Carding is the process of obtaining unauthorized access to a card's information and fraudulently using it for personal gain.

How does it work?

Criminals aim to carry out carding transactions in two forms, either through cloning physical cards or through utilizing the Card Not Present (CNP) feature during online access. CNP fraud has significantly increased over time as it bypasses the checks for the identity of the person at the other end of the transaction. The Carder (Actor of Fraud) then uses the card information to conduct fraudulent transactions or sells the card information itself.

How does card information get into the hands of carders and how does it happen?

There are numerous ways in which a card’s information can be stolen, with actual carding activities commonly possible via:

  • Data breaches: Where a merchant, payment processor, acquirer, or a bank is breached through a sophisticated hack, resulting in a bulk of card PAN & PIN being acquired by criminals.
  • Skimming: A criminal can insert or attach a small device onto the card reader of an ATM machine to collect the card’s PAN (complete card number, name, and expiry date) & PIN.
  • Phishing: Criminals deceive the targets to give out their card’s PAN & PIN through bogus websites, emails, and phone calls.
  • Carding: Purchasing card information from other carders.

There are other ways to steal card information such as social engineering or by rogue staff that may have access to card data.

Download attachment for more info!