The Dark Side of Automation and Rise of AI Agents: Emerging Risks of Card Testing Attacks

Group-IB observed and analyzed large-scale bot-driven card-testing operations (Card Not Present fraud) starting May 2024, in which attackers used automation frameworks, residential proxies and AI agents to validate stolen payment card data (over 10,000 compromised cards linked to BidenCash), causing transaction spikes at targeted merchants; the report details detection indicators (WebDriver/headless Chromium, container/VM artifacts, proxy IPs, abnormal device fingerprints and 3DS triggers), infrastructure patterns, and actionable mitigations including behavioral analytics, 3-D Secure, proxy detection and dark-web monitoring.