Common Card Testing TacticsHow Fraudsters Conduct Card Testing Scams Using Your Checkout System
Card Testing Tactics: The Fraudster’s Playbook
Although card testing might seem like brute force, it’s usually a calculated and often automated assault.
Fraudsters don’t manually type in stolen credit card numbers one by one. Instead, they deploy sophisticated bots and scripts to do the dirty work, which run through hundreds or thousands of stolen credentials in the time it takes you to click a few buttons. In this article, we’ll take a closer look at how card testing works and explore the tactics scammers use to fly under the radar.
Card Testing
Criminals validate stolen credit card information by making small, inconspicuous purchases. Once they confirm the card details are valid, they may proceed to make larger unauthorized transactions. This tactic helps fraudsters avoid detection until they have successfully exploited the stolen card.
How Does Card Testing Work?
The scammer may attempt purchases with several new accounts at once to evade detection, circumvent bans, and test multiple card numbers simultaneously. They’ll cycle through IP addresses to hide their geolocation information, or try to mimic legitimate buyer behavior.
The process will usually go something like this:
What Do Scammers Do Next?
If the small charges go through, the fraudster knows that the credit card number is active and valid. They can then use this information to make larger purchases.
Alternately, some card testers may opt to resell individual credit card numbers on the dark web. Numbers that have been verified and are active can sell for a much higher price point. In some cases, the fraudsters may even use the information to create counterfeit credit cards and use them for in-person purchases.
