Improving API security with a transaction velocity filter

Transaction security is at the foundation of our payment gateway. When we build new features, we always focus on ensuring cardholder security and delighting merchants.

Digital transactions increased heavily in 2020 as merchants quickly pivoted to online storefronts to serve customers. Unfortunately, this increased opportunities for various kinds of fraud, including “carding” attempts. Carding happens when fraudsters test to see if card numbers are valid by running large numbers of authorizations on e-commerce checkout pages.

In order to continue increasing security and delight merchants, our gateway now includes a customizable transaction velocity filter for merchants who process transactions via PayTrace’s API.

What does carding fraud look like?
Fraudsters use different methods to acquire credit card numbers, sometimes including phishing attacks and purchasing stolen card numbers. They then test the numbers to see if they’re active, making several small transactions on e-commerce sites. They then make larger, frequent purchases on those stolen numbers, using the now-tested credit cards.

Fraudsters can test thousands of cards in minutes. 

Merchants then face increased processing costs due to the inflated transaction volume caused by fraudsters. Tools like velocity filters reduce risk for merchants by limiting abnormal increases in transaction volume. It’s an added layer of security in a digital world.

Taking effect Monday, June 21, our API velocity filter will set a daily limit on the number of transactions a merchant can process. If that limit is reached and exceeded, API transactions will be turned off and merchants will receive a notification to check their system settings. Merchants can easily customize this daily limit in their Virtual Terminal settings, and can manually bypass the disabled transactions if you find there is no fraudulent activity. Our development team looked over months of merchant transaction data and volume to form the initial volume threshold. Please check this initial setting to ensure it fits your daily transaction requirements.

Key features: 

• Customizable amount for the number of merchant transactions
• Transaction counts are reset daily at 2 a.m. Pacific
• Access merchant account status and notifications via their Virtual Terminal dashboard as well as security settings
• Merchants may adjust these settings at their convenience
• Merchants can manually bypass the disabled transactions if no fraudulent activity is found

Next steps:

• This transaction velocity filter takes effect today, Monday, June 21st. No activation action is required, as the filter will automatically begin monitoring your transactions.
• Check your transaction velocity filter limits and make any adjustments necessary
• Regularly review the View Transactions report
• Adjust daily transaction limits, depending on seasonal demand, business growth, or special events

It is urgent for merchants to stay on top of the changing risks in the payments industry. Please customize the daily transaction limit to an amount that allows you to process needed transactions, while minimizing the risk of fraud. We hope this tool, along with other best practices, will help our API merchants be less attractive targets for malicious fraud efforts.

Stay on top of our platform updates by subscribing to our blog. We’re posting regular updates on how merchants can stay vigilant against fraudulent transactions. For additional information, please connect with the PayTrace Client Support team.