The author shares their experience with a card testing attack that their company faced. They initially implemented Stripe Radar and added captcha to their checkout process to address the issue. However, they later discovered that the attackers were manually or lightly automating the attacks, using a list of cards with similar parameters. The author suspects that the attackers obtained the card parameters from a private Discord server or Telegram channel. They also found online tools that automate Stripe Checkout cracking. The author discusses the aftermath of the attack and the steps they took to address it. They also highlight the unfair treatment businesses face in online payments and suggest prevention methods.
https://chargebackstop.com/blog/card-networks-exploitation/