Secure your business from login to chargeback
Stop fraud, break down data silos, and lower friction with Sift.
- Achieve up to 285% ROI
- Increase user acceptance rates up to 99%
- Drop time spent on manual review up to 80%
By Jane Lee /
Online payment fraud prevention is a serious subject for businesses and consumers alike. Research reveals that payment fraud cost $41B in 2022 and is expected to increase 17% to $48B in 2023. According to a survey conducted by Sift, 43% of consumers have recently fallen victim to payment fraud. By all metrics, online payment fraud is on the rise.
Card-not-present (CNP) fraud accounts for the overwhelming majority of these losses. In this blog, we will explore the difference between two common CNP fraud tactics: card testing and card hopping. We will also provide tips and strategies for trust and safety teams to protect their business and their customers.
Card testing is a type of payment fraud where fraudsters use stolen credit card information to test whether the card is still active and valid. This is often done by making a small purchase, typically less than $1, to avoid detection. Once the card has been verified, the fraudster can use it to make larger purchases or sell the card information on criminal forums.
Sift data scientists have discovered bot-savvy fraud rings that leverage automation to perform rapid credential stuffing and IP address rotation against multiple merchants at once. Card testing attacks that are automated at scale enable fraudsters to quickly test a large volume of cards to verify their validity.
Card testing can be difficult to detect because the purchases are often small and can go unnoticed by the cardholder. However, businesses can prevent card testing by using fraud detection tools that analyze transaction patterns and detect risky behavior.
Card hopping fraud is similar to the consumer practice of opening multiple accounts to receive introductory offers, except that the fraudsters use stolen credit card information to make fraudulent purchases. Card hopping typically follows card testing—once multiple cards have been verified, fraudsters hop from one card to the next, racking up expensive purchases and withdrawals.
Card hopping can be particularly damaging to businesses because it can result in multiple chargebacks and lost revenue. Businesses can protect themselves from card hopping by using tools that analyze transaction patterns and detect when the same person is using multiple cards to make purchases.
Here are four red flags that fraud teams can monitor for card hopping attacks:
Statistically, it’s unlikely that a legitimate user would use more than five payment methods. According to a survey conducted by Sift, less than 5% of consumers report using five or more payment cards per month, but a card hopping fraudster can use two-to-three times that number in the same time.
While card testing and card hopping are both types of payment fraud, they differ in their approach and impact. Card testing is focused on verifying whether a stolen credit card is still active, while card hopping involves using multiple stolen cards to make fraudulent purchases.
Both types of fraud can be difficult to detect, but businesses can protect themselves by using fraud prevention tools that analyze transaction patterns and flag suspicious activity. Companies that adopt an end-to-end, real-time approach, backed by a network of global signals and events, reduce block rates by 55% compared to those that don’t.
Detecting and preventing payment fraud requires a multi-layered approach that involves both technology and best practices. Here are some strategies that businesses can use to prevent payment fraud:
Sift’s Digital Trust & Safety Platform enables intelligent automation and flexible orchestration to make fraud detection smarter and easier. Sift ingests more than one trillion events per year, detecting new attack patterns in less than 250 milliseconds and providing our customers nearly instantaneous protection.
Learn more about how to select the right online payment fraud prevention platform.
Download the Q1 2023 Digital Trust & Safety Index to learn more about card testing and card hopping.
Jane Lee is a Trust and Safety Architect at Sift, who specializes in malicious websites, spam, misinformation, account/content abuse, chargebacks, and payments risk. Prior to joining Sift, she was on teams at Facebook and Square, and also spent some time as a Private Investigator. She is passionate about designing and operationalizing systems for detection and enforcement of fraud at scale.
Stop fraud, break down data silos, and lower friction with Sift.