Carding is usually done through a public-facing payment form that doesn’t have any barriers for entry. Fraudsters will write automated scripts that access the payment form and run stolen card data one-by-one to verify if the card still works. To protect yourself from carding preemptively, it’s best to make it as difficult as possible for a script to be able to access the payment form.
- Web development knowledge is required for most payment form security methods that protect against carding.
How do I protect myself against carding?
The most effective way to avoid carding attempts is to ensure that your payment form isn’t easily accessed by an automated script. There are many ways that a website can be developed to avoid carding. We recommend the following methods:
- CAPTCHA - the most popular being Google’s reCAPTCHA.
- Requiring manual entry on select fields, especially the credit card number. (custom-made forms).
- Hiding your payment form behind a login page.
If your payment form is too difficult for the fraudster to access, they will likely move on.
Good to know:
- As a business owner, it’s up to you to enable tools to secure your account.
- While under a carding incident, you can stop carding by disabling the payment form.
- Any approved transactions from a carding incident are considered a high-risk for chargebacks.