Case Study: Stopping a
Credit Card Testing Attack (Carding)

The Target: An e-commerce store donating to charity ($1 donation page).

The Attack: Carding. Attackers abuse low-value payment pages to test thousands of stolen credit card numbers to see which ones are valid.

The Timeline

02:00 AM: Traffic spikes. 200 requests per second hit the standard checkout endpoint.

02:01 AM: The WAF (Web Application Firewall) sees unique IPs for almost every request. Rate limiting by IP fails because each IP only makes 1 request.

02:02 AM: Stripe flags the account for "excessive declines." Use of stolen cards is rampant. The business is at risk of losing their payment processing.

The IPASIS Intervention

The engineering team deployed a hotfix using IPASIS. They analyzed the incoming IPs.

The Pattern: 99.8% of the attacking traffic flagged as is_proxy: true.

Even though the IPs were rotating, they were all coming from known proxy networks. They weren't legitimate residential ISP traffic from standard users.

The Result

By implementing a simple check:

if (ip.is_proxy || ip.is_vpn) { block_checkout(); }

The attack volume dropped to near zero effective requests. The legitimate traffic (real donors) continued uninterrupted. The Stripe account was saved.

Carding attacks rely on volume. If you can identify the source type of the traffic, you can stop them without annoying CAPTCHAs for regular users.