Skip to main content

How to Protect Your Business from Card Testing Fraud

Updated

Overview

Card testing is a type of payment fraud where criminals use stolen or guessed credit card numbers to run many small transactions—often just $1 each—in a short period of time. These attacks are not only disruptive but can lead to expensive chargebacks, fees, and even restrictions on your account.

This guide explains how to recognize card testing and outlines the steps you can take in your Merchant Portal to protect your business.

What Is Card Testing?

Card testing occurs when fraudsters run small-dollar transactions to check if a stolen card number is valid. If the transaction goes through, the card may then be used for larger fraudulent purchases—sometimes on other websites. These attacks are usually carried out by bots and can happen even if you don’t sell online, especially if your payment credentials are exposed.

Why It Matters

Preventing card testing helps you:

  • Avoid expensive chargeback fees.
  • Protect your payment processing account from disruptions or restrictions.
  • Keep your transaction reports clean and accurate.

When to Watch for Card Testing

Be alert if you notice:

  • Sudden spikes in small transactions (e.g., hundreds of $1.00 charges).
  • Multiple transactions with the same card prefix or cardholder name.
  • Your normal daily count jumps drastically (e.g., from 50 to 5,000).

These may be signs that bots are testing stolen card numbers on your account.

Steps to Prevent Card Testing

1. Enable Address Verification (AVS)

AVS helps verify that the billing address entered matches what the card issuer has on file.

To enable:

  1. Log in to your Merchant Portal.
  2. Go to Settings
  3. Under Security Options click Address Verification.
  4. Enable the AVS options that best suit your business.
  5. Click Save.

2. Require CVV for Transactions

The CVV (Card Verification Value) is a 3- or 4-digit number on the card, which bots often don’t have.

To require CVV:

  1. Go to Settings.
  2. Under Security Options click Card ID Verification.
  3. Enable the CVV options that best suit your business.
  4. Click Save.

3. Restrict IP Access

Limit which IP addresses can access your account or make API calls.

To set IP restrictions:

  1. Go to Settings > Security Options.
  2. Under Security Options click IP Restrictions.
  3. Add only the IP addresses you trust.
  4. Click Save.

4. Add CAPTCHA to Your Website

CAPTCHA helps block bots from submitting payment forms.

What to do:

  • Contact your website developer or software provider.
  • Ask them to install CAPTCHA on your payment or checkout page.
  • Mention that you’ve seen signs of card testing fraud.

5. Use Fraud Prevention Tools

These tools help block suspicious transactions before they’re processed.

To activate:

  1. Go to the Marketplace Apps > App Store
  2. Enable Fraud Prevention. (If you do not see Fraud Prevention tools in your Marketplace or settings, contact your Merchant Service Provider.)
  3. Set rules like:
    • Transaction amount limits
    • Geolocation filters
    • Create blocklists
  4. Enable Approval Rate Requirement for added protection.

For advanced tools like Kount Fraud Manager:

  1. Locate Kount Fraud Manager in the Marketplace.
  2. Follow the steps to activate and configure.

Note: Some tools may carry additional fees. Contact your Merchant Service Provider for details.

6. Rotate API Keys

Change your API credentials regularly to minimize unauthorized use.

To rotate keys:

  1. Go to Settings > Security Options > Security Keys.
  2. Delete any outdated keys.
  3. Generate new keys and update your connected systems.

7. Use Unique Logins and Strong Passwords

Avoid shared accounts and use strong, unique passwords and enable two-factor authentication (2FA) when possible.

To manage user access:

  1. Go to Settings > User Accounts.
  2. Click a username to change a password or re-send login details.
  3. Click Add User to create separate accounts with specific permissions.

Merchant Impact

Taking these steps helps:

  • Lower the risk of fraud-related account disruptions.
  • Keep chargeback and processing fees under control.
  • Improve the accuracy and integrity of your transaction reports.

Common Questions

What does card testing look like in my reports?
Look for a sudden increase in $1.00 transactions, identical card prefixes, or repeated customer names.

Can I block transactions from certain countries or regions?
Yes, the Fraud Prevention tool allows you to block transactions by geolocation.

Will these tools stop all fraud?
No tool can prevent every case, but using these combined defenses greatly reduces your risk.

Need Help?

If you suspect card testing or want help enabling these features, contact your Merchant Service Provider for assistance.