Card testing is a type of fraudulent activity where someone tries to determine whether stolen card information is valid so that they can use it to make purchases. A fraudster may do this by purchasing stolen credit card information, and then attempting to validate or make purchases with those cards to determine which cards are still valid. Other common terms for card testing are “carding”, “account testing”, and “card checking.”
Fraudulent activity such as card testing is an unavoidable part of online commerce. Card testing, however, has consequences for the entire payments ecosystem, so merchants, card networks, and payment partners like Stripe share responsibility to prevent it. Stripe is constantly improving tools and systems to detect and reduce fraud, but you must remain vigilant with respect to fraud.
Card testers use both authorizations and payments to determine whether the stolen or generated card information they have is valid or not.
Card testing has many negative outcomes, some of which get worse over time as card testing continues:
If your integration is being exploited by card testers, we recommend that you take the following actions immediately:
You can identify most card testing activity by a significant increase in declines. Payments that were blocked due to card testing will be indicated as such when you view Payment Details on blocked transactions.
Card testers employ a wide variety of techniques to make their fraudulent activity difficult to block. As a result, simple firewall rules or filters based on things like user agent strings are usually not sufficient to prevent card testing on their own.
Your platform's partner Stripe has many automated and manual controls in place to mitigate card testing, including rate limiters, alerts, machine learning models, ongoing reviews, and more. When it is first detected that you’re under a card testing attack, Stripe will apply as many controls as we can to mitigate the attack.
However, also including the following information with your payments can have a significant impact on the performance of card testing models.