Learn about carding and how to prevent this type of fraud

best credit cards

Carding is a type of fraud that involves using stolen credit cards to buy gift cards or purchase goods that are sold for cash. It is an illegal activity that affects both cardholders and merchants who accept card payments. In this article, we will explain what carding is, how it works, some examples and the best strategies to avoid it.


What is carding?

Carding is a form of identity theft that involves the use of fraudulently obtained credit card data. Carding criminals often obtain card data through techniques such as phishing, skimming, hacking, or black market purchases. This data may include the card number, expiration date, card security code, and cardholder name.

With this data, criminals can make online purchases with the stolen cards, without the need to have the physical card on hand.

These purchases are usually for products that can be easily resold for cash, such as gift cards, electronics, jewelry, etc. They can also use the cards to pay for services such as Netflix, Spotify, Uber, etc.

Carding is a crime that generates millions of dollars in losses for the credit card industry and merchants who accept card payments. According to a LexisNexis study, the cost of card fraud in e-commerce was $3.36 for every dollar lost in 2020. In addition, carding can damage the reputation of retailers and affect consumer confidence.


Online payment fraud on e-commerce and how to prevent it


How does carding work?

Carding is a process that involves several steps and actors. The main ones are as follows:

  1. The collector: The person in charge of illegally obtaining credit card data.
    They can do this through techniques such as phishing, which involves sending fake emails requesting personal or financial information; skimming, which involves installing devices that copy card data when it is swiped through a reader; hacking, which involves infiltrating databases or computer networks that store card information; or buying on the black market, where card data is sold at varying prices depending on quality and quantity.
  2. The verifier: The person in charge of verifying that the card data is valid and that the balance is available. They can do this through online services that offer this feature for a fee, or through low-value purchases on websites that do not require much verification.
  3. The carder: The person in charge of making purchases with stolen cards. They can do this through websites that accept card payments without asking for a lot of information, such as security code, billing address, or zip code. The carder can use anonymity services, such as VPN or proxies, to hide their identity and location.
  4. The drop: The person in charge of receiving the products purchased with the stolen cards. This can be a real person or a fake address. The drop can keep the products or send them to the carder or another intermediary in exchange for a commission.
  5. The casher: The person in charge of converting the products purchased with the stolen cards into cash. They can do this by selling the products on the black market, e-commerce platforms, second-hand stores, etc. They can also do this by redeeming gift cards for cash on specialized websites.


Maximizing the security of your online store: A guide to e-commerce fraud prevention


Examples of carding

Carding is a global phenomenon affecting different countries and sectors. Some examples of carding are as follows:

  1. Phishing: Fake emails or messages asking for card or personal information. Example: An email saying there is a problem with your account and that you need to verify your card.
  2. Malware: Malicious software that captures card data or accesses files or passwords. Example: a program downloaded when opening a file or visiting an infected website.
  3. Hacking of card processing systems: Infiltration of the networks or databases of those who process card payments, and theft of card information. Example: A cyber attack that compromises the security of an online store or payment gateway.
  4. Card skimming and shimming: Devices that are installed in ATMs or terminals, which copy card data. Example: a device that is placed over the ATM slot or inserted into the card chip.


Best practices for secure payment processing


Strategies for avoiding carding in e-commerce

Carding is a fraud that affects customers and merchants who accept payments in e-commerce, even with the best credit cards such as Visa or MasterCard. To prevent this, it is recommended to:

  1. Use a secure and reliable payment gateway, such as PayRetailers, which offers many local and international payment methods with high security and compliance.
  2. Verify the identity and authenticity of customers and cards with tools such as CVV, AVS, ZIP, 3D Secure, verification by SMS or e-mail, etc.
  3. Monitor transactions and behavior patterns with fraud prevention systems, such as risk analysis, scoring, machine learning, etc., which detect and block suspicious or anomalous transactions.
  4. Implement return and refund policies and procedures, defining the conditions and deadlines for accepting or rejecting customer requests, and the means of processing refunds, avoiding cash payments or transfers to different accounts.
  5. Train and sensitize staff and customers on the importance of protecting card data and reporting any suspicious activity or situation.


Carding is a type of fraud that can seriously affect your business and your customers. Therefore, it is essential that you take the necessary measures to avoid and combat it. At PayRetailers, we can advise and offer you the best payment solutions to make your e-commerce secure and successful. Contact us and find out how we can help you.

Wide range of payment methods
available with PayRetailers.