Select Page

Carding occurs when bad actors use large volumes of stolen credit card data to attempt to make small purchases on an ecommerce website. It’s sometimes referred to as credit card stuffing or just plain old fraud, and it’s bad news for eCommerce merchants. 

What Does Carding Look Like?

Ecommerce merchants that have fallen victim to carding will often see some of the following telltale signs: 

  • a significant uptick in chargebacks
  • Multiple failed payment authorizations originating from the same user or location
  • Higher-than-average cart abandonment
  • Lower-than-average shopping cart totals

Merchants that become aware of these red flags may want to explore whether or not they could be experiencing carding. 

In today’s landscape, carding can often occur as a result of malware or phishing attacks that illegally capture credit card information. Cybercriminals then sell or trade that sensitive information on illegal websites. Once in the hands of bad actors, the credit card information is tested on ecommerce sites to see if the card has already been reported stolen, hence the series of small but suspicious transactions. 

One favorite tactic for cybercriminals involved in carding is to buy prepaid or gift cards using stolen credit card data. Those prepaid cards can then be used to purchase big-ticket items like laptops, smartphones, or other electronics. Those high-value goods can then be resold and converted back into cash. 

How Can I Prevent Carding and Protect My Online Customers?

Online merchants can take several steps and enact countermeasures to keep customer credit card information safe and prevent carding on their sites. Consider the following tools and tactics to bolster security and guard your customers’ sensitive credit card data:  

  • Setting Transaction Minimums. If possible, set a transaction amount minimum that is greater than $10. Most carding occurs between the $1 and $6 amount, so this can eliminate cybercriminals’ ability to test small transactions on your site. 
  • Throttle Transactions. Throttling, or deliberately slowing down data transfer speeds for transactions, allows you to accept transactions at a rate that makes carding more difficult. 
  • Address Verification Service (AVS). Require an AVS to ensure that the address entered online actually matches the address of the cardholder. Mismatches should trigger an additional review of the transaction. 
  • CVV Validation. CVV validation means requiring customers to enter the code on the back of major credit cards. This can help ensure that the person making the purchase has the physical credit card in their possession. 
  • Add reCAPTCHA. Integrating reCAPTCHA technology ensures that humans — not software bots or code script automation — are the ones behind actions occurring on your website.  

Carding equates to lost revenue for merchants, but it can also damage customers’ confidence in online shopping. Given the importance of online shopping — and its continued growth in popularity — merchants must take care to protect the experience for consumers. 

Not sure of the best ways to keep your site and your customers protected? Contact Arrow Payments for a free consultation today. Our team of payments experts can walk you through the best options for your unique needs.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

5 Cybersecurity Facts to Know in Higher Ed

5 Cybersecurity Facts to Know in Higher Ed

Data breaches have become an unfortunate part of life, and cybersecurity is now more important than ever. Many universities are struggling to adapt to managing data sprawl, cloud services, and a variety of digital payment methods. As things only become more complex,...

Is Your University Ransomware-Proof?

Is Your University Ransomware-Proof?

Just a few months ago, the FBI issued a warning to universities about a sharp uptick in ransomware incidents that can extract and encrypt data. In 2020, ransomware attacks occurred across colleges and universities in the U.S., including one case where hackers asked...

How to Keep Omnichannel Payments Secure in 2021

How to Keep Omnichannel Payments Secure in 2021

The move to online payment channels means more convenience... and more risk. The past year has been marked by a shift to online payment channels and brick-and-mortar businesses were forced to pivot due to the pandemic. This dramatic increase in online and mobile sales...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery