Select Page

Carding occurs when bad actors use large volumes of stolen credit card data to attempt to make small purchases on an ecommerce website. It’s sometimes referred to as credit card stuffing or just plain old fraud, and it’s bad news for eCommerce merchants. 

What Does Carding Look Like?

Ecommerce merchants that have fallen victim to carding will often see some of the following telltale signs: 

  • a significant uptick in chargebacks
  • Multiple failed payment authorizations originating from the same user or location
  • Higher-than-average cart abandonment
  • Lower-than-average shopping cart totals

Merchants that become aware of these red flags may want to explore whether or not they could be experiencing carding. 

In today’s landscape, carding can often occur as a result of malware or phishing attacks that illegally capture credit card information. Cybercriminals then sell or trade that sensitive information on illegal websites. Once in the hands of bad actors, the credit card information is tested on ecommerce sites to see if the card has already been reported stolen, hence the series of small but suspicious transactions. 

One favorite tactic for cybercriminals involved in carding is to buy prepaid or gift cards using stolen credit card data. Those prepaid cards can then be used to purchase big-ticket items like laptops, smartphones, or other electronics. Those high-value goods can then be resold and converted back into cash. 

How Can I Prevent Carding and Protect My Online Customers?

Online merchants can take several steps and enact countermeasures to keep customer credit card information safe and prevent carding on their sites. Consider the following tools and tactics to bolster security and guard your customers’ sensitive credit card data:  

  • Setting Transaction Minimums. If possible, set a transaction amount minimum that is greater than $10. Most carding occurs between the $1 and $6 amount, so this can eliminate cybercriminals’ ability to test small transactions on your site. 
  • Throttle Transactions. Throttling, or deliberately slowing down data transfer speeds for transactions, allows you to accept transactions at a rate that makes carding more difficult. 
  • Address Verification Service (AVS). Require an AVS to ensure that the address entered online actually matches the address of the cardholder. Mismatches should trigger an additional review of the transaction. 
  • CVV Validation. CVV validation means requiring customers to enter the code on the back of major credit cards. This can help ensure that the person making the purchase has the physical credit card in their possession. 
  • Add reCAPTCHA. Integrating reCAPTCHA technology ensures that humans — not software bots or code script automation — are the ones behind actions occurring on your website.  

Carding equates to lost revenue for merchants, but it can also damage customers’ confidence in online shopping. Given the importance of online shopping — and its continued growth in popularity — merchants must take care to protect the experience for consumers. 

Not sure of the best ways to keep your site and your customers protected? Contact Arrow Payments for a free consultation today. Our team of payments experts can walk you through the best options for your unique needs.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

Emerging Cybersecurity Challenges in Higher Education

Emerging Cybersecurity Challenges in Higher Education

Higher education institutions are increasingly becoming targets for cyber threats, and the complexity of managing these challenges is growing. According to a recent survey, just under half (43%) of respondents in the education sector reported they hadn’t experienced a...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery