Carding, also known as credit card stuffing, fraud or verification, happens when cybercriminals attempt to make small purchases with large volumes of stolen credit card numbers on one eCommerce platform.
Businesses that have fallen victim to a carding attack often see:
Today, carding usually includes phishing or malware attacks and cybercriminals trading the stolen credit card information on illegal websites. They either hack the store or the site and gain access to a list of credit or debit cards that were recently used for transactions or, after buying the sensitive information on the dark web, start testing the cards to check their activity and if they happened to be reported stolen already. This is what appears as a series of suspicious, small transactions.
A common step for cybercriminals involved in carding is buying gift cards and other prepaid cards with the stolen credit card numbers, which are then used to buy more expensive items. These high-value goods, electronics such as laptops or smartphones, can be resold later for cash.
The stolen sensitive information in a carding activity often includes the following data:
Usually, the validity of the stolen information is unknown to cybercriminals until the attack takes place. Afterwards all of the credit card numbers that successfully completed the requested transactions are sold along with any known personal information on the black market. Unfortunately, this type of attack typically happens at night, goes unnoticed by the consumers and results in poor credit or penalties. It can also cause significant financial losses for the affected business which may be responsible for covering the cost of the illegally processed transactions on behalf of their customers.
There are a variety of countermeasures that can be used to prevent a carding event. Broken down simply, businesses will want to protect customer accounts as well as their eCommerce site.
As you can see, a little preparation by eCommerce businesses can go a long way when it comes to preventing fraudulent attacks like carding. If you have questions on this topic, fill out the brief form below. We are always happy to continue the conversation.
Your success in payments starts here! Please select your partnership type below so we can connect.