Velocity Attacks And How To Avoid Them On Your Merchant Account

Updated on November 23rd, 2021
Understanding Security

Whether you have a brick-and-mortar location or you run an online business, securing both your and your customers’ sensitive data should always be a priority. While taking measures like using anti-virus software, tools to detect malware, and educating yourself and employees on the most common threats are all great places to start, data breaches aren’t your only threat.

There’s also something called velocity threats that could do some serious damage to your merchant account, and business overall.

What are velocity attacks?

A velocity attack is when a nefarious individual keeps submitting a credit or debit card in order to make unauthorized charges. They’ll keep submitting the card number until it’s verified. They usually obtain card numbers that have been stolen from a point-of-a-sale terminal.

Depending on the software that’s being used to launch a velocity attack, it could generate random number sequences which would create charges every time that a sequence relates to a valid credit card number – usually when the merchant is asleep. As a result, the merchant would start their business day with charges that have not been authorized. And, as if that weren’t bad enough, this could keep repeating until the card amount has been maxed-out or someone has noticed these unauthorized transactions.

The impact of velocity attacks.

After a velocity attack has occurred there’s a lot of cleaning up to do. In fact, it could take you several days or even weeks to determine which transactions were authorized and which ones were not. In other words, you’re going to be spending a lot of time on the phone with customers, your bank, and your payment processor if you want to straighten this mess out.

Even more problematic, your customers may lose confidence in your business, which could result in them jumping ship and supporting a competitor. And, since you’ll have to reverse these charges, you’ll also have to deal with chargebacks and a loss in revenue.

How to avoid velocity attacks on your merchant account.

Being proactive is the best way to reduce, and ultimately avoid velocity attacks.

The first place to start is by running a velocity check. This is simply software that keeps a lookout for repeating patterns and will monitor the number of times that a specific data element occurs within a specified timeframe. These data elements are usually;

  • User ID/email address
  • IP address
  • Billing address
  • Shipping address
  • Phone number
  • Device ID/signature
  • Credit card number/payment method
  • Browser cookie

Keep in mind that a customer name isn’t an effective data element during a velocity check since it’s possible that more than one person has the same name.

Most fraud prevention services, like Sift Science or Fiserv, offer velocity checks.

You should also invest in a velocity filter from companies like BluePay, which is a tool that tests multiple card numbers against your merchant account. The filter will then automatically reject transactions made within a one-hour window. This is based on the parameters that you’ve set, such as;

  • The maximum dollar amount for all sales that occur within a 60-minute window.
  • The total sales amount you have per hour.
  • The amount of transactions, regardless of dollar amount, that you process every dollar.
  • Suspicious IP addresses.

Besides purchasing software and tools, don’t forget to take additional measures like setting up your account so that you;

  • Restrict the volume of refunds that available per hour.
  • Set limits for maximum sales transaction values based on your average sales each hour.
  • Set limits on transaction volumes, which is the total number of transactions completed per hour.

You should also monitor and block IP addresses that have a higher-than-average number of visits and transactions, as well as use security methods like tokenization and point-to-point encryption.

The bottom line.

As a merchant, it’s your responsibility to mitigate the risks involved with processing payments – especially credit card fraud. While we often focus on other threats, velocity attacks are a common form of credit card fraud that’s often overlooked. However, they can be a costly attack that can end up costing you a ton of time and money.

To prevent velocity attacks from taking place, make sure that you invest in fraud management tools and software. Just as important, make sure that you pay attention to any transactions that are excessive; or come from the same IP, email, billing or shipping address.

Chalmers Brown - Former CTO of Due

Chalmers Brown - Former CTO of Due

I'm Chalmers Brown and former CTO of Due. I'm a big fan of technology and building financial products that help people better their lives. I have a passion for financial products that help people. I build complex financial infrastructure protocols that help scale financial companies. They are secure and support millions of customers worldwide.

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More