Card testing (also known as carding or account testing) is a type of fraud where cybercriminals use automated botnets or scripts to test the validity of stolen credit card numbers on a merchant's payment gateway.
How Card Testing Works
Fraudsters purchase massive lists of stolen credit card data from the dark web. They don't know which cards are still active, so they program bots to make thousands of small, low-value purchases (often for $1 or $2) on an unsuspecting merchant's website. If a transaction goes through, they know the card is valid and will use it for larger, high-value theft elsewhere.
The Impact on Merchants and Acquirers
Card testing is devastating. It floods the merchant's payment gateway with authorization requests, driving up transaction fees. Worse, the inevitable chargebacks from the stolen cards will skyrocket the merchant's chargeback ratio, putting their acquiring bank at risk of card network fines.
Detecting External Scam Signals with Onlayer
While merchants must secure their gateways, acquiring banks must monitor for the fallout. Onlayer analyzes public sentiment and operational behavior, identifying up to 3x more fraud risk signals than internal sources alone. By catching external scam tags and sudden drops in public ratings, Onlayer alerts your risk team to merchants actively suffering from or facilitating fraud.
