Card testing and Fraud Guard
Malicious third parties may try to use your website to determine if stolen credit card details are valid. They try many small payments using different credit card numbers and expiry dates. The approved cards are then used to defraud another merchant for a larger amount. This is called "card testing".
Websites with minimal validation rules that allow an attacker to try many credit card numbers are often targets. This can include websites used for making donations or paying invoices.
Protect against card testing
If you make card testing difficult, your website is less likely to be a target.
If you are using the PayWay REST API or PayWay Classic API and your payment website is generally available on the Internet you must:
- send the customer IP address to PayWay
- add a captcha or other fraud protection mechanism
You can also:
- Validate the payment reference number has an outstanding balance
- Set a minimum payment amount
- Use 3D Secure
- Use PayWay Fraud Guard
Fraud Guard
Fraud Guard detects unusual internet credit card payments and suspends them. You review suspended payments and accept or cancel them.
Fraud Guard detects unusual payments using the:
-
payment amount
-
number of payments
-
location of the customer
-
bank which issued the credit card
-
countries in which you do business
-
Fraud Guard checks credit card payments processed via PayWay Classic API, PayWay REST API, PayWay Net and PayWay Recurring Billing and Customer Vault.
If you use the PayWay Classic API or the PayWay REST API, your website must send the customer's IP address to PayWay in order to allow Fraud Guard to check for unusual payments.
Enable Fraud Guard
To enable Fraud Guard:
- Sign in to PayWay
- Click Settings
- Click Fraud Guard
- Agree to terms and conditions and click Confirm.
To add modules, you need Client Administrator access.
Contact us
For sales, help and technical support contact us.