How to Stay Protected Against 'Carding'

Share

Back to all posts

What is carding and how can eCommerce providers avoid it?

During the holidays, one of the last things you probably want to think about is work. Cyber criminals know this. While we are busy binge watching holiday classics and inhaling our favorite snacks, cyber criminals are busy plotting their next attack. During this time of year, carding is one of the most popular.

What is carding?

Carding, also known as credit card stuffing, fraud or verification, happens when cyber criminals attempt to make small purchases with large volumes of stolen credit card numbers on one eCommerce platform. Businesses that have fallen victim to a carding attack often see a drastic uptick in chargebacks and multiple failed payment authorizations from the same user or location. The affected organization might also experience elevated basket or shopping cart abandonment and reduced basket totals.

Stay protected against 'Carding', illustration of fraudster attempting carding but hampered by security measures


What are the consequences of carding?

Usually, the validity of the stolen information is unknown to cybercriminals until the attack takes place. Afterwards all of the credit card numbers that successfully completed the requested transactions are sold along with any known personal information on the black market. Unfortunately, this type of attack typically happens at night, goes unnoticed by the consumers and results in poor credit or penalties. It can also cause significant financial losses for the affected business which may be responsible for covering the cost of the illegally processed transactions on behalf of their customers.

So, what can companies do to protect themselves and customers against carding?

There are a variety of countermeasures that can be used to prevent a carding event. Broken down simply, businesses will want to protect customer accounts as well as their eCommerce site. To defend customer accounts, you should require CVV validation. This is the code on the back of most major credit cards.

  • AVS. You’ll also want to require an AVS or Address Verification Service code. It’ll tell you whether or not the address given online actually matches that of the cardholder.
  • Transaction Minimums. You should also set a transaction amount minimum above $10, if possible (most carding events charge between $1 and $6). Also, it is helpful if you require a valid login to allow users to access your payment page.
  • Throttle Transactions. Transaction throttling can also prevent fraud. It works by giving businesses a simple way to deliberately slow down data transfer speeds so transactions can be accepted at a rate that wouldn’t be conducive to a carding event.
  • Add reCAPTCHA. Integrating reCAPTCHA technology onto eCommerce sites can also defend payments. It validates that all actions performed on a site are done so by humans and not bots or script automation.

As you can see, a little preparation can go a long way when it comes to preventing fraudulent attacks like carding. If you have questions on this topic, fill out the brief form below. We are always happy to continue the conversation.

Looking for more information?

Fill out the form below and we'll connect with you.