Aperia Compliance, an IXOPAY company, has announced the launch of Card Testing Reimbursement, a protection programme designed to reduce the financial impact of card testing fraud on acquirers, independent sales organisations, and processors.
According to the official press release, the product is available immediately as an add-on to existing breach and risk programmes.
Card testing is the deliberate exploitation of unprotected transaction entry points to run high volumes of authorisations across sets of card numbers, enabling criminals to identify which accounts are valid. Common attack vectors include unused or poorly secured payment gateway credentials, gateways lacking velocity checks, and weak enforcement of CVV, address verification, or 3D Secure controls. In 2022, Stripe reported its fraud systems were blocking more than 20 million card testing attempts per day at the peak of a significant attack wave.
Programme scope and market positioning
Card Testing Reimbursement is designed to act as a financial safety net after a card testing event has occurred, covering authorisation and network-related costs that can spike significantly during large-scale attacks. The programme is not a monitoring or prevention tool, but is intended to complement existing preventive measures such as script monitoring, velocity controls, and authentication enforcement.
Aperia positions the product as addressing a gap in the market where card testing attacks generate real costs, including unexpected network and authorisation fees and operational overhead across fraud, risk, and support teams, without always triggering conventional breach response frameworks, since no cardholder data is necessarily compromised in the process. The product is available to qualifying acquirers, ISOs, and processors.
Commenting on the news, Tony Norrie, President of Aperia Compliance, mentioned that card testing is one of payments' most expensive blind spots because it does not resemble a classic breach yet triggers real costs across the portfolio, turning what appears to be a series of authorisations into unexpected fees and operational disruption.
