The site you requested may not be relevant in your area.

country flag
Skip to main content

Over the past year, we have seen a steady rise in fraudulent Card Authorization Testing. This activity – also known more simply as auth testing – occurs when fraudsters steal a credit card number then test it with a small purchase on an unsuspecting merchant to see if the transaction gets authorized. If it does, then they start racking up bigger charges on the stolen card number.

To make matters worse, the existence of software applications, known as bots, can be programmed to test anywhere from hundreds to tens of thousands of stolen payment card numbers on a single digital checkout site. The bot allows the fraudster to automate the transactions at a rapid speed, testing the account status of the stolen payment card numbers.

With ecommerce more prominent than ever, this fraudulent activity can cost you valuable dollars, as every transaction comes with an authorization cost. It is important to be aware of the risk and costs to your business associated with fraudulent auth testing, along with ways to help combat it.

Five preventive measures

Here are several things you can do to minimize the risk of falling victim to fraudulent auth testing.

  1. Continually review high-ticket transactions or unusually low-ticket transactions. Many fraudsters auth test for as little as a penny. Business owners can set a transaction threshold that, if the transaction seems oddly low or much higher than their average transactions, can automatically decline the transaction or pend for later.
  2. Require more information when setting up pay fields, which will make things more difficult for auth testing. Many pay fields simply require the credit card information, but adding in email addresses, phone numbers and addresses make auth testing less likely as fraudsters need to build a much longer script with all that information.
  3. Since authorization testing often happens in large groups of transactions within a small period of time, set hourly or daily velocity limits within your payment acceptance platform. The goal is to specify an upper limit of expected transactions to occur within the selected timeframe to a specific IP address.
  4. Be especially cautious if you use an outside vendor to develop your ecommerce website. Coders may leave HTML source code exposed or accessible, leaving the door wide open for fraudsters to auth test thousands of cards through your website. Talk to your vendor about making sure your source code is well hidden.
  5. Scan systems for malware or spyware regularly.

Please note that if you use Converge, most of these security measures are built-in options within the platform that just need to be enabled. I can help you get these security settings turned on if you give me a call. If you use a different company for online payment acceptance, we encourage you to contact them to find out what security settings are available to you.

Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7/365. 

This contact form is for US customers only. If you are looking for one of our other locations, please visit to find your country or region. 

Form submitted successfully

You will receive a call from an Elavon representative shortly. 

If you would like to speak to someone now, please call 1-866-671-1583 to be connected with a payments professional. 

Please fill the required fields and submit again


Available Mon. – Fri.
9:00 AM - 7:00 PM EST

Customer Support

Available 24/7

By providing us with an email address you are expressly consenting to receiving email communications — including but not limited to marketing material/advertising, promotions, sales campaigns, and questioner/research surveys. By providing us with a telephone number for a cellular phone or other wireless device, including a number that you later convert to a cellular number, you are expressly consenting to receiving communications — including but not limited to prerecorded or artificial voice message calls, text messages, and calls made by an automatic telephone dialing system—from us and our affiliates and agents at that number. This express consent applies to each such telephone number that you provide to us now or in the future and permits such calls for non-marketing purposes. Calls and messages may incur access fees from your cellular provider. We accept relay calls. Your privacy is important to us. By clicking “submit” you agree to our terms and conditions.