Card Cycling: The Fraudulent Tactics Threatening SMEs in Hong Kong EJINSIGHT
Hong Kong is one of the world’s leading financial hubs, so it’s no surprise that the city and its residents’ finances are attractive to fraudsters. According to a study conducted by NordVPN, 399,537 payment cards that were hacked belonged to Hong Kong. And while the methods of committing fraud vary, an increasingly common tactic – known as card cycling – occurs at the e-commerce checkout.
Card cycling, also known as credit card testing, is an insidious way to validate stolen credit card credentials. It’s a simple scheme: Scammers find a website where they can make purchases with a small dollar amount, as these often go under the radar (donation platforms are common). They write a computer script that allows them to sift through thousands of stolen credit card numbers to find valid ones.
Afterwards, the bad actor has a set of valid card details they can use to buy goods on that or another platform (for later resale), or sell at a premium on the dark web because they’ve already been verified. As fraudsters redouble their efforts to trick users into revealing personal information, this is one of the most common fraud tactics affecting Hong Kong consumers today.
Keeping small and medium-sized businesses fraud-free
As we move beyond the pandemic, consumers are using more digital tools and looking for more virtual or digital experiences. This makes digital fraud, including card cycling, one of the most dangerous threats to businesses in Hong Kong – especially to small and medium-sized enterprises (SMEs), which make up more than 98 percent of businesses in the city. SMBs must balance the need for technology that makes them more cyber-enabled, while reducing their increased vulnerability to fraudsters. As a result, secure payment methods with more innovative features are essential to ensure safe, seamless payment experiences.
Mastercard’s borderless payments research indicated that nearly 60 percent of SMEs globally have increased their use of cross-border payments during the pandemic. However, despite widespread use, over 40 percent of businesses and consumers said they are concerned about being targeted by fraudsters. Respondents also expressed concerns about fees and service times, including a lack of transparency and geographic restrictions on payments. In addition, unlike large enterprises, SMEs do not have the resources to staff large know-your-customer (KYC) teams – making their already limited resources more vulnerable to fraudsters.
If a fraudster gets away with testing stolen payment information on apps or websites, they’ll likely try to make a fraudulent purchase — leading to chargebacks and potential damage to the bottom line. These concerns can also affect customer loyalty, as customers first experience fraud or payment friction, their trust in SMEs may decrease. This erosion of trust can lead customers to decide to make future purchases through larger companies instead, making SMEs less viable.
What can be done and what should SMEs look for?
To address these concerns, a critical priority for SMEs is to rethink their current anti-fraud approach. Because of the reputational risk involved when consumers discover that their data has been compromised, businesses are reluctant to disclose that they have been the victim of an attack. This is of course only to the detriment of business in general. Entrepreneurs, especially SMB owners, need to be more open about the impact of fraud, and do more to protect themselves – especially as cybercrime such as card cycling continues to rise.
If SMEs have the right security protections in place on their e-commerce websites or apps, card cycling won’t be hard to spot. Any user who enters many different credit card numbers in quick succession from the same IP address is likely a cycler. Looking at behavioral indicators, such as typing cadence, can help identify automated activity, including short cycling robots.
User experience is an important element to be incorporated into the anti-fraud process. Preventing fraud while providing fast, seamless and secure detection, as well as reducing effort and delay, is critical for small and medium-sized businesses. In the digital age, SMBs can leverage behavioral information to create better customer experiences and build stronger security protections for their customers. By gaining a better understanding of their trusted users, companies can flag bad actors faster and more accurately, resulting in a frictionless, secure user experience.
As SMEs are vital to our communities, it is important for them to be equipped with the right knowledge and information about fraud prevention. The more we are aware of fraudulent tactics such as card cycling, the more we can avoid – and eliminate – the risks and threats they pose to Hong Kong businesses and consumers.
— Contact us at [email protected]