Carding is an illegal process where someone’s credit card or debit card is used without the owner’s permission. These carders (who perform carding) obtain the resources through the Dark Web, where hackers sell them the information. (Additionally, the card details are stored in the database of different companies, and hackers extract them by compromising the security). Fraudsters often create a bot to run hundreds or thousands of card numbers on a website. These card numbers often come from security breaches in the servers on which the information is stored or from malware and phishing attempts against people.
This is dangerous enough in itself, however it also creates an instantaneous threat and risk of economic loss to the merchandiser’s business. If the carding event isn’t caught early on, the merchant might rack up thousands of transaction fees and greatly increase the danger of chargebacks. Even a declined transaction is subject to a transaction fee.
Ways of Stealing Card Details
The stolen sensitive information in a carding activity often includes the data such as Cardholder name, Credit card number, Expiration date, CVV (card verification value) number, ZIP codes. There are following ways:
- Fraudulent websites: This is the most common method in this digital world of asking you to enter your card details on a fake website. As soon as you enter your card PIN, the website gets what it wanted: your card details.
- ATMs: Hackers install their setup on ATMs so they can get all the details when a person enters their transaction details to get the money.
- Website Hacking: Sometimes you put your data on a legitimate real website like Netflix, Amazon Prime but the website itself gets hacked so all of the data goes to this hacker.
- Fake Verification Calls: You receive a random call from the hacker asking you to verify your card details because there is something you need to update on your system. Remember, no bank will call you to get your card details. This is known as Vishing (Voice Phishing).
- Random Guess: Most of the card details are random guess with some patterns and software. When using simple passwords and login credentials, you need to be careful. Also change your passwords frequently.