PaySia Help Center

Advice and answers from the PaySia team
Other content
How to connect your shopify store with paysia
First login to merchant account
Why is the registered address of the company rejected?
What is merchant underwriting?
Can a new company apply for PaySia?
How long does it take to apply for PaySia?
What do I need to prepare for applying for a PaySia account?
How do I get a PaySia account?
What is PaySia?
What Is a BIN Attack?
What Is Friendly Fraud?
What Is an Account Takeover?
What can I do now if I have been impacted by an account takeover?
Where do fraudsters find details for an account theft?
How do you stop fraudsters from finding details for an account takeover?
Triangulation Fraud
Help Center / 
Resources
 / 
What Is Card Testing?
Anti-fraud

What Is Card Testing?

Fresh credit card data doesn’t come with budget information – so the fraudsters have to test it somewhere to see if they have funds on them . ……………… .
Kerry Rice
Nov 19, 2022

What Is Card Testing?

Card testing is when a fraudster tests whether a stolen credit card is still active (“live”) before they go on to use it – as well as if it has funds left.

Testing involves conducting card activity less likely to be flagged as suspicious, and is often done on long lists of illegally acquired card credentials, to separate the wheat from the chaff.

Card testing can be conducted on physically stolen bank cards, physical reproductions of cards from scraping, generated card information, as well as on stolen credit card credentials, also known as card fullz.

How Does Card Testing Work?

There are two primary methods used by criminals to conduct card testing: pushing through small payments and conducting authorizations.

Small payments

The fraudster attempts to use a card to make a small payment. Acceptance of the payment will show them if the card is live, but it is also likely to draw the attention of the legitimate cardholder, as it will appear on their statement.

Even rejected payments can occasionally return useful information in terms of what caused the rejection, helping the fraudster to fool the system upon their next attempts.

Method benefits: easy to find places to use it; rejections can help criminals
Method risks: more likely to be caught

Authorizations

Unlike payments, authorizations are a query sent through the payment processor to the issuer as the first step in a payment, asking whether the customer has the funds to cover the transaction. These will take much longer to appear on card statements, giving the fraudster more time to use the active card.

Method benefits: cardholder not likely to find out; subtler method
Method risks: advanced anti-fraud methods will still catch these

At this point, the legitimate card owner might notice and contact the card issuer. This is bad news for the criminal but is also unfortunate for the merchant, who will be facing chargeback requests, which require time and often money to resolve – as well as affecting their chargeback rate, which can be catastrophic.

It is estimated that each case costs merchants up to 3.60 times the money lost in that transaction.

Another thing fraudsters testing stolen debit and credit cards are wary of is causing too many declines on each card. Depending on the issuer, this can lead to the card automatically freezing, which means it can’t be used anymore.

Card testing can be done on credit cards, as well as debit cards, prepaid cards and gift cards, usually in card-non-present environments. In fact, card-not-present (CNP) fraud is projected to cause losses of USD 34.66 billion to the economy every year.

Identify Online Card Fraud Fast

Card testing & carding can be a huge pain point. Find out how to stop it at payment gateways and other touchpoints.

What Is Card Testing Used For?  

Card testing is conducted to see whether stolen cards and/or credentials (fullz) are still active. From there, fraudsters will:

  • resell live cards for a profit (verified cards sell for more than untested cards)
  • use them to conduct fraud, including chargeback fraud
  • use them to buy gift cards or cryptocurrencies
  • use them to buy goods to reship
  • use them to buy criminal or unlawful services on the dark web
  • as well as any other act that involves card payments

How Does Card Testing Fraud Harm Ecommerce?

Fraudsters tend to target digital goods and services, as well as non-profit organizations, and the donation and support pages of content creators, mainly because they provide instant feedback on whether the card is live and has funds available.

Merchants have much to lose from card testing, both repetitive and one-off:

  • They can cause chargeback requests and as such, it can affect the chargeback ratio – which can ultimately even lead to being banned as a merchant.
  • Merchant can be flagged as high risk, thus being forced to pay higher fees to payment processors.
  • Successful testing signals low anti-fraud protocols to criminals, opening a Pandora’s box of subsequent fraud attacks.
  • Additional costs: dispute fees, interchange fees, work hours spent, resolution fees.
  • Drop in employee morale, as well as reputational damage.

Of course, also at risk from card testing are payment gateways, where fraudsters spam orders using different credentials to see which will go through, as well as card issuers themselves.


We work with dozens of Acquirer/PSP around the world to provide merchants with the best payment solutions.
All "logo" are trademarks owned or registered by the company behind them and may not be used without permission
PRODUCTS
Global PaymentShopping linkBillingPayment Method
INDUSTRY
E-commerceLogistics ExpressGovernmentInsuranceLocal lifeMedical Healthy
COMPANY
About usContact usCareersHelp CenterBlog
RESOURCES
API Portal NMTerms & PolicyChangelog
© Paysia is the website brand name of nib co., ltd. And nib co.,ltd is a Money Services Business(MSB) registered with FinCen in the United States.
Money Services BusinessFinCenMoney Transmitter