# How do I prevent card testing attacks?

To help prevent card testing attacks, you or your developer will want to add mitigations to your payment integration. Mitigations that we recommend adding to your payment flow include:
* [Adding a CAPTCHA](https://stripe.com/docs/disputes/prevention/card-testing#captcha) to validate requests
* [Adding rate limits](https://stripe.com/docs/disputes/prevention/card-testing#rate-limits) to limit customer creation by a single IP address
* [Requiring login or session validation](https://stripe.com/docs/disputes/prevention/card-testing#session-validation) for performing certain actions
* Building Radar rules in Stripe that apply to specific card testing behaviours. Here are some examples of rules that target this type of activity:
  * Limit the number of cards that can be attached to a single customer
  * Limit the number of customers that can be created with a single IP address
  * Filter out requests with certain user agents or other parameters
If you want to maximise the impact on preventing card testing activity, Stripe recommends implementing a combination of migrations in your payment flow.
Disclaimer: Implementing mitigations does not guarantee that no card testing activity will occur on your account.
You can read more about how to prevent card testing attacks on the [Preventing card testing](https://stripe.com/docs/disputes/prevention/card-testing#prevent-card-testing) page.
Suspect your account is currently experiencing a card testing attack? Click here for next steps.