What is carding, and how to guard against it?

According to Cybersecurity Ventures, global spending on cybercrime is expected to grow by 15% each year.

What is carding, and how to guard against it?

With the development of the Internet and digital communications, criminals have expanded their tools and gained the ability to remain anonymous. But this does not mean their illegal activities have been given the green light. According to Cybersecurity Ventures, global spending on cybercrime is expected to grow by 15% each year, reaching $10.5 trillion annually by 2025, and total cybersecurity spending is expected to exceed $1.75 trillion from 2021 to 2025. 

Let's look at one type of internet fraud - carding - and how to guard against it. Unfortunately, you can encounter this type of scam everywhere - both in online casino India, while playing slots online, and in a store near your home. 

Definition of carding and its basic principles

So, carding is a type of fraud related to bank cards. The term refers to a wide range of illegal activities aimed at stealing bank card data for subsequent misuse. While withdrawing money through carding is only sometimes possible, making purchases and paying for services is feasible.

A variety of methods are used to obtain this data. Most commonly, hackers break into the databases where they are stored. Having gained access to them, fraudsters can conduct various operations, paying for goods and services on behalf of the cardholder.

Of course, carders try to hide their identity and location by using anonymous proxy servers, virtual private networks (VPNs) and other technological means. It makes them more challenging to identify and prosecute.

In addition, fraudsters often share information about new vulnerabilities, hacking techniques and data theft on specialized forums and sites. They may sell stolen card data or use it in their fraudulent operations.

Fraudsters are always looking to adapt to technological advances and use them to their advantage. And if some technology appears, after a short time, attackers adjust their techniques to it. It is what happened with carding.

Read Also : Mr Manoj Jain takes charge as Chairman and Managing Director of BEL

Physical carding

The earliest instances of carding date back to when credit and debit cards began to be used. In the 1950s, with the advent of the first credit cards, fraudsters began using various methods to obtain information about the cards and their owners. Some of these methods included trivial card theft, counterfeiting, using devices to copy information from the magnetic stripe, and so forth.

Carding in the online environment

With the spread of the Internet and online transactions, carding immediately moved into the online environment. Fraudsters began using stolen card data to make online purchases or withdraw cash. They stole credit card information by hacking into databases, phishing (obtaining sensitive information by masquerading as a legitimate organization), or using malware to access computers and networks.


Social engineering must also be mentioned. Although it cannot be used to obtain a card dump, attackers can collect important information. Sometimes they need to get additional data or clarify the existing data. It is how the practice of calling fake bank security officers appeared. As a rule, fraudsters come up with various pretexts to elicit CVV2/CVC2 codes, card numbers, owner's names and codes from SMS or online banking.

It's important to remember that no actual bank employee will ask a customer for these details. A real call from a bank is likely about offering services or conducting a social survey. Of course, sometimes the bank may call about a blocked card (after it has already been blocked) or other instances, but many of these "bank calls" still come from scammers.


Often, scammers use various malicious software to get their hands on bank card data from users' devices. One of the most common methods is phishing sites or spam emails. It is impossible to make a fake plastic card with the help of such data, but it can be used to make purchases in online stores. In this case, the fraudster must bypass two-factor authentication to complete the purchase.

There is another way to obtain card data - PoS Trojans illegally. It is malware capable of extracting payment information from the memory of PoS terminals.

Owners of Android mobile devices should be especially cautious. Some trojans can control online banking applications. If a user catches such a trojan, he may lose all his money. Timely updating of antivirus can help prevent such threats.

Read Also : RBI invites application for recognition of SRO for NBFCs

Defending against carding: practical strategies and precautions

There is no guarantee against card data and money theft. However, following the rules of safe shopping and additional measures can help increase protection's effectiveness.

Here are some recommendations:

  • Use cards with a chip and favour terminals that read data from the chip rather than the magnetic stripe. This method is safer as each transaction generates a unique code that will not be valid for the next trade.
  • Do not show your card to strangers, do not photograph it or post it online, even if only the front side is shown. Some stores accept payments without a CVV code.
  • Subscribe to the SMS-banking service, which will instantly notify the user of unauthorized purchases. It is essential to inform the bank of such transactions in time.
  • When shopping online, especially on new websites, use virtual cards or cards designed specifically for online payments.
  • Close the possibility of paying with a card in other countries if there are no plans to travel abroad.
  • Buy goods from reliable stores and avoid being tempted by suspiciously low prices. You can also use data protection and purchase insurance some marketplaces provide.
  • Update antivirus software regularly.

A bank card is convenient but requires specific measures from sellers and buyers to ensure mutual security.


Not only is it essential to be aware of what carding and other types of online scams are, but it is also important to remember that it is an illegal activity with serious legal consequences.

To protect yourself from carding, you need to take safety measures. It is essential to use trustworthy websites when shopping online. Protect your computer and devices with antivirus. Use complex passwords to access bank accounts and credit cards. Be cautious when sharing personal or financial information online. Regularly check bank and credit card statements for unauthorized transactions or suspicious activity. Following these security measures will help reduce the risk of data theft and protect your financial assets and personal information.

Read Also : RBI cancels the license of The City Co-operative Bank Ltd Mumbai, Maharashtra