Carding attempt, or carding attack, is one of the common tactics used by fraudsters trying to discover the validity of a list of stolen cards. The perpetrators achieve their objectives by performing multiple order submissions, usually in a short time of period, to gather as many card information returned by the payment gateway linked to the merchant sites. If this activity went on unnoticed until a sizeable number of card attempts had been performed, you are not only encountering substantial losses, especially for digital contents, you might also be questioned by your payment gateway for failing to mitigate these carding attempts and possibly lose your payment account.
You can avoid falling prey to carding attacks by creating a rule to detect them. We have 2 validation rules allowing you to check the number of attempts using different cards for a buyer within 24 hours or 7 days. However, please note that this new rule will only validate velocity using card BIN number, but not the full credit number. And, this rule is only available for subscribers of Small plan onward.
Below you’ll see how to set up the validation rule.
- To setup this rule, login and go to your Rule Management page.
- Add a new rule and search for Total Card Attempt by Email.
- Enter the quantity of credit card attempted.
- Press Save button on the top to apply the changes.
In this case, any customers trying to use a second credit card to place an order in your store within 24 hours, will get rejected.