The Massive Scale of Card Testing Attacks

Card testing is a type of payment fraud in which attackers use bots to validate stolen card credentials by running small transactions across payment forms. If a transaction clears, the card is confirmed as active and usable for larger fraud. It is difficult to detect because the transactions are small, the card numbers rotate rapidly and attackers use anonymization tools to obscure origin.

Velocity-based controls — which flag accounts based on transaction frequency — once served as a reliable line of defense. Today’s card testing attacks use AI-powered bots that adapt in real time, mimic human behavior and distribute attempts to stay under detection thresholds. Traditional controls were not built to handle that level of sophistication.

Arkose Titan analyzes digital intelligence from across the globe to assess intent and assign risk scores in real time. It evaluates more than 225 risk signals per interaction, delivers adaptive responses based on assessed threat level and instantly shares risk signals across its global customer base — so mitigations applied for one organization benefit all.

Arkose Labs offers the industry’s first and only card testing warranty. Backed by a top-tier insurance carrier, it provides $1 million in coverage for businesses that experience card testing attacks while using Arkose Titan. The warranty reflects Arkose Labs’ confidence in the platform’s ability to stop card testing at scale.

Financial institutions, payment processors, e-commerce platforms and any business that accepts online card payments are primary targets. Card-not-present (CNP) environments carry the highest exposure — CNP fraud accounts for 83% of card payment fraud cases.