The Scenario:
A Peach Payments merchant, a mid-sized online electronics store, noticed an alarming pattern during a routine transaction review. Over a 24-hour period, their decline rate surged by 300%, with hundreds of small, seemingly random transactions being attempted.

Initially dismissed as a possible technical glitch, further investigation revealed that these weren’t legitimate customers—they were fraudsters testing stolen card details.

The Fraud Tactic:

Card testing occurs when fraudsters use automated bots or manual methods to test stolen card details to see which are valid. Once a card is verified, it’s used for larger fraudulent purchases elsewhere.

Key Indicators:

  • Numerous small transactions (often for low, random amounts).

  • Large number of unsuccessful transactions.

  • Transactions originating from multiple countries in quick succession.

Peach Payments’ Response

  1. Transaction Monitoring:
    Our Risk analysis report flagged the spike in payment attempts, triggering a review of the merchant’s activity.

  2. Risk Assessment:
    A deep dive revealed common fraud indicators:

  • High volume of failed attempts within a short time.

  • IP addresses associated with proxies or anonymous networks.

  • Mismatches between the cardholder’s country and the transaction’s IP location.

  1. Mitigation Steps:

  • BIN Blocking: With the permission of the merchant the BIN numbers that are associated with the attack are blocked on merchant level. BIN Blocking does have cost implications 

  • Blocked IP: with the permission of the merchant as blocking IP addresses has cost implications 

  • Whitelist SA Cards only: More often than not the transactions are for none South African cards 

  • Refund and Reconciliation: When possible we refund cards 

  1. Merchant Education:
    We educated the merchant on the importance of monitoring decline rates and implementing fraud prevention tools like velocity checks and plausibility filters.


The Outcome

  • Fraud Halted: The fraudulent activity was stopped within hours, preventing further card testing.

  • Merchant Safeguards: The merchant adopted advanced fraud prevention tools, reducing their risk exposure.

  • Customer Protection: The affected cardholders were notified via their issuing banks to prevent future misuse of their details.

Lessons Learned

  1. Card Testing Can Escalate Quickly.
    Fraudsters often test stolen card details in bulk. A single breach of card data can lead to widespread attempts across multiple merchants.

  2. Proactive Monitoring is Key.
    Real-time velocity checks, IP analysis, and risk scoring are essential for catching card testing early.

Merchants Must Stay Vigilant.
Encouraging merchants to watch for unusual spikes in decline rates and transaction attempts can be a game-changer in identifying fraud.