Card Testing
Learn how to prevent card testing.

Card testing is a fraudulent practice where stolen card information is used in an attempt to make unauthorized purchases. This practice is also known as:

  • Account testing
  • Carding
  • Card checking

Although fraudulent activity can’t be fully prevented, it can be detected and mitigated. At Bolt, we’re constantly improving our tools and products to ensure the occurrence of fraud is minimized for your business as well as your customers.

About Card Testing

The Impacts of Card Testing

Card testing can harm your business and shoppers in the following ways:

  • Disputes: Card testing leads to more disputes once the cardholder notices the fraudulent transaction on their account. These disputes cost you both time and money to properly handle.

  • Higher decline rates: Card testing involves purchase attempts using hundreds or thousands of stolen cards, resulting in a large number of declines. These declines are associated with your business, which ultimately damages your reputation with both card issuers and card networks. When transactions associated to your business appear riskier, they are declined more often – even when completely legitimate.

  • Additional fees: Card testing’s negative impacts on your disputes and decline rates can result in additional fees such as authorization fees and dispute fees.

  • Infrastructure strain: Card testing increases traffic (api calls, webhooks, alerts) that can overburden your infrastructure and create a lot of noise.

How Card Testing Works

Fraudsters use two methods to test whether a stolen or generated card is usable or not:

  • Authorizations: Authorizations typically do not show up on cardholder statements, meaning they are more likely to go unnoticed. Once the “silent” authorization validates usability, larger purchases are likely to occur using the stolen card.

  • Payments: Payments made to utilities, charities, etc are more visible to the cardholder but may go unnoticed. Once the “imposter” payment is processed, larger purchases are likely to occur using the stolen card.

How to Identify Card Testing

Card testing can be detected by monitoring decline rates.

How Bolt Prevents Card Testing

Bolt is proud to be a leader in fraud prevention. Our products and services offer a growing list of features aimed at mitigating fraudulent activities like card testing. While these features cannot prevent all card testing, they do enable you to make it very difficult for fraudsters to defraud you and your customers.

Step 1: Fraud Scoring Engine

Bolt’s Fraud Scoring uses a combination of behavioral and data signals to determine an overall numeric store between 0-1000 for each order.

Risk Level Color Score Range Description
Low Green 0-660 <10% estimated fraud loss
Medium Yellow 660-920 10-20% estimated fraud loss
High Orange 920-980 20-30% estimated fraud loss
Very High Red 980-1000 30%+ estimated fraud loss. Bolt does not permit authorization override on orders with very high risk.

Scoring is determined using over 100 datapoints to formulate a list of top 3 reasons (including card testing).

Reason Description
Address Address is unverified or associated with fraudulent activity.
Blocklist Shopper is listed on the merchant’s internal Blocklist.
Confirmed Lost/Stolen Card Bolt has confirmation of card reported as lost/stolen; this reason adds the shopper to the Blocklist.
Confirmed Past Fraudulent Orders Bolt has confirmation of past fraudulent activity; this reason adds the shopper to the Blocklist.
Device Device or browser specifications are suspicious.
Email Email is unrecognized or associated with fraudulent activity.
Fraudulent Card Testing Behavior Detected Shopper performed suspiciously high payment attempt velocity; this reason adds the shopper to the Blocklist.
IP IP address is masked.
Payment Information Credit card usage is suspicious.
Phone Number Contact details are associated with fraudulent activity.
Shipping Option Shipping details imply possible fraudulent activity.
Shopping Cart Contents Items in cart are more subject to fraudulent activity.
User Behavior Shopper’s interaction with the checkout is suspicious.
User History User identity is associated with fraudulent activity in the Bolt network.

Step 2: reCAPTCHA

Bolt’s reCAPTCHA (powered by Google) helps mitigate card testing by blocking malicious automated scripts. With reCAPTCHA, merchants can set a threshold…

Step 3: Bolt Single Sign-on (SSO)

Merchants participating in the Bolt Network can upgrade their shopper accounts to Bolt Accounts, which supports seamless SSO logins for purchasing. Purchases made through a Bolt Account benefit from Bolt’s One-Time Password (OTP) entry for added security.

Step 4: Risk Analysts

Bolt has a team of risk experts that monitor transactions, conduct re-reviews, train our fraud algorithm to detect the latest trends in fraudster behavior.

Filter by Section
Filter by Topic