To help prevent card testing attacks you, or your developer, will want to add mitigations to your payment integration. Mitigations we recommend adding for your payment flow include:

• Add a CAPTCHA to validate requests
• Add rate limits to limit customer creation by a single IP address
• Require login or session validation for performing certain actions
• Build Radar rules in Stripe that apply to specific card testing behaviors. Here are some examples of rules that target this type of activity:
  • Limit the number of cards that can be attached to a single customer
  • Limit the number of customers that can be created with a single IP address
  • Filter out requests with certain user agents or other parameters

If you want to maximize the impact on preventing card testing activity, Stripe recommends implementing a combination of migrations in your payment flow.

Disclaimer: implementing mitigations does not guarantee that no card testing activity will occur on your account.

You can read more in depth on how to prevent card testing attacks on the Preventing Card Testing page.

Suspect your account is currently experiencing a card testing attack? Click here for next steps.