Carding could be defined as a type of cyber fraud or cybercrime that illegally uses bank card details to make online purchases or commit other types of financial crimes.
The term comes from the word ‘card’ and involves not only the fraudulent use of data to purchase goods or services, but also the sale of such data on the black market or the dark web.
How carding works
As explained on the website of the National Cybersecurity Institute (INCIBE), carding operates as follows.
First, cybercriminals obtain lists of credit cards, often through the dark web, a part of the Internet that is ‘invisible’ and cannot be accessed through normal browsers, where various criminal acts are carried out, such as the purchase and sale of illegal goods and services, as in this case, the data of these banking products.
Other ways of obtaining credit or debit card details include phishing (tricking victims into giving away their details), skimming (installing card readers that steal information when used) and keylogging (recording keystrokes to gather information).
Once this data has been obtained, cybercriminals use bots to make small purchases in online stores repeatedly until they find valid cards.
As we will see later, this is where the importance of checking bank account balances comes in, as low-value transactions are often made first until a larger purchase is finally made.
Sometimes, cybercriminals also resort to purchasing prepaid cards or gift cards, which, among other things, make it difficult to trace the money.
Why carding is a threat
Carding is a threat to both individuals and businesses.
On the one hand, bank card holders may suffer unauthorised charges. Although banks usually refund the money defrauded, this can be a lengthy and complicated process.
From a business perspective, the damage can be both financial (with the refund of fraudulent charges) and reputational.
As an indirect consequence, this type of cybercrime also encourages identity theft and the proliferation of other related crimes.
How to protect yourself from carding
Starting from the premise that acting with caution and common sense is already a first step in avoiding the risks of carding, let’s look more specifically at what else can be done to prevent it:
- Do not share bank details on unverified websites or access suspicious links received by SMS, email or other unsolicited means.
- Only make online purchases from trusted e-commerce sites. You should also check that the website is secure by ensuring that it includes https and a padlock in the address bar.
- Check your bank accounts regularly and notify your bank if you notice any unusual activity.
- Download apps from official app stores.
- Use virtual or prepaid cards.
- Update your device’s security when necessary.
Therefore, we can see that minimising the risks associated with this type of online fraud involves both issues related to user responsibility and/or caution and technological measures.
