What is Card Testing and How Can Merchants Stop It?
What Is Card Testing?
Card testing is a type of fraudulent activity where criminals use stolen credit or debit card numbers to run small transactions through a merchant’s payment system. These aren’t purchases made with the goal of stealing your product or service. Instead, your business is being used as a tool to check which stolen cards are still valid.
Once a fraudster confirms a card is active, they can either:
Use it for larger fraudulent purchases elsewhere, or
Sell the verified card number for a higher price on the dark web.
How Card Testing Works
Here’s a typical pattern:
A fraudster acquires a batch of stolen card data.
They target a merchant’s website with an online checkout or donation form.
Using bots or scripts, they initiate hundreds of low-dollar transactions — often $0.01 to $1.00.
Approved transactions = valid cards.
The merchant is left with:
Dozens (or hundreds) of chargebacks
Fees from their processor
A spike in fraud alerts
Why It’s a Big Problem for Merchants
Card testing isn’t just annoying — it’s expensive and potentially devastating:
Chargebacks: Once legitimate cardholders notice the unauthorized transactions, they dispute them. Each chargeback typically costs the merchant $15–$25 in fees, not to mention the loss of the transaction.
Processor Risk Flags: Excessive fraud or chargebacks can cause your merchant account to be frozen or terminated.
Higher Fees: Risky behavior can result in increased processing rates or the forced purchase of fraud prevention tools.
Reputation Damage: If your site becomes known as a soft target for fraud, it can harm your standing with consumers and payment providers alike.
Common Targets for Card Testing
Certain types of merchants are especially vulnerable:
Nonprofits with donation forms (often minimal checkout validation)
Subscription services with easy sign-up flows
Retail sites with no AVS or CVV enforcement
Startups or DIY e-commerce sites without strong fraud tools
How Merchants Can Prevent Card Testing
The good news: most payment processors and gateways offer tools to fight back. Here’s what you can do:
✅ Enable CVV and AVS Verification
Require the 3-digit CVV code and verify the billing ZIP code to weed out invalid or stolen cards.
✅ Use CAPTCHA or Rate Limiting
Stop bots by requiring human interaction or slowing down multiple attempts from the same IP.
✅ Enable Gateway Fraud Filters
Platforms like Authorize.net, Stripe, NMI, and PayLo offer filters to limit suspicious transaction behavior.
✅ Monitor Transaction Logs
Set alerts for bursts of low-dollar transactions or an unusually high number of declined attempts.
✅ Implement Tokenization and 3D Secure
Advanced verification steps like 3D Secure add a layer of cardholder authentication that helps block fraud.
Advice for Agents: What to Tell Your Merchants
If you’re a merchant service agent or ISO rep, be proactive with your clients:
Educate them on why enabling fraud tools matters, even if it adds friction.
Recommend platforms like PayLo that offer built-in security measures and tools to detect card testing.
Help merchants analyze their gateway settings and adjust their fraud filters based on risk level.
Offer solutions that balance conversion rates with security.
Card testing may seem like background noise in the vast world of payment fraud, but it’s often the first wave of a bigger threat. The sooner a merchant detects and defends against it, the more secure their business — and their bottom line — will be.
If your business has experienced strange micro-transactions or unexplained chargebacks, it’s time to tighten your fraud prevention strategy.
Recent blog posts
The latest industry news, interviews, technologies, and resources
SignaPay Celebrates Fourth Appearance on Inc. Magazine’s Inc. 5000 List
FOR IMMEDIATE RELEASE Dallas, TX, August 13, 2024 – SignaPay, a premier provider of innovative payment solutions, is thrilled to announce its inclusion in Inc. Magazine’s prestigious Inc. 5000 list …
The Visa–Mastercard “Settlement” Isn’t Relief — It’s a Reminder
Visa and Mastercard’s proposed settlement offers minimal relief. Learn why merchants are pushing back — and how Dual Pricing puts control back in their hands.
Beyond the Cloud: Why Resilient Hospitality Will Define Restaurants in 2026
Learn the six essential online payment methods every small business needs in 2025, plus how SignaPay’s omnichannel solutions simplify payments and reduce costs.
New Figure POS Features Helping Restaurants Run Smarter Kitchens
Restaurant operators live and die by efficiency. When kitchens are cluttered with unreadable tickets or prep stations lack visibility into the full order, mistakes happen—and margins suffer. That’s why Figure …
