What is Carding and How to Keep eCommerce Businesses Protected


Back to all posts

Published on

Last updated on

What is carding and how can eCommerce providers avoid it?

While the world has kept its attention on minimizing the impacts of COVID-19, working hard to restore normalcy to life one day at a time, it’s important to continue maintaining protective measures against cybercrime while our backs are turned. One of the most popular forms of credit card fraudulence comes in the form of carding.

Businesses are certainly distracted, trying to either keep up with the increased volume of eCommerce transactions, or for some industries, finding ways to keep their online doors open in a weakened economy. However, there are simple measures to take that can keep businesses and their customer payment information protected from fraudulent activity like carding.

What is carding?

Carding, also known as credit card stuffing, fraud or verification, happens when cyber criminals attempt to make small purchases with large volumes of stolen credit card numbers on one eCommerce platform. Businesses that have fallen victim to a carding attack often see a drastic uptick in chargebacks and multiple failed payment authorizations from the same user or location. The affected organization might also experience elevated basket or shopping cart abandonment and reduced basket totals.

Stay protected against 'Carding', illustration of fraudster attempting carding but hampered by security measures

What are the consequences of carding?

Usually, the validity of the stolen information is unknown to cybercriminals until the attack takes place. Afterwards all of the credit card numbers that successfully completed the requested transactions are sold along with any known personal information on the black market. Unfortunately, this type of attack typically happens at night, goes unnoticed by the consumers and results in poor credit or penalties. It can also cause significant financial losses for the affected business which may be responsible for covering the cost of the illegally processed transactions on behalf of their customers.

So, what can companies do to protect themselves and customers against carding?

There are a variety of countermeasures that can be used to prevent a carding event. Broken down simply, businesses will want to protect customer accounts as well as their eCommerce site.

  • CVV Validation. To defend customer accounts, you should require CVV validation. This is the code on the back of most major credit cards.
  • AVS. You’ll also want to require an AVS or Address Verification Service code. It’ll tell you whether or not the address given online actually matches that of the cardholder.
  • Transaction Minimums. You should also set a transaction amount minimum above $10, if possible (most carding events charge between $1 and $6). Also, it is helpful if you require a valid login to allow users to access your payment page.
  • Throttle Transactions. Transaction throttling can also prevent fraud. It works by giving businesses a simple way to deliberately slow down data transfer speeds so transactions can be accepted at a rate that wouldn’t be conducive to a carding event.
  • Add reCAPTCHA. Integrating reCAPTCHA technology onto eCommerce sites can also defend payments. It validates that all actions performed on a site are done so by humans and not bots or script automation.

As you can see, a little preparation can go a long way when it comes to preventing fraudulent attacks like carding. If you have questions on this topic, fill out the brief form below. We are always happy to continue the conversation.

Looking for more information?

Fill out the form below and we'll connect with you.


Thanks for your interest!
We will be in touch soon.