Skip to content
Go to Commerce7.com
  • There are no suggestions because the search field is empty.

Carding Attacks and How They Are Handled

Learn about 'carding attacks' and how they can affect your business

What is a carding attack? 

Carding attacks can occur at any time and can affect any online merchant, regardless of size or transaction volume.
 
In these attacks, fraudsters use your ecommerce checkout as a testing ground for stolen or generated card numbers, running a series of small or repeated authorization attempts to identify which cards are still active and usable. 
 
Even when the dollar amounts are low and most of the transactions fail, each attempt is still processed through the card network, which still incur fees from the card brands.
 
'Slow burn' attacks are especially challenging to identify because fraudsters intentionally space out their authorization attempts over an extended period, keeping the volume just low enough to stay under typical fraud and rate-limit thresholds.
 
Unfortunately, Commerce7 (and most other software providers) cannot control/prevent these attacks from happening; However, we have, and continue to improve on, our detection and alert systems around fraud such as this. It's also important, that you, the business, are monitoring transactions on a regular basis.
 
 
 
What fees are associated when a carding attack occurs?
 
Because each attempt is still processed through the card network, carding attacks can lead to fees and increased processing costs for your business.
  •  Even failed transactions can incur fees from card networks (Visa, Mastercard, etc.). 
  •  These are often categorized by the card brand as: 
    •  Authorization fees 
    •  Misuse / excessive retry fees 
    •  Other network assessment fees 
  •  These charges are passed through to the card brands by the payment processor (Fullsteam) and are not controlled or absorbed by Commerce7 .
 
What is the impact on you, as the merchant?
 
Merchants may see unexpected increases in processing costs without a corresponding increase in successful sales.
  • Fees can accumulate quickly depending on volume of attempts. 
  • These are not refundable in most cases, as they are levied by the card brands. 

What can you do (as the merchant) to help prevent carding attacks?
 
It is important to regularly review and monitor your transactions so you can quickly spot unusual patterns or warning signs of potential red flags.
  •  Monitor transaction logs in Merchant Track/Pulse for high volumes of failed payments.
    • Log into Merchant Track/Pulse
    • Go to Transaction Search in the menu
    • Enter a date range and under Status, choose 'Failed'
    • This will return all failed transactions, making it easier to identify whether there is an issue.
  •  Be proactive in identifying unusual activity early (fraudulent orders, etc.).
  •  Understand that liability for these fees sits with you (the merchant), not Commerce7.