Card testing is a prevalent fraudulent activity used to determine the validity of stolen card information to use those cards for online purchases. This validation of stolen card numbers and details is typically done by bad actors utilising automated scripts and bots.
These are the primary methods used to test the validity of stolen card information:
- Authorisations - Queries are sent to the payment processor and card issuer, asking whether there are enough funds for a transaction. Authorisations take longer to appear on card statements, giving fraudsters more time to exploit the card.
- Small value payments - Card testers prefer making smaller payments, which are less likely to be noticed by cardholders and reported as fraudulent.
Use reCAPTCHA to prevent card testing
Invisible reCAPTCHA protects your account by helping to distinguish a human from an automated bot by analysing user activity.
By adding Invisible reCAPTCHA to your checkout process, you are helping protect your site against fraudulent transactions.
Enabling reCAPTCHA
Invisible reCAPTCHA is enabled by default when using these payment tools:
- Payment Page and Payment Button features
- Xero Payment Page
If you’re submitting payments to our API, your developer will need to implement reCAPTCHA or Invisible reCAPTCHA on your checkout page to protect from card testing.
Follow this guide for how to protect your website with reCAPTCHA.
