You may think that the size of your business makes you less vulnerable to fraud attacks, but the opposite can often be the case. Sophisticated fraudsters have a good idea about which businesses have less protection or don\u2019t have a dedicated fraud manager. In particular, they may target what they regard as relatively undefended businesses with card testing attacks. We've written about\u00a0card testing\u00a0before, but here's a quick refresh of what it is and how it can affect your business.\n\nWhat is card testing?\n\nFraudsters use card testing to determine the validity of stolen or fraudulently obtained card details. They attempt multiple purchases on an e-commerce website like yours (often using a botnet for speed and scale). If a transaction is approved, they know they can use the card. If, on the other hand, a card has already been canceled by its owner, authorization will be declined, and the fraudster will move on to testing the next card.\n\nWhat is the impact of a card testing attack?\n\nOur risk analysts have found that a card testing attack can negatively affect an unprepared business for several months, causing financial and other losses. Here's a typical timeline of what you could experience:\n\nDay 1 (attack day)\n\nThe fraudster submits potentially thousands of orders, many of which could be approved. Approved orders for physical goods could start to ship, resulting in lost product. Once card issuers become aware of what's happening, they may ask your acquirer to shut down your ability to process transactions. You'll need to provide proof of a mitigation strategy before you can restart transaction processing.\n\nDay 2-30\n\nBecause the fraudster submitted so many transactions, you may have to pay significant authorization processing fees to your acquirer and payment gateway. For example, your authorization fees could jump from an average of $40 a month to $15,000 a month. To add insult to injury, you won\u2019t earn any revenue on these transactions, either.\n\nDay 31-120\n\nChargebacks and their associated fees start to roll in because transactions weren't reversed during the initial attack.\n\nOngoing\n\nYour business could experience brand and reputational damage and loss of customer trust.\n\nHow can I protect my business from card testing?\n\nUnfortunately, once a card testing attack is in progress, there's little you can do. Your future self will thank you if, instead of reacting to an attack, you take a proactive approach to preventing card testing (and other types of fraud).\n\nNo single solution can completely stop fraud, which is why we recommend a multi-layered strategy. Consider combining best practices like risk reviews, minimum payment thresholds, and early identification of anomalies (which we wrote about\u00a0here) with a range of capable tools.\n\nHow Cybersource can help\n\nIn addition to following best practices, a fraud management tool is another layer of defense against card testing and other types of fraud.\n\nIf you already use Cybersource\u2019s payment platform, consider integrating\u00a0Fraud Management Essentials\u00a0to help prevent fraudulent transactions (including card testing) before they get as far as authorization.\n\nFraud Management Essentials\u00a0is ready to use and easy to configure. Developed with Cybersource's expertise and built on Visa\u2019s scale, its powerful features include:\n\nNot an expert at managing eCommerce fraud? Don\u2019t worry. To help you get started,\u00a0Fraud Management Essentials\u00a0comes with online training modules that you can access anytime.\n\nBy combining best practices with fraud and risk tools, you can better protect your business against card testing and other types of fraud and avoid the associated costs and negative impact on your brand.\n\nLearn more about\u00a0Fraud Management Essentials\u00a0and Cybersource\u2019s other\u00a0fraud and risk solutions.