Across the payments ecosystem, criminals need validated, “live” cards because stolen cards are the fuel for almost every form of online payment fraud. The sooner they confirm which cards work, the sooner they can monetize them — and fraud can hide more easily.
But here’s the problem: many organizations, including banks, don’t see these attacks happening — not because they lack technology, but because they lack visibility. The early signals don’t show up in their systems at all. This is the “visibility gap” that continues to cost banks millions in fraud losses every year.
Marketplace Data: Important…but Far Too Late
For years, fraud teams have relied on Marketplace Data — lists of stolen cards that appear for sale on dark-web shops. These lists give a rough sense of which cards may be exposed. But Marketplace Data has two crippling limitations:
It’s reactive. Cards usually appear on dark-web markets days, weeks, or even months after they are stolen. By the time an organization sees them, criminals may already be testing or monetizing them.
It says nothing about card validity. A card listed for sale may be expired, canceled, or blocked. Marketplace Data doesn’t reveal which cards remain active — and therefore doesn’t help banks know where fraud is actually imminent.
This gap can be especially dangerous during the holiday season. Fraud rings stockpile tens of thousands of stolen cards in early Q4, but marketplace listings only confirm exposure, not criminal activity or timing.
Checker Data: The Earliest Warning Signal
Checker Data captures the exact moment criminals test cards across the internet — real-time behavioral intelligence, not scraped listings or breach dumps. This is the earliest point in the fraud lifecycle where intent becomes visible.
Instead of relying on a dark-web posting, real-time intelligence data shows:
- Which BINs are being tested right now
- Which cards are being validated successfully
- Where testing is geographically clustered
- How quickly testing is accelerating
- Which testing tools, botnets, or attack methods are involved
As highlighted in a recent case study, one regional bank detected 25,000 compromised cards by monitoring real-time testing behavior, saving over $2.5 million in operational expense while preserving $7.5 million in revenue that would have been lost to customer churn.
The fundamental difference: knowing cards were stolen (Marketplace Data) vs. knowing criminals are actively preparing to use them (Real-time intelligence data).
Why the Gap Exists
An organization’s fraud models — no matter how advanced — may not detect early testing for one simple reason: card testing happens at merchants they don’t see. Criminals rarely test cards at well-protected, high-security e-commerce sites. Instead, they test at small online stores, donation platforms, subscription trial signups, and global merchants with weak AVS or no 3-D Secure.
Organizations only see testing if an attacker attempts a transaction at a merchant using their card. In most attack cycles, criminals test hundreds of cards for hours or days before a single transaction ever reaches the issuing company’s systems. Fraud managers are trying to solve a problem operating almost entirely outside their field of view.
Closing the Gap
Real-time Intelligence Data offers a fundamentally different approach: detection within seconds, not weeks. Action before fraud, not after. Accurate signals tied to real testing behavior. Compliance-safe data (no illicit marketplace procurement). Organizations don’t need to wait for fraud to appear in their own ledger — they can see attacks as they begin, across the entire internet.
This is the shift from reactive defense to proactive prevention.
The mechanics of how email became the digital economy’s most consequential vulnerability, the case studies that should have changed everything, and what a continuous intelligence approach actually looks like — all documented in “The Lying Gatekeeper,” a special report from myNetWatchman.
Read the Full Report →