Skip to main content

Card testing

Malicious third parties may try to use your website to determine if stolen card details are valid. They try many small payments using different card numbers and expiry dates. The approved cards are then used to defraud another merchant for a larger amount. This is called "card testing".

Websites with minimal validation rules are often targets. This can include websites used for making donations or paying invoices.

Looking for test card numbers to use when developing your QuickStream solution? See: Test Cards and Bank Accounts.

Protect against card testing

If you make card testing difficult, your website is less likely to be a target.

You can:

  • Validate customer and payment reference numbers.
  • Set a minimum payment amount.
  • Add a captcha.
  • Use 3D Secure.
  • Use Fraud Guard.

Contact us

See Technical Support.

Westpac Privacy Statement

Privacy Statement (for individuals whose personal information may be collected - in this clause referred to as "you"). All personal information we collect about you is collected, used and disclosed by us in accordance with our Privacy Statement which is available at Privacy Statement or by calling us through your relationship manager or Westpac representative. Our Privacy Statement also provides information about how you can access and correct your personal information and make a complaint. You do not have to provide us with any personal information but, if you don't, we may not be able to process an application or a request for a product or service.