Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Card testing

Card testing

(also card checking)

Card testing definition

Card testing, also known as card checking, is a type of fraud where criminals try to see if stolen credit card information is still working. They do this by making small purchases or trying to get permission for a purchase. Doing so means they can check if the card still works without drawing the attention of the card owner.

See also: scam, brute-force attack

How card testing works

  • Criminals gather stolen credit card details from data breaches, hacking, phishing, or the dark web. These details include the cardholder’s name, card number, expiration date, and often the CVV code.
  • To check if the stolen card works, criminals perform card testing — trying small transactions or authorization requests on e-commerce sites, services, or donation pages.
  • If small tests succeed, criminals know the card works. They then use it for bigger transactions, leading to more losses.
  • Businesses handling many small transactions, like online shops with cheap items or donation sites, are easy targets. Criminals exploit these platforms since their actions are less likely to be noticed.

How criminals get stolen card details

  • Phishing. Hackers send fake emails, messages, or sites to trick people into sharing credit card details. These look real, imitating banks, trusted sites, or e-commerce platforms.
  • Skimming. Criminals attach small skimmers to payment terminals, ATMs, or gas pumps. These grab credit card info when users swipe or insert cards.
  • Data breaches. Criminals target organizations’ databases storing customer info, including credit card data. If security is weak, hackers can break in and steal sensitive data like card numbers, names, and personal info.
  • Malware. Malicious software, like keyloggers or spyware, sneaks onto devices and records credit card info as users type it.
  • The dark web. Cybercriminals may buy stolen credit card data on dark web marketplaces.
  • Brute force attacks. Criminals use automated tools to guess card numbers, especially if the pattern is weak.

Further reading

Ultimate digital security