Attention: if you use a gateway, Authorize.net, NMI, or another gateway, this is vital information. 

In the fast-paced world of online transactions, security is paramount. One crucial aspect often overlooked is the implementation of effective velocity filters on gateways like Authorize.net and NMI. This article will guide you through setting up these filters to safeguard your business from scammers employing a technique known as “Card Testing.”

Understanding the Threat: Card Testing Attacks

What is Card Testing?

Card Testing is a malicious practice where scammers attempt multiple small transactions to verify if a credit card is active and contains available funds. There have been quite a few breaches, and these scammers buy the credit card numbers on the “Dark Web” and then look for websites they can robot. 

What if you start getting endless transaction emails?

Depending on your access shut down the site’s gateway by contacting support or turning off the shopping cart. Every business with a website or open billing portal should have a plan in place in case this happens. The velocity filters will shut it down because the scammer won’t get authorization codes, and hopefully, they leave the site. 

The Rising Threat

With the surge in online transactions, instances of Card Testing attacks have seen a sharp increase. Websites without robust security measures are prime targets.

The Importance of Velocity Filters

Why Do You Need Velocity Filters?

There needs to be more than PCI compliance to protect your business. Velocity filters act as an additional layer of defense against fraudulent activities.

Setting the Maximum Transactions

Configuring a maximum number of daily transactions is the first step in fortifying your gateway.

Configuring Velocity Filters

Accessing Your Gateway Settings

You can log in to your gateway provider’s dashboard and navigate the security settings section.

Selecting “Do Not Authorize, but Hold for Review”

This critical setting ensures that suspicious transactions are flagged for manual review, preventing unauthorized payments. Along with saving your business money, you will not have to pay for thousands of gateway transaction fees and authorization fees.

The Consequences of Neglect

Financial Implications

With proper velocity filters, you could avoid exorbitant bills for each transaction and authorization, potentially running into thousands of dollars.

Reputational Damage

A breach due to Card Testing attacks can tarnish your business’s reputation and erode customer trust.

Implementing Velocity Filters: A Step-by-Step Guide

Step 1: Access Gateway Settings

Log in to your gateway provider’s dashboard and locate the “Security Settings” tab.

Step 2: Set Maximum Transactions

Specify the maximum number of daily transactions, aligning it with your business’s typical volume. There are other velocity filters; you should use the ones that make sense for your business. You want to be flexible, which can prevent good transactions.

Step 3: Select “Do Not Authorize, but Hold for Review”

Enable this option to ensure suspicious transactions are flagged for manual review.

Step 4: Save Changes

Click the “Save” button to apply the new settings.

In an era where online security is paramount, fortifying your gateway with velocity filters is not just a precaution but a necessity. Protect your business from Card Testing attacks and potential financial losses. Take your time – implement these measures today.

FAQs

Is PCI compliance enough to secure my online transactions?

While PCI compliance is essential, more is needed to provide sufficient protection. Implementing velocity filters adds an extra layer of security.

How frequently should I review flagged transactions?

It’s recommended to review flagged transactions daily to identify and address any suspicious activity promptly.

Can I customize the maximum transaction limit?

You can tailor the maximum transaction limit to suit your business’s specific needs and volume.

What other security measures should I consider in addition to velocity filters?

Consider implementing multi-factor authentication, CAPTCHA, and regular security audits to bolster your online security.

How can I stay updated on the latest security threats?

Subscribe to our newsletter, blog, or podcast for information on security threats and other payment and business news.