Micropayments and checkers: how to check your card without burning it

[Good Carder]

Introduction: Why "checking at the gate" saves 90% of the budget​

Imagine: you bought 10 cards for $15 each. You set up anti-detection and used clean proxies. You entered the first card into the store — it was rejected as do_not_honor. The second — insufficient_funds. The third — fraudulent. You spent $150 and several hours, and the result was zero. The cards were dead before you even started.

The problem isn't with your technology. The problem is that you didn't check the cards before the main transaction.

Card verification (checking) is the process of conducting a test transaction for a minimum amount to ensure the card is valid, has a balance, and isn't blocked. Without it, you're working blind, burning money on cards that never went through.

In this article, I'll discuss:

• Four methods of checking cards: from simple to complex.
• Step-by-step instructions for creating your own checker in Python using the Stripe API.
• Top 5 legal sites for safe testing.
• Tactics to avoid exposure and blacklisting.

Part 1. Four Methods of Card Checking: Comparison and Selection​

1.1 Method 1: $0 Auth (zero authorization) - the "gold standard"​

What it is. When you save a card in the payment gateway system (for example, by creating a SetupIntent in Stripe or linking a card to a customer), the gateway automatically sends a request to the issuing bank for $0. The bank checks whether the card exists and is not blocked, and returns a response. No funds are debited, and no trace is left on the cardholder's statement.

Stripe automatically runs a $0/$1 authorization when creating a card for a customer. If the bank rejects the authorization, Stripe simply returns an error, and the card is not saved.

Pros:

• Free - no real charges.
• Leaves no traces in the holder's statement.
• The fastest way to check if the card is alive.
• Legal for testing (within Stripe test mode).

Cons:

• Doesn't check balance - the card may be active but empty.
• Not all gateways support $0 auth for any cards (some require $0.50 or $1).
• Requires integration with the API gateway (cannot be done manually through the website).

Where used: Stripe (via SetupIntent or creating PaymentMethod), Braintree (via customer.create with a card), Adyen (via checkout.paymentMethods).

1.2. Method 2: Micropayment $0.50–$1 — the “popular method”​

What it is. You conduct a real transaction for a minimum amount (usually $0.50–$1) through a charity site or any other site that accepts small payments. If the payment goes through, the card is valid and has a balance of at least that amount. You then either return the money (refund) or keep it as a "verification fee."

Pros:

• No programming required - can be done manually through a browser.
• Checks not only the card's validity, but also the presence of a minimum balance.
• Works with any gateway where you can enter a card manually.

Cons:

• Real money is written off (albeit a small amount).
• Leaves a trace in the card's transaction history.
• Risk: The store may not return the money upon refund (or return it after a week).
• Frequent micropayments from one card may look suspicious to the bank.

When to use: When you don't have the ability to program an API, or when you need to quickly check 1-2 cards "by hand".

1.3. Method 3: Via the Gateway API with capture: false — "advanced"​

What it is. You create a PaymentIntent (Stripe) or Transaction (Braintree) with the capture: false flag. The gateway authorizes the amount (blocks it on the card), but doesn't charge it. Then you cancel the authorization (cancel or release). The money isn't debited, but you know the card has been authorized for the required amount.

Pros:

• Checks the balance for a specific amount (not just $1, but also $500).
• No money is written off (only a temporary block, which is removed after a few days).
• Fully software-based - can be automated.

Cons:

• Requires experience with APIs and understanding the difference between authorize and capture.
• Some gateways do not support deauthorization (or it takes up to 7 days).
• The block may be visible to the cardholder as a "pending transaction" until it is removed.

Where used: Stripe (creating PaymentIntent with capture_method: 'manual'), Braintree (creating Transaction with options.submitForSettlement: false).

1.4. Method 4: Checking with third-party checkers – “trust, but verify”​

What is it? Darknet markets and private forums sell checker services. You submit your card, and they tell you whether it's "alive" or "dead," sometimes with a balance. The price is $1–5 per check.

Pros:

• There is no need to configure anything.
• Experienced checkers sometimes have access to closed APIs.

Cons:

• The checker may lie (especially if it is in his interests for you to buy the card).
• If you give your card details to a third party, there's a risk that they might use it themselves.
• There is no guarantee that the checker has not saved your data.

Verdict: Not recommended for beginners. It's better to spend time creating your own checker.

1.5. Comparative table of methods​

Method	Price	After	Checking your balance	Need a code?	Risk to the card	Complexity
$0 Auth	0	No	No	Yes	Short	Average
Micropayment $0.50	$0.50–1	Yes (extract)	Yes (up to $1)	No	Short	Low
Auth with capture:false	0 (temporary blocking)	Да (pending)	Yes (any amount)	Yes	Average	High
Third-party checker	$1–5	No	Depends on the service	No	High	Low

Beginner's tip: start with micropayments of $0.50 through charity sites. This is the easiest and most reliable way to get started. Once you've got the hang of it, move on to creating your own checker using the Stripe API with $0 auth.

Part 2. Step-by-step instructions: creating your own checker in Python (Stripe API)​

2.1 Why Stripe is the best choice for a checker​

Stripe offers the most beginner-friendly API. It has:

• Excellent documentation and ready-made SDKs for Python.
• Test mode for safe debugging (use test cards until you debug your code).
• SetupIntent mechanism for card verification without debiting funds.
• Free account (pay only for real transactions).

2.2. Step 1. Registration and obtaining API keys​

1. Register at stripe.com. Any email address will do.
2. Go to Developers → API Keys.
3. Copy the Secret Key (starts with sk_live_... - for live transactions).
4. For testing, switch to Test mode (toggle switch in the upper right corner) and copy the test Secret Key (starts with sk_test_...).

Important: Keep your Secret Key safe. Anyone who receives it will be able to make payments on your behalf.

2.3. Step 2. Installing the Stripe library​

pip install stripe

2.4. Step 3. A simple checker via PaymentIntent (with $0.50 authorization)​

This method creates a payment intent for $0.50 and attempts to confirm it. If the card is approved, it is valid and has a balance of ≥ $0.50.

import stripe

# Your Stripe secret key
stripe.api_key = "sk_live_..." # or sk_test_... for testing

def check_card(card_number, exp_month, exp_year, cvc, amount=50): # amount in cents, 50 = $0.50
try:
# 1. Create a PaymentMethod (card token)
payment_method = stripe.PaymentMethod.create(
type="card",
card={
"number": card_number,
"exp_month": exp_month,
"exp_year": exp_year,
"cvc": cvc,
},
)

# 2. Create a PaymentIntent for the specified amount
intent = stripe.PaymentIntent.create(
amount=amount, # in Cents
currency="usd",
payment_method=payment_method.id,
confirmation_method="manual",
confirm=True, # confirm immediately
)

# 3. Check the status
if intent.status == "succeeded":
print(f"✅ Card {card_number[-4:]} processed! Live, balance ≥ ${amount/100}")
# 4. Cancel the payment (refund)
refund = stripe.Refund.create(payment_intent=intent.id)
print(f" Refund {refund.amount/100} completed")
return True, "live"
else:
print(f"❌ Card {card_number[-4:]}: status {intent.status}")
return False, intent.status

except stripe.error.CardError as e:
# Error from the bank or Stripe
error_code = e.error.code
error_msg = e.error.message
print(f"❌ Card {card_number[-4:]}: declined [{error_code}] {error_msg}")

# Code Explanation
if error_code == "insufficient_funds":
print(" Diagnosis: Insufficient funds")
elif error_code == "do_not_honor":
print(" Diagnosis: Card on the bank's stop list (stolen/blocked)")
elif error_code == "incorrect_number":
print(" Diagnosis: Incorrect number (possibly fake)")
elif error_code == "expired_card":
print(" Diagnosis: Expired")
elif error_code == "fraudulent":
print(" Diagnosis: Blocked Stripe Antifraud")

return False, error_code

except Exception as e:
print(f"⚠️ API Error: {str(e)}")
return False, "api_error"

# Usage example
check_card(
card_number="424242424242424242", # replace with a real card
exp_month=12,
exp_year=2028,
cvc="123",
amount=50 # $0.50
)

2.5. Step 4. Advanced checker via SetupIntent ($0 auth - no write-off)​

This method uses SetupIntent, a Stripe object for registering a payment method without immediately debiting funds. When the SetupIntent is created, Stripe automatically sends a $0 authorization request to the bank, but the funds are not blocked or debited. This is the ideal way to verify that the card is "active" without leaving a trace.

import stripe
stripe.api_key = "sk_live_..."
def check_card_zero_auth(card_number, exp_month, exp_year, cvc):
try:
# 1. Create PaymentMethod (as before)
payment_method = stripe.PaymentMethod.create(
type="card",
card={
"number": card_number,
"exp_month": exp_month,
"exp_year": exp_year,
"cvc": cvc,
},
)

# 2. Create SetupIntent (zero auth)
setup_intent = stripe.SetupIntent.create(
payment_method=payment_method.id,
confirm=True, # confirm immediately
usage="off_session", # for future payments
)

# 3. Check status
if setup_intent.status == "succeeded":
print(f"✅ Card {card_number[-4:]}: alive and active (zero authorization)")
return True, "live"
else:
print(f"❌ Card {card_number[-4:]}: status {setup_intent.status}")
return False, setup_intent.status

except stripe.error.CardError as e:
error_code = e.error.code
error_msg = e.error.message
print(f"❌ Card {card_number[-4:]}: failure [{error_code}] {error_msg}")
return False, error_code

# Example Using
check_card_zero_auth(
card_number="4242424242424242",
exp_month=12,
exp_year=2028,
cvc="123"
)

What's the difference? PaymentIntent verifies the card and attempts to charge the actual amount (even if it's small). SetupIntent verifies the card without touching the money. For a checker that leaves no trace, SetupIntent is the better choice.

2.6. Step 5. Batch checking multiple cards from a file​

import csv
import time

def batch_check_cards(file_path, delay_between=5):
"""
Batch check of cards from a CSV file.
File format: number, month, year, cvv
"""
results = []

with open(file_path, 'r') as f:
reader = csv.reader(f)
for row in reader:
if len(row) < 4:
continue
card_num, exp_month, exp_year, cvc = row[0].strip(), row[1].strip(), row[2].strip(), row[3].strip()

# Check the card via SetupIntent
status, reason = check_card_zero_auth(card_num, exp_month, exp_year, cvc)

results.append({
'card': f"****{card_num[-4:]}",
'status': status,
'reason': reason
})

# Delay between checks to avoid burning the checker
time.sleep(delay_between)

# Print results
live_cards = [r for r in results if r['status']]
dead_cards = [r for r in results if not r['status']]

print(f"\n=== RESULTS ===")
print(f"Live cards: {len(live_cards)}")
print(f"Dead cards: {len(dead_cards)}")

for r in live_cards:
print(f" ✅ {r['card']} — alive")
for r in dead_cards:
print(f" ❌ {r['card']} — dead ({r['reason']})")

# Using
batch_check_cards('cards.csv', delay_between=10) # 10 seconds between cards

2.7. Important technical nuances​

3D Secure Processing: If the card requires 3D Secure, Stripe will return the authentication_required error. Your checker must be able to handle this:

except stripe.error.CardError as e:
if e.error.code == "authentication_required":
print("⚠️ Card requires 3D Secure — not suitable for regular card payment")
return False, "3ds_required"

Speed limits: Stripe has limits on the number of API requests. The limits are more relaxed for test mode, but for live transactions, they are limited to 100 requests per second. This isn't a problem for a beginner, but if you're checking 100 cards in a row, add a time.sleep(1) delay between requests.

Test mode: Before using the checker on real cards, be sure to debug it in Test mode with Stripe test cards:

• Successful card: 4242 4242 4242 4242
• Rejected card: 4000 0000 0000 0002
• Card with insufficient_funds: 4000 0000 0000 9995

Test transactions do not debit money and do not affect your balance.

Part 3. Top 5 Legal Sites for Testing Cards​

If you don't want to program an API and prefer manual card verification with micropayments, here are the best platforms. They all accept minimum amounts from $0.50 to $10 and use reliable payment gateways (mainly Stripe).

3.1. Wikipedia / Wikimedia Foundation​

Minimum amount: $1 (historically it was $0.01, but after carder attacks, the minimum was raised to $1).
Payment gateway: Stripe.

Why it's good:

• A completely legal charitable organization.
• Payment is processed through Stripe, the same rules as most stores.
• Refund is available (you can request a refund within a few days).

How to test:

1. Visit donate.wikimedia.org
2. Select the amount $1.
3. Enter your card details.
4. If the payment went through, the card is active.

Warning: Wikimedia actively combats carding. If they see multiple unsuccessful attempts from the same IP, they may block it. Use different proxies.

3.2. British Red Cross​

Minimum amount: £2 (~$2.50).
Payment gateway: Stripe.

Why it's good:

• An international charitable organization with a high reputation.
• Accepts international cards.
• The donation page is simple, without unnecessary checks.

How to test:

1. Visit redcross.org.uk/donate
2. Select the amount £2.
3. Enter your card details.

Note: According to cybersecurity reports, the British Red Cross is often used by carders to verify cards. This means their anti-fraud system may be more sensitive. Alternate with other sites.

3.3. Humble Bundle​

Minimum donation: $1 (you can buy any item or just make a donation).
Payment gateway: Stripe + PayPal.

Why it's good:

• Sells digital goods (games, books), you can buy something for $1 and get real value.
• Refund is possible (but it's better to just leave $1 as a verification fee).
• Accepts most international cards.

How to test:

1. Visit humblebundle.com
2. Choose any item for $1 (for example, a book or a game).
3. Place your order.

3.4. Donorbox (platform for non-profit organizations)​

Minimum amount: $1.
Payment gateway: Stripe, PayPal, Apple Pay, Google Pay.

Why it's good:

• Many non-profit organizations use Donorbox to collect donations.
• You can find a specific campaign with a minimum amount of $1.
• The payment experience is identical to what you'll find on most sites.

How to test:

1. Visit donorbox.org
2. Find any campaign (for example, "Support Local Community").
3. Make a donation of $1.

3.5. Give Lively (platform for non-profit organizations)​

Minimum amount: $1.
Payment gateway: Stripe.
Why it's good: Give Lively allows you to make a real donation of $1 and then process a refund through your Stripe account.

How to test:

1. Find the campaign at givelively.org
2. Make a donation of $1.
3. Request a refund through the Stripe Dashboard.

Summary table​

Website	Min. amount	Gateway	Refund	Risk of blocking
Wikipedia	$1	Stripe	Yes	Average
British Red Cross	£2 (~$2.50)	Stripe	Yes	Above average
Humble Bundle	$1	Stripe/PayPal	Yes	Short
Donor box	$1	Stripe	Depends on the campaign	Short
Give Lively	$1	Stripe	Yes (via Stripe)	Short

Part 4: How to Avoid Getting Blacklisted by Checking One Card Too Often​

4.1. Stripe Radar Mechanism​

Stripe Radar is an automated fraud detection system that analyzes every payment. It blocks suspicious transactions based on a variety of factors: transaction speed, CVC mismatches, suspicious IP addresses and countries, and behavior patterns.

Radar tracks transaction speed — the number of payments from the same BIN, device, or IP address over a period of time.

If a single card makes multiple unsuccessful attempts in a row, Stripe can:

• Block a specific card (it is added to an internal blacklist).
• Block the card's BIN for all subsequent transactions.
• Block the IP address from which the attempts are coming.
• Block the Stripe account you use to verify cards.

4.2. Safe Checking Rules​

Rule 1. One attempt per card.
Don't try to swipe the same card multiple times through different websites. If the first attempt fails with "insufficient_funds," the second will fail with the same reason, but this time Stripe Radar will mark the second attempt as suspicious.

Rule 2. The delay between attempts is at least 10-30 seconds.
If you are checking several cards in a row, pause. A human being can't enter 10 cards in 30 seconds — this is a clear sign of automation.

Rule 3. Use different websites for checking.
Don't test all cards on one charity website. Rotating websites reduces the likelihood that a specific store will ban your IP.

Rule 4. For large volumes, use an API checker via SetupIntent.
Manual entry through a browser leaves more traces (cookies, fingerprints). API via Python + SetupIntent is faster, cleaner, and leaves a minimum of digital traces.

Rule 5. Never use your real IP or personal cards for testing.
Always use:

• Residential proxies corresponding to the BIN country.
• Anti-detect browser with a separate fingerprint (if you check through a browser).
• For the API checker, you need a separate Stripe account that is not linked to your personal data.

Rule 6. If a card appears fraudulent, stop immediately.
This code means Stripe Radar has already flagged this card or BIN as high-risk. Further attempts will result in your IP address or account being blocked.

4.3. What to do if you've been blocked​

If you receive a blocked_by_radar error or your IP address is no longer processing payments:

1. Change your proxy - the old IP is burned.
2. Change your Stripe account (if you used the API checker).
3. Change the BIN range - the entire BIN may be blacklisted.
4. Take a break for 24-48 hours - some blocks are temporary.

Part 5. Checklist: How to properly check your card before inserting it​

Before entering your card at a main store, please complete this checklist. Each step reduces the chance of a card being declined by 10-20%.

Pre-check (BIN):

• Check BIN via binlist.io - country, type (not prepaid), bank.
• Does the BIN country match the proxy country? If not, don't even start.
• Is the BIN less than 7 days old? — older BINs are more likely to be blocked.

Checking via SetupIntent (API checker):

• Create a separate Stripe account for checking (not the one you will use to enter payments).
• Use a residential proxy for API requests.
• Run check_card_zero_auth() - if it passes, the card is alive.
• Check the error code - if authentication_required, the card is not suitable.

Checking via micropayment (if there is no API):

• Choose a site from the top 5 (Wikipedia, Red Cross, Humble Bundle).
• Make a $1 donation through the same proxy and anti-detect that you will use for the main carding.
• If it's passed, the card is still active. If insufficient_funds, the balance is less than $1.
• If do_not_honor or fraudulent - the card is dead, don't waste your time.

Final check before insertion:

• The card is alive (the check went through).
• The card balance is presumably higher than the check amount (if you checked for $1, it doesn’t mean that $500 will go through).
• The card does not require 3DS (for regular stores).
• At least 5-10 minutes have passed since the check (don't hit the same card right away).

Conclusion: Checking Strategy for Beginners​

Remember the main rule: checking is not an option, but a necessity. Without it, you're working blind and burning money.

For a beginner with a budget of up to $100:

1. Start by manually checking it through Wikipedia or Humble Bundle ($1 per card).
2. Keep a table of which BINs work and which don't.
3. Once you've accumulated 20-30 verified cards, analyze which BINs work reliably.
4. After that, consider creating your own API checker in Python.

For advanced (budget from $200):

1. Create your checker on the Stripe API with SetupIntent.
2. Integrate it into your workflow: each purchased card is first verified, then goes into the main input.
3. Use different Stripe accounts for checking and for main payments.

A quick one-line reminder:
"Before you enter, check: via SetupIntent ($0) or micropayment ($1). Alive? Enter. Dead? Throw it away. Two attempts from the same card? Burn your IP."