to layer on top of your hosting service provided backup. Keep your plugins and software up-to-date, with a seemingly endless ammount of plugins that need updated it is important regularly check and apply those updates. For eCommerce sites sometimes it may be dangerous to have “enable auto updates” checked unless you are regularly watching your site. Plugins like Malcare / Securi / Wordfence and other security plugins are things that should be evaluated. Updating your backend security doesn’t help in a front-end attack like happens in a brute force credit card attack. However, it’s always good to minimize the ammount of opportunities the “bad guys” have to mess with your site.
Partners:
How is your relationship with your merchant services vendor? Do you know their name? Do they pick up the phone when you call? At Radial Payments we’ve worked with dozens of vendors. As part of your due dilligence it’s important to evaluate not just how things work when they go right, it’s critical to work with vendors that will support you when things go wrong. Sometimes this is something you only discover after having a big problem. Build a relationship with your vendor, or just connect with Radial Payments and we’ll keep you running regardless of the problems. We wish that you will never have problems, but the harsh reality is, even for small businesses it’s not a matter of if a problem will happen, but when.
Overall, the key to preventing card testing attacks is to be knowledgeable about the risks and take proactive steps to protect your WooCommerce site. Implementing security measures like reCAPTCHA, CloudFlare, and limiting access from high-risk countries can help in mitigating the risks associated with these types of attacks, ultimately saving you time and money in the long run.
In conclusion, card testing attacks can cause significant financial damage to businesses, especially those that run numerous credit card transactions daily. However, there are essential steps that you can take to secure your WooCommerce site, including implementing Recaptcha and using Cloudflare’s services to reduce the likelihood of these attacks. Additionally, disabling your site from being visible in countries where such attacks are prevalent could also help protect your business. As businesses continue to migrate to the digital world, the need for stronger cybersecurity measures becomes more critical; it is essential to remain vigilant and adopt best practices to prevent hacking attempts and other fraudulent activities.
Additional Resources:
FTC.Gov: Start with Security: A Guide for Business
Authorize.net: What you need to know about Credit Card Fraud