Overview
2 min read
Card-Testing Defense is TrustLens’s real-time checkout protection layer. While the other detection modules analyze customer behavior after the fact, Card-Testing Defense operates at request time — intercepting checkout attempts as they happen and blocking the fingerprints behind automated card-testing attacks before the payment gateway is ever called. This page is the orientation document for the feature; the rest of this section covers each component in detail.
What a Card-Testing Attack Looks Like #
A card-testing attack is an automated probe of stolen card data. Fraudsters with lists of credit card numbers run them through your checkout in batches — usually small dollar amounts ($1–$5) — to identify which cards are still valid. Successful tests get resold or used elsewhere. The damage to your store:
- Gateway fees — every decline costs you
- Conversion metrics — your decline rate skews your analytics
- Downstream chargebacks — real cardholders dispute the test charges weeks later
- Card-network monitoring exposure — high decline rates and disputes push you toward VDMP/VFMP/ECP thresholds
Attacks typically run for 10 minutes to several hours, generating anywhere from dozens to thousands of authorization attempts.
The Defense Architecture #
TrustLens defends in layers, each catching different attack patterns:
| Layer | Catches | Free / Pro |
|---|---|---|
| Velocity detection per fingerprint | Bursts and sustained attacks from a single device | Free |
| Fingerprint lockouts | Stops further attempts for 60 seconds after threshold breach | Free |
| VIP customer bypass | Prevents legitimate VIPs from being false-positived | Free |
| Panic Freeze | Manual emergency stop — halts all checkouts for 15 minutes | Free |
| Auto-escalation | Automatic Panic Freeze when attack spreads across fingerprints | Pro |
| Geo-diversity safeguard | Prevents auto-escalation on legitimate viral / flash-sale traffic | Pro |
| Fingerprint / IP allowlists | Excludes QA, integration partners, known-good traffic | Pro |
| Advanced fingerprint (12-font) | Harder to spoof across botnet nodes | Pro |
| Attack History tab | Forensic data after an attack | Pro |
| Slack + email alerts | Notification on attack_detected / auto_escalated / panic_button_activated | Pro |
What’s Enabled Out of the Box #
Card-Testing Defense ships enabled with sensible defaults:
- 60-second decline threshold: 3 declines per fingerprint
- 60-second submission threshold: 10 submissions per fingerprint
- Lockout duration: 60 seconds
- VIP customer bypass: on
No setup is required to start protecting checkout. From activation onward, every authorization attempt passes through the velocity check.
The Request Gate #
Card-Testing Defense plugs into TrustLens’s unified Request Gate — a single rule-registration surface that intercepts both Classic and Blocks / Store API checkout. The gate runs:
- Pre-checkout: fingerprint capture, velocity check, lockout check, Panic Freeze check, blocked-customer check
- If any rule rejects: returns a generic error before the payment gateway is called
- If all rules pass: request proceeds to the gateway as normal
The gate’s design means a single code path handles all checkout enforcement — blocked customers and card-testing lockouts use the same mechanism, and adding rules (custom or future) is a plugin-level extension point.
When to Read Each Detail Page #
| Read This Page | If You Want To |
|---|---|
| Velocity Thresholds | Understand or tune the 60s / 10m thresholds |
| Panic Button | Know when and how to use the emergency stop |
| VIP Bypass | Understand the false-positive prevention |
| Fingerprinting | Know what TrustLens uses to identify devices |
| Auto-Escalation (Pro) | Configure automated Panic Freeze triggers |
| Geo-Diversity Safeguard (Pro) | Avoid false-escalating on legitimate viral traffic |
| Allowlists (Pro) | Exclude QA, partners, known devices |
| Attack History (Pro) | Review forensic data after an attack |
If You’re Reading This During an Active Attack #
If you’re investigating an active attack right now:
- Hit Panic Freeze. Go to TrustLens → Card Testing and click the red button. You have 15 minutes to investigate without further damage.
- Check the Card Testing page for recent decline events and top fingerprints.
- If you’re on Pro, the Attack History tab gives you 24-hour data and decline-code breakdown.
- Tune velocity thresholds down if appropriate — e.g. 3 declines / 60s if the attack is using a slow pattern.
- Cancel the freeze when you’re ready to resume checkout.
