Home » Articles » Cybercrime: The Study of Carding
Click Here To Hide Tor

Cybercrime: The Study of Carding

Post by @Deku_shrub – Pirate Party UK and digital rights activist, transhumanist and systems administrator:

As someone whose used the internet for many years, the term ‘Carding’ was moderately familiar to me, a term used on unsavory forums and websites to describe the increasingly regimented process of stealing and laundering credit card information.

Drafting a brief history on Wikipedia, I reached out to Reddit’s /r/DarkNetMarkets forums for some pointers which has led to be writing the first ever almost-complete history of Carding.

Carding_screenshot[1]
Screenshot from a carding site

In my research, I found that the fundamentals of Carding are barely unchanged since the 80’s (thanks to some wonderful archives from textfiles.com), simply moving between payment services and improving the security of their forums and markets over time. Close links with hackers, as well as ongoing cyberwarfare between services themselves appear to be the norm on these underground markets, as do complex law enforcement investigations and informants.My research has led me to a somewhat unsettling conclusion that Carding isn’t going away any time soon. Commercial websites and networks are simply too insecure, credit card and personal information too valuable and money laundering methodologies too reliable for law enforcement to perform enough investigations and arrests to stem the financial impact this industry has.

This confirms my suspicion that more secure and anonymous payment systems are required for day-to-day consumer use. Financial regulations should encourage the use of ‘Virtual Visa’ services

  • This would allow one-time credit card number per website. We know not to reuse passwords across websites, so why do we use credit card numbers in this way? This would allow any breach to be instantly traced to the merchant in question
  • You could transfer the exact purchase amount and no more to your virtual Visa number, protecting you not only against use beyond that transaction, but also from hidden merchant fees
  • Ultimately you want to make a Smart Contract, that specifies exactly how much money you’ll transfer to whom, in what time period. (such as a recurring payment)

Having extensively studied Bitcoin and Darknet markets (to be covered in future posts!), this is similar to the highly secure escrow based methodology that is already revolutionising the sale of the online trade in restricted items around the world. It’s about time legitimate eCommerce caught up – because whilst I can revoke my credit card details, I can’t revoke the personal information I’m asked to submit with our current card infrastructure.

Read it now, ‘Carding (fraud)’ on Wikipedia for an inside look into the structure and history of Carding

12 comments

  1. “My research has led me to a somewhat >>unsettling<< conclusion that Carding isn’t going away any time soon." [Notes personal discomfort with/at carding]

    Whats with all these people down for hacking and selling drugs, but against carding…it's beyond contradictory. Drugs fuck up more than just the users/sellers life and hacking can kill companies/jobs(and the people who depend on that persons job) just the same as carding does…picking and choosing at that point is the realm of a unreliable or indecisive individual who wants to have his cake and eat it to…when you cant have both.

  2. If you can’t handle fraud or any crime on the darknet maybe you should stick to your wikepedia and facebook buddy.
    The only person carding hurts is the banks.

    • libertarian

      Wish it was true, although banks are probably last in line to get hurt. They do pay small fees (which they then surely transfer to their customers anyway) but those are laughable. And the fucktard who cannot keep his card details safe instead using them on every pornsite he gets across gets his money back too.

      Who really takes it in the ass are the merchants – honest enterpreneurs who just want to do business.

      Not all crime is the same. Carding is definitely not victimless and not voluntary

    • ThatDude

      Not true! You really think banks pay for anything? The merchants lose the data and they are the ones that take the initial loss on a “charge-back”. But they don’t really take a loss on the data breach or the theft of merchandise, they raise their prices to cover the loss, so the consumer that is paying for goods and services is the ultimate asshole. Just like the employee that works a real job and the tax payer that pays taxes. Its all part of the same sickness greed and free lunch at the top and bottom, and the suckers in the middle subsidize the welfare to both. Carding howto video have been available on youtube and dailymotion for years now and before that P2P and torrents, all it takes is unemployment and a GED. Look around you its your neighbors stealing from you and you don’t even know it. The high school drop out buying $900 jeans at 1pm on a Tuesday. Its not a matter of “how to stop it” there is NO “desire to stop it”. Do you think the retailers subtract the fraud sales numbers from their quarterly reports?

    • Good point but also people who work in the banks are hurt as well

  3. this type of frouds of main center is pakistan.. Few days ago my cousins credit card was hacked by an pakistani hacker..

  4. is it safe to buy from carders

  5. Lol Noobs here :v

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *