Carding FAQs
What is a carding attack?
Carding is a type of payment fraud. The process starts with card thieves, or 'carders' who steal a large amount of credit/debit card details through scams, such as phishing, skimming or hacking. The cards are then tested in bulk against a payment processing system to check their validity. They will then try to make unauthorised online transactions, purchase gift or prepaid cards and generally misuse the card information for financial gain.
What can I do to protect my business from carding attacks?
There are many ways you can protect your business from fraudulent carding activity including:
3D Secure (3DS)
We’ve been working with our partners and other acquirers to launch 3DS to ensure all transactions are verified to the highest level–reducing the risk of fraud and chargebacks as a result of carding attacks.
3DS is a customer authentication service introduced by Visa, Mastercard and American Express. The service is individually branded as Verified by Visa, Mastercard SecureCode and American Express SafeKey. It’s designed to protect you and the cardholder from fraudulent ecommerce transactions by adding an extra layer of security for online credit and debit card transactions. Cardholders are asked to key in a personal passcode after their card details have been entered.
CAPTCHA
Implementing a CAPTCHA on your website could also interrupt a fraudster’s carding attempt on your website.
A CAPTCHA will help to distinguish human from machine input to reduce spam and automated insertion/extraction of data from websites. It presents a random sequence of distorted letters and/or numbers that is simple for humans to identify, but difficult for machines and bots. Speak to your web developer about adding a CAPTCHA to your website.
Fraud Management
You can add fraud rules and checks to help validate transactions and decide whether to continue and fulfil your orders. These rules can be adapted to your personal risk preferences, helping to protect you against potential fraudulent activity.
Our Fraud Management product executes a series of rules configured by you, at the time the transaction is authorised, that can PASS, HOLD or BLOCK transactions automatically. It can help you identify suspected fraudulent transactions. Visit our Fraud Management page for more information on our service.
Will you notify me if you suspect a carding attack on my payment facility?
Due to the nature of carding attacks, they are not always apparent until they are already underway. If we do identify a pattern of ongoing transactions that we suspect could be fraudulent, we may disable your account from processing further transactions. We’ll attempt to contact authorised people within your business to discuss this and suggest steps to remediate the security on your website. This can be via telephone or email, depending on the contact information we have available for you, so it’s important to ensure your contact details are up to date with us at all times.
We process millions of transactions every day for businesses all around the world - what may seem like fraud to one business may not be treated the same by another business. With this in mind, it’s solely the responsibility of the business to ensure you have the necessary control measures in place to prevent fraudulent activity on your payment facility.
Are there fees associated with a Carding Attack?
Yes. We charge for all transactions that interact with the card issuing banks, such as for authorisations and declines. The payment brands may also impose integrity fees. To avoid these, you must implement controls to ensure good data quality in authorisation requests. Any attacks will be subject to transaction charges.
Contact information
If you have any questions, or would like to discuss how we can help your business reduce the risks of carding, email us at [email protected] or call IRE: +353 (1) 702 2000* or UK: +44 (0) 203 026 9659*.
*Lines are open from 8.30am to 6pm, Monday to Friday, except public holidays. If you have a speech or hearing impairment, you can call us using the Relay Service by dialling 18001 followed by the number you want to call. Calls may be recorded. To help us continually improve on our service and in the interests of security, we may monitor and/or record your telephone calls with us. Any recordings remain our sole property.