Consumers and retailers prefer credit cards as a convenient way to complete transactions on web and mobile applications.

But fraud is a nightmare for customers and merchants alike. With constant news of data breaches, shoppers are rightfully concerned about the safety of their payment data.Retailers are hurt just as badly by fraudulent credit card transactions. Fraud causes chargebacks, possible loss of products, and damage to a merchant’s reputation, all of which can greatly harm a business.

Carding is an automated form of payment fraud in which fraudsters test a bulk list of credit/debit card data against a merchant’s payment processing system to verify the stolen card details.It is a process to determine whether stolen card numbers are active and not yet reported lost or stolen.

Hackers deploy bots on payment processing pages to verify the validity of stolen card details.The authenticity of stolen card details are often unknown to the carders, and therefore, bots are deployed on payment processing pages to compose the correct set of card details. After identifying the right set of card details, hackers can sell them on dark web marketplaces or simply cash out the cards.

Shoping with Carding?

Carding gives cyber criminals a way to identify good cards that is of higher value. Carding typically starts when a fraudster finds a business whose credit card processing environment, payment page, or eCommerce site is vulnerable.

The fraudster then sells the verified stolen card numbers, identities and false logins to carders on “carding forums”. These lists are then used for larger purchases elsewhere which is a problem in itself, but the testing is also costing merchants unnecessary fees, chargebacks, and time sorting all these issues out.

symptoms of carding

Possible symptoms of carding include elevated basket abandonment, reduced average basket price, a higher proportion of failed payment authorizations, a disproportionate use of the payment step, increased chargebacks, and multiple failed payment authorizations from the same user, IP address, user agent, session, and/or device ID/fingerprint.

Protect Your Business from Carding?

1. Perform an Address Verification Service (AVS) Match

The resulting code will inform you whether the address mentioned on the checkout page matches the cardholder’s billing address. Do not ship to addresses other than the matched billing address for the highest level of protection.

2. Implement reCAPTCHA Technology

This will help ensure that every action is taken by a human and not an automated script or robot. Other alternatives exist to help detect bots or automated scripts.

3. Set a Minimum Transaction Amount

Most carders initiate transactions between $0.01 and $15 to verify the authenticity of the stolen card. Be sure to set reasonable limits to help detect fraud.

4. Implement Fraud Filters

Add third party or built-in fraud filters on payment gateways, shopping carts, or even use external services to help validate the data. These fraud filters will let you accept or reject transactions that seem risky by scoring transactions based on a number of additional factors.

Merchants need to maintain an ongoing assessment of their payments environment to ensure the security of their eCommerce sites, so this type of fraud doesn’t happen to them.