Enumeration is a fraud technique where criminals try to discover or validate stolen usernames, payment details, or other stored information. These attacks are often automated and use bots to submit rapid-fire attempts across checkout or login pages. The goal is to uncover valuable information that can be sold or used to make unauthorized purchases. Enumeration is also commonly referred to as card testing, carding, account testing, and BIN attacks.

Enumeration can result in high decline rates, excessive authorization fees, and flagging by card networks or acquirers. It also puts your fraud prevention systems at risk of being overwhelmed.

If your site experiences sudden spikes in traffic or declines, enumeration may be the cause. AltoPay can help detect velocity spikes and block suspected bots in real time. Reviewing your checkout settings — including CAPTCHA, AVS and CVV enforcement, and rate limits — helps prevent this type of abuse. Identifying and stopping enumeration early can prevent your account from being penalized for high fraud indicators.