Preventing declined transactions on your ecommerce website
September 7, 2021
In a rush to meet the digital demand, more companies are taking the leap towards an ecommerce website, but it’s also come with some challenges from scammers trying to use your website for card testing.
What is Card Testing?
Card testing is when a fraudster makes a small purchase with a stolen credit card to check if the card is active. Usually, fraudsters won’t make just one purchase on your ecommerce website, but hundreds to test a list of stolen credit card numbers. If these small purchases are successful, the fraudster will make larger purchases to get as much as they can before the victim’s bank detects the fraud.
What does this have to do with your website’s payment system? We’ve seen an increase in card testing in the last year, specifically on the Moneris payment gateway. We’ve compiled a list of preventative measures to stop these fraudulent purchases before your payment gateway locks you out of your account (or worse) Moneris charges you a fee for each fraudulent transaction attempt.
Moneris Suspicious Transactions Email
In the last few months, we’ve seen an increase in emails from the Moneris Payment Gateway informing clients of a “high number of declined transactions on your Moneris Gateway account”. These emails include information on addressing approved suspicious transactions, tips on what to look out for, and preventing suspicious activity.
Don’t be alarmed if you receive one of these emails. Let your Account Manager know, and follow our tips and tricks below on how to prevent fraudulent activity without impacting your user experience.
Address Verification System (AVS)
The Address Verification Service (AVS) is a tool provided by credit card processors and banks in order to detect suspicious credit card transactions and prevent credit card fraud. The AVS checks the billing address submitted by the card user with the cardholder’s billing address from the issuing bank. A matching address helps the merchant determine if the payment should be accepted or rejected.
Configuring your AVS Settings
Under the “WooCommerce” tab in the WordPress backend, go to “Payments” and select “Moneris”.
On this page, you will be able to “toggle” whether you want to enable the Address Verification System and perform an AVS check on the customer’s billing addresses. Here you will be able to determine whether you want to accept, reject, or hold the transaction.
We suggest you configure the following settings (at a minimum) to help prevent fraud:
- Reject Transaction (If neither street address nor zip code match)
- Accept Transaction (If zip code matches but the street address does not match or could not be verified)
- Accept Transaction (If street address matches but zip code does not match or could not be verified)
- Reject Transaction (If the street address and zip code could not be verified)
You must also enable AVS in your Moneris merchant account. This feature will only work with Visa, MasterCard, Discover, JCB, and American Express card types.
Additional Preventative Measures
Now that you have enabled AVS on your website, there are a few things you can do to continue monitoring the situation:
- Monitor transaction activity – Make sure you login to your Moneris account on a regular basis, and monitor your transactions. Multiple small orders within a short time frame is the number one indicator that card testing is occurring.
- Monitor IP addresses – The majority of card testing attempts originate from outside of Canada. This is another possible indicator of fraud, especially if you see this along with other signs. You may want to adjust your payment gateway settings to block multiple orders from the same IP address within a short period of time.
- Additional plugins – If this issue still persists there are many plugins that can help address the situation. Such as Woocommerce anti-fraud which comes at an annual fee, but quickly detects fraudulent transactions on your WooCommerce store. As a reminder, always ask Simplistics before installing a new plugin on your website so we can help validate the reliability and security.
At the end of the day, fraudsters will always find new ways to try and scam/cheat so reach out to Simplistics if you have any questions, or suspicion of fraudulent activity.