In the underbelly of the web, there's a whole network of thieves and scammers. They collect stolen credit card numbers and sell them in large databases. One of the ways they find out what numbers can be used for nefarious purchases is card testing. They choose a retailer -- unfortunately, usually a small one like mine -- and create a fake order, with fake contact information, fake email, fake phone number, and generally for products adding up to a lot of money. Then they set up a script that plugs in their database of stolen card numbers and let it run. Most of the numbers will fail, since they don't have the correct address or contact information. This means the purchase doesn't actually go through, but they can run thousands of transactions in a very short amount of time.
My store has recently been targeted by one of these operations. As a result, I've had to increase security on my site. I know this will unfortunately block some legitimate orders, so if this happens to you, please do email me at [email protected] -- I don't want to keep real orders from coming through, but I also don't want to be the store that allows card testing to take place.
Please note that the carding attempts are not hacks on my site or an indication that data entered on my site is compromised. Card testing can happen on anyone's store, and does not require any sort of hacking to carry out. Your information is safe with me -- I never see your credit card information, and the database is secure. Card testing is a thief trying out card numbers to see what works, not an internal breech of card information.
If you've come to SBP because you saw a large amount pending on your card, rest assured that it will not be completed; the charge is an authorization only, and the second step -- actually charging the amount to your account -- will not go through. However, this does mean that your card number has been stolen by the thieves doing the testing, so please contact the appropriate bank immediately and cancel the card.