Contact your Merchant Account Provider and Payment Gateway Immediately

If you suspect that you are a victim of a carding attack, the first thing you should do is notify your Merchant Account provider right away, as well as your Payment Gateway.

There are several steps you will take to firstly stop an ongoing attack that include blocking IP addresses, rotating your security key and/or disabling your merchant account profile from processing.

Next, you will determine the scope of the attack and the appropriate next steps.

Stop the Initial Attack

Discuss with your Merchant Account provider and Payment Gateway the tools they have available to stop an ongoing carding attack. Consider each and implement as appropriate. The tools that you may have available immediately are to firstly, rotate your Payment Gateway key. This is important since you probably do not know how the carding attack is being perpetuated. It's likely that only later will you learn exactly how your payment system was compromised. Rotating the security key will protect you if the key has been breached by a rogue third-party developer or, possibly, someone within your company.

Secondly, your Hosting provider or Payment Gateway may be able to block the IP or series of IP addresses that may be triggering an attack. However, this step requires that you have identified the set of transactions and IP addresses in use to take advantage of this method. If you are unable to do so, these same vendors may be able to assist you.

In addition, the Merchant Account provider can temporarily disable your merchant account profile from processing payments. Depending on whether the carding attack ceases or is ongoing, you may choose to maintain the temporary block.

Initiate an Investigation and Identify the Scope of the Attack

If you do not have a process plan to fall back on, create an investigation team, and immediately start an investigation on the cause. We recommend that you include a member from your Engineering, Marketing, Network Engineering, and Customer Service teams.

Start by identifying the impacted transactions and understanding the scope of the attack. Look for patterns in your transaction set such as recurring dollar amounts; the same Bank Identification Numbers (BIN) being repeated; shipping addresses not matching the mailing address, high-level of declines, and unusual time spans between authorization attempts or bursts in authorization attempts. Note that some of these patterns may characterize normal behavior in your business.

The impacted transactions may involve a combination of your customer data with stolen cards, or just stolen cards. Understand the impact of each, so you can draft an appropriate action and communication plan.

The identified transactions will include both successful and unsuccessful transactions. Start with creating a plan for the successful transactions. These transactions have a financial implication for the cardholder as well as you. Whereas the impact of unsuccessful transactions is limited to just your business.

Resolve the Impacted Successful Transactions

Now you have identified the impacted successful transactions, time is of the essence, as you may be able to void the transactions prior to batch settlement. Incorporate the help of your Payment Gateway to help with processing the voids, depending on the number of successful authorizations involved.

If the transactions have already settled, immediately refund the payments. If you have the contact information for the cardholder, advise those customers to notify their bank and have a new credit card issued. If you do not have this information, processing the refund will return the money received via settlement to the cardholder, and help prevent a subsequent dispute to the payment. If you are using "Alerts" through a third-party vendor, you will want to make sure they are aware of the issue and are in sync with your plans.

If a product or service delivery is also involved, cancel immediately.

Create a Communication Plan

Create both an internal and external communication plan, which will include any impacted end-customers as well as any vendors that support your business.

If any end-customers are impacted, it is essential that you communicate the impact to them as soon as possible. Note that if you find that any of your data has been stolen, you will need to understand the policies employed by each of the States that you do business in and incorporate into your communication plan.

Remember, your company's reputation is on the line here.

Whatever you decide to do, make sure you have a strategy ready for dealing with customers who became victims of the carding attack. What you do ahead of time can go a long way in controlling the impact of the carding attack on you and your customer.

Be prepared to hear from Affected Cardholders

Impacted cardholders, whose card numbers were stolen, will see your business name on their statements or online banking records. Consequently, you should expect to hear from these cardholders, who may or may not be your customer.

It is essential that you and your company's customer support team have a plan in place ahead of time for dealing with the questions and concerns that will be coming your way.

Determine if Authorities will be Notified

A potential carding incident may necessitate the filing of a Suspicious Activity Report (SARS), which is done through the Financial Crimes Enforcement Network (FinCEN). Your Merchant Account provider will file this report if the attack meets specific criteria. You may also file a police report or notify the Internet Crime Complaint Center at

Determine if Authorities will be Notified

Once the carding attack is under control, understand the lessons learned, and research what techniques or steps can be implemented to prevent future attacks. Please review our previous blog article on carding and What can you do to protect yourself from carding?

Have a plan for your business should this type of attack happen again. Yes, have a plan. Fraudsters spend their time thinking about ways to perpetrate fraud, the way you think about growing your business. Having a plan will go a long way to managing the impact of a carding attack.

About Qualpay

Qualpay is a fully-integrated payments platform that utilizes the most up to date technology to reduce costs and streamline back-office operations. Its comprehensive system addresses and resolves the payment challenges businesses face, ensuring a stronger, more robust infrastructure that allows companies to focus on growing their business. Qualpay's reporting intelligence and data analytics allow customers to quickly and efficiently manage their payment finances, saving them both time and money. Simply put, Qualpay provides a better way to manage payments. For more information, please visit