Card Testing Fraud

Card testing, also known as card cracking, involves a fraudster using a stolen credit card number to make a small purchase. This is done to confirm if the card is active and whether it can bypass the merchant’s fraud detection measures.

If the initial small purchase is successful, the fraudster proceeds to make larger transactions, maximizing their gains before detection. Validated card numbers may also be sold on the dark web at a higher price than untested ones.

Fraudsters must be cautious with newly acquired payment credentials to avoid suspicion and card deactivation. Excessive declines on significant purchases can lead to card suspension. Often, they possess incomplete credentials that work with merchants lacking robust fraud prevention tools, making small to medium-sized businesses prime targets.

Automated software is frequently employed by fraudsters to test large sets of payment credentials simultaneously. These credit card numbers can be acquired through hacking databases containing customer data. Complete payment information is sometimes acquired through phishing attacks, which target numerous potential victims simultaneously.

Some fraudsters opt to purchase stolen payment credentials on the dark web instead of procuring them independently. This can be a highly profitable venture for those skilled at testing and profiting from stolen payment data.

For merchants, card testing can result in a rapid influx of fraudulent transactions, potentially causing substantial harm before the issue is detected.

Card testing is essentially a low-profile trial, intentionally kept inconspicuous by the fraudster to avoid raising suspicion, even in the event of multiple declines. If a transaction is approved, the fraudster establishes a successful payment history with both the card and the merchant. Subsequently, future purchases, even for larger amounts, are more likely to be accepted without raising red flags.