What is Card Testing?

April 5, 2023/ Jarrod Wright /

Card testing, also known as carding, is a technique employed by cybercriminals to determine the validity of stolen credit card details. By conducting a series of small transactions or utilizing specific tools, these criminals verify whether the stolen card information can be used for larger, more lucrative purchases.

Card testing is a growing concern for businesses worldwide, as it poses both financial and reputational risks. In fact, the issue has become so serious that card testing officially surpassed phishing and identity theft to become the most common fraud attack globally in 2021.

In this article, we will delve into how card testing could affect your business, and the steps you can take to protect your interests.

How Card Testing Works

Fraudsters obtain credit card information through various means, such as phishing attacks, data breaches, or purchasing lists of card details on the dark web. Once they get ahold of this data, they can use automated tools and bots to perform multiple low-value transactions on different websites. In some cases, these transactions may be as small as a few cents, which might go unnoticed by the cardholder.

If these small transactions are successful, it’s an indication that the card details are valid and can be used for more significant fraudulent purchases. Cybercriminals then either use these cards for their gains or sell them to other criminals in the underground market.

How Card Testing Affects Merchants

Card testing can have severe consequences for your business. Here are just a few examples:

Chargebacks

When cardholders discover unauthorized transactions on their accounts, they will likely initiate a chargeback. This process involves the reversal of funds from the merchant’s account to the cardholder, often including additional fees for the merchant. As chargebacks accumulate, they can lead to substantial financial losses.

Damage to Reputation

If your business becomes known for being targeted by card testers, it could damage your reputation. Customers may perceive your website as unsecure, leading to a loss of trust and decreased sales.

Increased Fraud Risks

Fraudsters often communicate and compare notes with each other. If several successful card tests go through on your watch, they may identify you as a “soft target.” You could be facing many more incoming attacks as a result.

Increased Transaction Fees

Card testing can inflate your transaction fees, as payment processors typically charge fees based on the number of transactions rather than the total value of sales. With fraudsters making multiple low-value purchases, your fees could increase significantly.

Suspension or Termination of Merchant Accounts

Payment processors and acquiring banks monitor merchants for excessive chargebacks and other signs of fraud. If your chargeback rate rises above a certain threshold, they may suspend or terminate your merchant account, making it hard to continue processing payments.

Administration Headaches

Dealing with chargebacks, fraudulent transactions, and customer complaints requires time and resources, which could have been better spent on growing your business.

Protecting Your Business from Card Testing

Utilizing comprehensive customer relationship management (CRM) software can help you reveal payment discrepancies, better communicate with customers, and manage and monitor social media accounts. It can also help you keep track of metrics and analytics that can identify card testers posing as customers.

Of course, investing in or upgrading your CRM is just one idea. To safeguard your business from the adverse effects of card testing, consider implementing the following measures:

Use Fraud Prevention Tools

Many payment gateways and processors offer built-in fraud prevention tools that detect and prevent suspicious transactions. These tools use advanced algorithms to analyze transaction data, identifying patterns consistent with card testing and blocking them in real-time.

Enable Address Verification Service (AVS)

AVS is a fraud prevention measure that verifies the cardholder’s billing address with the issuing bank. By requiring customers to provide their billing address during checkout, you can reduce the likelihood of a fraudulent transaction.

Implement Card Verification Value (CVV)

The CVV is a three or four-digit code found on the back of a credit card. Requiring customers to enter this code during checkout helps confirm that they have physical possession of the card, reducing the risk of fraudulent transactions.

Set Transaction Velocity Limits

If you’re experiencing a specific, recurring amount associated with card testing, set your limits to automatically flag any transactions that appear suspicious.

Block Cross-Border Transactions

Unfortunately, a majority of card testers and botnet companies are located and operated outside of the US. While becoming a global retailer is a fantastic goal for merchants, you should be extremely cautious of international IP addresses. Blocking these transactions will eliminate much of your risk.

Don’t Sleep on Card Testing Scams

However you respond to fraud in general, and card testing in particular, it’s absolutely essential to invest time and revenue into resources that work. In other words, invest in multi-layered fraud strategies that blend innovation with human oversight.

If you’re struggling to make room in the budget for more staff, consider a third-party fraud management solution. As industry insiders, fraud and chargeback managers are uniquely placed to help your business prevent and fight back against all kinds of fraud, including card testing.

Last Update: April 5, 2023