What is Carding?

75% of Canadians say they are more concerned about fraud today than they were five years ago. And it’s no wonder why, with a 78% increase in fraud losses in the seven years from 2008 to 2015. Protect yourself, and your merchant account, by learning more about this fraudulent tactic below.

What is Carding?

There are two types of Carding, front-end and back-end.

  • Front-End Carding happens at your checkout. The fraudster is trying to purchase something from your store, and running through a laundry list of credit cards until one works. Their personal information stays the same, the purchase amount doesn’t change, but the credit cards information changes.

  • Back-End Carding happens on our server. Someone with a large number of stolen credit cards attempts to test their validity by running small transactions on a random merchant account. They do this by guessing your Merchant ID number, then sending a request to process transactions to your payment provider using your Merchant ID.

At Bambora, once we detect carding we alert the merchant immediately. If any of the payments were approved, we run a batch refund.

Is the Merchant Account compromised?

If your Merchant Account has experienced back-end carding, the good news is the information is still safe and secure. The Merchant Account itself has not be breached.

How do you detect Carding?

We have become experts at identifying Carding attempts. There are multiple ways we can detect it, the biggest being the decline rate on micro-transactions. Remember with Back-End Carding, the fraudster is just trying to see if the credit card still works, to be able to use it in another purchase. They are sending a small amount to us to test, which we detect. There are countless other ways we can detect Carding, but rest assured we do.

What can be done to prevent future Carding?

When we flag that an account has shown Carding activity, we sometimes enable a security feature called Hash Validation to prevent any future attempts. There may be updates to the account depending on how payments are being processed, but we will be here to offer support.

Hash Validation is one of the many tools that we can help you protect against Carding. It isn’t always a fit with every business, so we will work with you to find the right protection for your business.

Processing payments online can expose you to a certain level of risk. Hopefully, you will never get the alert notifying you that we have detected Carding on your account, but if you do – don’t panic. Your information is safe, we will issue the batch refund, and we will work with you to prevent any future attempts.

We are your partner in payments, through the good and the bad.


Did you like this and want more like it? We can deliver more straight to your inbox!


Bambora use cookies to give you the best possible experience when visiting our website. This Cookie Policy explains what cookies are and how Bambora uses them. By continuing to browse or use the Bambora website, you agree that we can store and access cookies as described in this Cookie Policy.  For further information about how we collect and use information about you, please refer to our Privacy policy.

Cookies are small text files that are stored on your computer and are used to track what you are doing on the website. 

There are two main types of cookies that we use:

  1. A persistent cookie, which is stored on your computer when you access the website and remains there until you erase them, or they expire.
  2. A session cookie, which is stored temporarily in the computer memory when you browse the website. The session cookie disappears when you close your browser.

Bambora use cookies to:

  1. Improve the user experience of the website, by for example by adapting the website to reflect your requirements, choices and interests.
  2. Provide information for website statistics regarding the use of the website.
  3. Follow advertisement in media to adapt our services to help you receive more relevant offers.

Some cookies that Bambora uses are strictly necessary for the operation of the website, enabling you to move around the website and use its features. For example they help support the structure of the pages that are displayed to you, help to improve navigation and allow you to return to pages you have previously visited.


Bambora also use cookies from third-party providers. These are used mainly to analyze user behaviour with the purpose to improving user experience, and to offer more relevant advertising.


You can choose if you want to accept cookies.

If you do not want to accept the use of cookies, you can adjust the system settings in your browser to delete all cookies that are already on your computer and, in most browsers, to prevent them from being placed. Certain functionality on our website can only be used if your browser allows cookies and may not work if you choose not to accept cookies or adjust your browser cookie settings.

If you have any questions about our use of cookies, please contact us.

We are open for business!

Welcome to the world of payment solutions. Choose your country and start accepting payments from customers all over the world.