[email protected] +44 208 126 4154

Ecommerce fraud: credit card testing & bin attacks explained

5 minute read
> News & Press

Ecommerce fraud: credit card testing & bin attacks explained

While more than 14,809 UK retail stores have permanently closed their doors since the start of the pandemic, eCommerce has had quite the opposite experience. Online sales growth hit a 13-year high in 2020. Quite simply, business is booming for eCommerce merchants.

Unfortunately, this growing demand has attracted the attention of fraudsters eager to take advantage of card-not-present transactions. Card testing fraud and BIN attacks are two particular examples. These forms of fraud can be difficult to spot as they will often take place in the middle of the night, when you’re most likely sleeping and not actively monitoring activity on your website.


Card testing fraud is when fraudsters obtain, steal or purchase stolen card data. This data is useless to a fraudster if they cannot tell which cards are still active. To see which card numbers still work and have available credit on them, fraudsters will test them on eCommerce websites via the payment gateway and checkout pages.

Testing is carried out by placing multiple small orders at once, sometimes involving hundreds of thousands of transactions within a very short time frame. Usually, the fraudsters will deploy a bot to automate this process and the transactions will come from just a few similar IP addresses.

If your website is hit with card testing fraud you will receive the transaction fees that have been incurred.


BIN attack involves using a known BIN (Bank Identification Number) and testing the remaining digits of a card number, once again with the use of a bot. Fraudsters will test these numbers by making small transactions of less than £1. Small amounts are hard for fraud detection systems to spot, and most consumers don’t even notice them.

The valid numbers are later used to make much larger transactions, with your business and the card issuers having to bear the losses.


Obviously, every merchant hates fraud. Consumers aren’t too thrilled about it either. So, what can be done to fight back against the fraudsters?

The good news is that many major eCommerce platforms are supported by a variety of plugins that help you protect your online store, some of these include:


It might sound like something out of Star Trek, but anomaly detection is actually a very effective tool for detecting suspicious activity on your website. It can identify sudden, unusual spikes in your visitor traffic and spot other unusual shopping behaviour that may be occurring.,


CAPTCHA is a visual challenge which is designed to determine whether or not the user is a human. Implementing this technology into your checkout experience can be an effective measure at blocking out many of these bots.


An accessible checkout experience can be a big win for your customers, however if the checkout process is made too frictionless it can open the flood gates to fraud. Fortunately, data validation tools can verify if the information provided, such as an address, postcode or email address is legitimate.

Installing fraud prevention plugins onto your online store is one thing, but it’s equally important to choose a payment processor (such as Pixxles) which can easily integrate with your eCommerce platform so that the payment process for your genuine transactions can be securely and reliably taken care of.


For more tips on growing your eCommerce business, search #PixxlesPowerUps. Watch our eCommerce video guides here or visit our resources page to read more helpful blogs.

Let's grow your business together

Sign up with Pixxles today
Man holding phone