This article is produced with scandiweb's eCommerce expertise

Collaborate with our development, PPC, SEO, data & analytics, or customer experience teams to grow your eCommerce business.

Store Under Carding Attack? Here’s What To Do

What is a carding attack and how do you recognize it? Is there a way to halt an ongoing attack when you spot it? This article will tell you exactly what you can do to stop a carding attack plus give you tips on how to protect your store from any future attack.

What is Carding?

Carding is an online security threat where attackers try to confirm the validity of stolen credit card credentials by using bots to perform multiple automated purchases over the internet. 

How does it affect eCommerce sites?

Although card owners are the ones who are directly affected by the stolen card information and eventual unauthorized card purchases, eCommerce sites used by the attackers in the process also suffer negative consequences. 

A carding attack usually results in chargebacks or transaction reversals that force the merchants to refund the money spent on disputed purchases. And chargebacks can definitely hurt merchants because they negatively affect the business’ reputation among credit card merchants and processors, involve fees that will affect their bottom line, and be a reason for loss of customer loyalty. 

Carding attack details as it happened

We noticed a huge spike in the number of orders being placed and all had the same shipping address and visibly fake customer details. It was clear that the site was under attack. Surprisingly, a large number of the orders being placed used valid card details during checkout, and the automated fraud detection did not flag these orders or payments.

It was then that we realized that we were facing a carding attack. And we needed to find a way to stop it right away.

A carding attack essentially involves orders being placed using stolen credit or debit card data. The purpose of the attack is to validate whether a card is still valid and then use it to make different transactions or for transferring money across different accounts.

The signature feature of a carding attack is seemingly real orders being placed in rapid succession, but often for the same low-priced product and with repeating customer details and IP address. It’s also possible to launch a distributed attack, so the orders would seem to be coming from multiple customers and IP addresses, but a closer inspection would reveal the attack patterns.

The attack could place a heavy load on the site servers and quickly deplete the inventory of the targeted products. But the real damage is in the resulting chargebacks if and when the transactions get disputed. And add to that the fact that the delivery addresses used in the attack are usually fake, repeated across hundreds of orders, with no one interested in receiving the orders.

How to stop a carding attack

To stop the carding attack, we first needed to identify the pattern. We quickly disabled the products that were being ordered, so the orders stopped. However, the attacker was still sending requests and overloading the servers. They could also very easily target another product and continue the attack. 

Next, we identified the set of IP addresses that were being used for the attack and block incoming traffic from those addresses. We were aware that this could also have impacted other legitimate customers who used the same public IP, and that the attacker could easily switch to a VPN with a different IP address and continue the attack.

Hence, we maintained close monitoring of the orders being placed while working on a permanent solution to stop the carding attack and prevent it from happening again.

Preventive measures against carding attacks

As with any type of attack, the best course of action is to put in place preventative measures and avoid the attack altogether. To this end, we recommend enabling security features in two levels:

  1. Activate captcha on checkout. To avoid inconvenience to actual customers, invisible reCAPTCHA could be implemented.
  2. Activate rate limit on the infrastructure level. This would identify repeated requests and block any attack that makes multiple requests within a short period of time.

Need support setting up the above preventive measures to protect your store from carding attacks? Our expert team of developers is ready to help you with that and more. Send us a message or hit that orange chat bubble on the right to get the conversation started today.

Hire eCommerce experts

Get in touch for a free consultation.

Your request will be processed by

If you enjoyed this post, you may also like