What is carding?

Carding is the general fraudster term for using stolen credit card data, whether it’s used for direct purchases, or charging prepaid or gift store cards, which fraudsters then resell. This particularly targets organizations that handle payment card and transaction processing. One of the greatest threats to your business due to carding fraud are false expense claims, created by authorized staff who reimburse expenses incurred while carrying out their work duties and submit a claim for unqualified reimbursements.


The Open Web Application Security Project outlined the technical criteria that represent this type of fraud. Illicitly obtained payment card data can be validated against a merchant’s payment processing systems. When cybercriminals come into possession of stolen payment card data, the legitimacy is typically unknown. Fraudsters use pre-carding activities such as this to identify valid accounts of high value.

Fraudsters obtain payment card information from several sources:

  • Stolen from an application.
  • Stolen from a different payment channel.
  • Purchased from a criminal marketplace on the dark web.

In some circumstances, criminals only have partial cardholder data at their disposal. For instance, they only have a limited mix or singular instance of expiry dates, security codes, or cardholder names. The subsequent steps taken with partial cardholder data are commonly used in card cracking attempts. From here, the known cardholder data is used to “cash-out” and access cash sums or the purchase of goods.

The cost of carding for businesses

Last year, Norton’s LifeLock division reported that “card not present” cases of carding fraud, or remote fraud, cost businesses over $27 billion in 2018. These losses have been projected to reach over $40 billion by the year 2023. As far as customers are concerned, businesses can validate many instances of fraud and offer them a reimbursement for any funds lost. Unfortunately, for institutions that process these payments, there is no recovery available when chargebacks start rolling in.

In the summer of 2021, CreditCards.com published an article highlighting some grim statistics regarding credit card fraud and identity theft. The FTC’s Consumer Sentinel Network 2020 Data Book ranked credit card fraud as the fifth most common type of fraud in the United States. Additionally, credit card information involved in data breaches has persisted at 12% of all data types involved in breaches. This is following the near-doubling of ransomware cases since last year. (Ransomware is a common method for capturing sensitive data and exfiltrating it from a victim’s systems.)

Theft of credit card data is what enables cybercriminals to commit fraud through carding. For example, one common tactic that cybercriminals utilize to move funds and cover their tracks is purchasing gift cards and prepaid debit cards. With stolen funds acquired through carding being filtered through this process, these cards can be resold on the dark web for a discount. Once the cards are sold, cybercriminals obtain untraceable cash hoards using your organization’s money.

Protecting this data is a challenge all its own. However, once this data falls into the wrong hands, organizations that process payment card data are the last line of defense for cardholder accounts. This means leaders need to adopt a proven solution to help prevent carding.

Stop carding with Fraud.net

Fraud.net has responded to the frightening increase in carding fraud by developing a timely solution that leverages artificial intelligence and quality data sources. Transaction AI is built on top of a robust foundation that allows your fraud teams to help combat carding attempts. The Transaction AI solution offers a carding detection capability by employing multiple data points:

  • Actionable, real-time alerts of anomalous account behavior.
  • Risk scores for every account transaction to reduce false positives for your fraud team, save valuable time and prevent carding attempts sooner.
  • Rule-based workflows based on risk that can scale to thousands of instances of carding fraud. The granular definition and governance of these workflows accelerate investigations and can be customized with organization-specific criteria.

Furthermore, Transaction AI places high-value visualizations of fraud trends that you can use to expedite the interpretation and decision-making process. When both large and small volumes of carding attempts are suspected, this allows your fraud teams to remain well-informed of potential criminal activity.

Fraud.net’s powerful platform correlates customer transaction history with billions of unique data points. This data is exclusively provided to Fraud.net customers to give them the extra edge needed to detect carding fraud.

How does Transaction AI work?

Being able to track suspicious activity has never been easier, and reliance on human intuition no longer has to be an obstacle for your organization. Through partnerships with industry vendors and organizations like payment processors, Fraud.net collects transaction data, anonymizes it, and produces real-world case studies on carding fraud.

With this solution, your organization has the necessary tools to rapidly identify carding attempts, no matter which method cybercriminals use.

Stand up and fight carding fraud

Fraud.net is a proven leader in the fight against carding fraud. We can help your fraud teams detect these attempts and disrupt cybercriminals before it’s too late. Protect your business from unwanted scams and a decreased profit margin by signing up for a free fraud analysis today.