As automation and AI-driven technologies continue to revolutionize industries, they are also being leveraged by cybercriminals to conduct sophisticated fraud schemes. A recent report by Group IB1 highlights one such emerging threat: the rise of AI-powered card testing attacks.
What is Card Testing?
Card testing is a fraudulent practice where cybercriminals use stolen credit card details to make small, inconspicuous transactions. If successful, the card is deemed active and subsequently used for larger fraudulent purchases. Criminals are now leveraging automation, bots, and proxies to scale these attacks while evading traditional security measures.
How Card Testing Works
- Acquisition of Stolen Card Data – Cybercriminals obtain credit card details through phishing, skimming devices, data breaches, or malware-infected Automated Teller Machines (ATMs)/Point of Sale (POS) systems.
- Automated Testing – Using bots, proxies, and automation tools, fraudsters make small transactions to verify if a card is still active.
- Avoiding Detection – Fraudsters spread transactions across multiple merchants, use randomized purchase amounts, and mimic normal user behavior to evade fraud detection systems.
- Exploitation – Once a card is validated, it is either used for larger fraudulent purchases or sold on the dark web.
A Case Study in Fraud
In a recent wave of attacks observed in 2024, fraudsters used automation frameworks to execute high-volume transactions at e-ticket merchants. These cases illustrate how cybercriminals exploit AI and automated systems to bypass fraud detection mechanisms.
How Cards Get Compromised
Stolen credit card information typically originates from phishing scams, skimming devices, and malware-infected ATMs or POS systems. Once obtained, this data is sold on underground markets, fueling financial fraud on a global scale.
The Role of AI in Cybercrime
Fraudsters now use advanced automation tools, such as Selenium, to mimic real user behavior and circumvent security protocols. AI agents further exacerbate the problem by enabling automated fraudulent transactions and the creation of synthetic identities for money laundering.
Mitigating the Risks
To combat these threats, businesses must adopt proactive fraud prevention strategies, including:
- AI-driven bot detection to differentiate between human and automated activity.
- Proxy and hosting detection to identify and block suspicious traffic.
- Behavioral analytics to recognize anomalies in user interactions.
- 3-D Secure authentication for an added layer of transaction verification.
- Rate-limiting and CAPTCHA mechanisms to prevent automated card testing.
- Phishing awareness training to prevent card data from being stolen in the first place.
Fighting Back Against Fraud
Advanced fraud protection systems are at the forefront of detecting and mitigating automated fraud. These analytics help businesses identify and block fraudulent transactions in real-time, ensuring a higher level of security against AI-driven attacks.
Final Recommendations
To stay ahead of evolving cyber threats, organizations should:
- Enhance fraud detection with real-time monitoring and AI-driven security solutions.
- Continuously monitor for compromised data on underground markets.
- Strengthen merchant security standards to reduce vulnerabilities.
The intersection of AI and cybercrime presents new challenges, but with the right strategies, businesses can protect themselves against emerging fraud techniques.
1 The Dark Side of Automation and Rise of AI Agents | Group-IB Blog. February 5, 2025. retrieved from https://www.group-ib.com/blog/the-dark-side-of-automation-and-rise-of-ai-agent/
Walt Houser 