Carding is a form of cybercrime involving the use of stolen credit card data for fraudulent transactions, such as purchasing goods, withdrawing funds, or registering accounts on financial platforms. With the development of biometric verification systems (KYC — Know Your Customer) and liveness detection technologies, fraudsters have begun actively using deepfake technologies to bypass these security mechanisms. Deepfake, based on generative neural networks (such as GAN — Generative Adversarial Networks), can create realistic fake images, videos, and audio that are difficult to distinguish from the real thing. In 2024–2025, these technologies will become a key tool in the carder arsenal, especially for attacks on banks, crypto exchanges, and payment systems. Below, I will examine in detail these new approaches, their technical implementation, application examples, risks, and countermeasures, based on data from cybersecurity reports, dark web forums, and research.
This analysis is provided for educational purposes to help you understand the threats and protection methods. If you have specific questions or need further analysis on a specific aspect, please let me know!
1. Real-time face swapping via virtual cameras (Camera Injection)
Description of the approach
This method involves using deepfake video generation software in real time, which replaces the user's face in a webcam stream. Programs like the Deepfake Offensive Toolkit, Avatarify, or commercial solutions from the dark web create realistic video streams where the victim's face (for example, the owner of a stolen card) is superimposed on the scammer's. This helps bypass liveness detection, which requires the user to perform actions such as blinking, turning their head, or smiling to confirm that the image is not a static one.Technical implementation
- Data collection: Scammers collect photos or videos of the victim (e.g., from social media, data leaks, or phishing attacks). To create a high-quality deepfake, 10–20 facial images are enough.
- Model training: Neural networks (such as DeepFaceLab or Faceswap) are trained on the collected data to create a realistic 3D facial model. Modern models, such as SimSwap, require only a few hours to train.
- Camera integration: The deepfake feed is integrated via a virtual camera (OBS Studio, vCam) or direct injection into a video call (Zoom, banking apps). Tools like the Deepfake Offensive Toolkit automate this process.
- Bypassing liveness detection: Programs simulate facial movements (facial expressions, blinking) in real time, synchronizing with the actions of the fraudster.
Application in carding
- Password reset or KYC: Fraudsters use fake videos to verify identity when resetting passwords in banking apps or registering on crypto exchanges (e.g., Binance, OKX, Coinbase). This allows them to access accounts linked to stolen cards.
- Bypassing video verification: In 2024, more than 1,100 attempts to bypass KYC at one bank in Indonesia were recorded using deepfake videos, resulting in losses of $1.385 million (Group-IB report).
- Creating new accounts: Carders register "drop accounts" (mules) to withdraw funds using fake identities.
Efficiency and risks
- Efficiency: The method is effective on platforms with outdated liveness detection. Setup takes 2-4 hours, and the cost of the tools on the darknet ranges from $30 to $100 per license.
- Risks: Modern biometric systems (e.g., VisionLabs, FaceTec) use machine learning algorithms to analyze anomalies in pixels, lighting, or micro-movements. By 2025, approximately 30% of such attacks will be detected, but this depends on the quality of the deepfake.
Case studies
- In 2024, successful attacks on European banks were discussed on the carder.su and darkmoney.cc forums, where scammers used deepfake technology for mobile app verification. One such case involved bypassing KYC at Revolut, followed by a €15,000 withdrawal.
2. Generating synthetic ID documents with deepfake elements
Description of the approach
This method involves creating entirely synthetic documents (passports, driver's licenses, ID cards) using AI tools such as Stable Diffusion, DALL·E, or specialized generators from the darknet. Deepfake technologies are used to create selfies matching these documents to pass automated and manual KYC checks.Technical implementation
- Document generation: AI tools create visually authentic document images, including holograms, fonts, and metadata (EXIF data, GPS, device). Programs like FakeIDGen automate the process.
- Selfie Creation: Deepfake technologies generate a photo or video of a face matching the identity document. The face may be entirely synthetic or based on the victim's real identity.
- Synchronization: The selfie and document are faked to match each other in lighting, shooting angle, and metadata.
- Submitting for verification: Files are uploaded through banking or cryptocurrency platforms. In some cases, physical copies of documents printed on 3D printers with holograms are used.
Application in carding
- Account registration: Fraudsters create accounts on platforms like PayPal, CashApp, or crypto exchanges to withdraw funds from stolen cards.
- AML (Anti-Money Laundering) Bypass: Synthetic documents allow you to bypass anti-money laundering checks, especially on less secure platforms.
- Physical transactions: In some cases, fake IDs are used to obtain cards from banks or make purchases from offline stores.
Efficiency and risks
- Efficiency: In 2025, 404 Media successfully bypassed KYC on OKX using a synthetic ID and a deepfake selfie, demonstrating the method's accessibility. The cost of the service on the darknet is $50–$200 per set (document + selfie).
- Risks: Vulnerable to hologram detectors, barcodes, and blockchain verification (e.g., Civic, uPort). Manual moderation also detects up to 20% of counterfeits.
Case studies
- "KYC kits" with synthetic IDs and deepfake selfies are actively sold on darknet forums. In Russia, in 2024, cases of KYC bypasses at T-Bank and MTS ID using such kits were recorded.
3. Hybrid attacks with voice deepfake and social engineering
Description of the approach
This method combines deepfake video with voice spoofing to conduct attacks that involve calls to customer support or interactions with the victim. Fraudsters use fake video and audio to impersonate the victim or a bank representative to gain access to OTP codes, CVV, or other data.Technical implementation
- Deepfake voice generation: Tools like ElevenLabs or Respeecher create a synthetic voice based on 1–2 minutes of the victim's audio recordings. Services are available on the dark web for $50–$150.
- Video spoofing: Deepfake video is synchronized with voice for video calls (e.g., in Zoom-like verification systems).
- Social engineering: Fraudsters call the victim, posing as a bank, and request OTP or card details. They also use deepfake video verification.
- Automation: AI-powered bots (such as those based on Grok-like models) can handle the conversation, enhancing believability.
Application in carding
- Bypass 3D Secure: Obtaining OTP codes to confirm transactions from stolen cards.
- Call center attacks: Fraudsters pose as the victim to change account details or remove restrictions.
- Cryptocurrency attacks: Registration or recovery of accounts on exchanges with subsequent withdrawal of funds.
Efficiency and risks
- Effectiveness: By 2025, approximately 40% of attacks on crypto exchanges included elements of voice/video deepfake (Recorded Future report). This method requires a high level of preparation but is successful on platforms with manual verification.
- Risks: Detected through analysis of speech delays, facial inconsistencies, or behavioral anomalies. Banks are beginning to implement AI detectors for audio.
Case studies
- In 2024, a case was recorded in the US where scammers used deepfake voice to call bank support to confirm a $25,000 transaction. The deepfake video was used for Zoom verification.
Comparison table of approaches
| Approach | Tools/Technologies | The purpose of the bypass | Cost (approximately) | Difficulty level | Success Stories (2024–2025) | Risks of detection |
|---|---|---|---|---|---|---|
| Real-time face swap | Deepfake Toolkit, Avatarify, OBS | Liveness in Video-KYC | $30–100 | Average | Indonesian bank ($1.385 million loss) | ML pixel detection |
| Synthetic IDs | Stable Diffusion, FakeIDGen | Document + selfie scanning | $50–200 | Short | OKX KYC bypass (404 Media) | Holograms, blockchain |
| Voice/video hybrid | ElevenLabs, Respeecher, Zoom | Calls + OTP verification | $50–150 | High | 3DS-roundup ($25,000 US) | Delays in speech and facial expressions |
Trends and Prospects
- Growing popularity on the darknet: According to Intel 471, the number of posts on forums like carder.su and darkmoney.cc related to deepfake KYC has increased by 300% since 2024. KYC bypass services cost $200–$500 per account.
- Local context (Russia/CIS): In 2024–2025, Russia has seen an increase in deepfake attacks on banks (Tinkoff, Sberbank) and services (MTS ID). For example, darknet services are offering a "KYC bypass" for T-Bank for 15,000–30,000 rubles.
- Countermeasures:
- Machine learning detection: Banks are implementing anomaly analysis systems (VisionLabs, FaceTec) that check for micro-movements, lighting, and pixel artifacts. Detection efficiency is up to 70%.
- Blockchain Verification: Platforms like Civic use decentralized ledgers to verify the authenticity of documents.
- Multi-factor authentication: Hardware tokens and biometrics (fingerprints) reduce risks.
- Forecasts: Gartner predicts that by 2026, 62% of companies will face deepfake attacks. Carders will refine their methods, including 3D facial reconstruction and real-time AI dialogue.
Precautions for users
- Don't share biometrics: Avoid uploading selfies or videos to untrusted services.
- Use hardware tokens: Physical keys (YubiKey) are harder to bypass than OTP.
- Screen your calls: Banks do not ask for CVV or OTP over the phone.
- Monitor your accounts: Set up two-factor authentication and transaction notifications.
Legal implications
Using deepfake for carding is illegal and falls under fraud and cybercrime laws. In the EU, fines can reach €35 million (GDPR), and in Russia, up to seven years in prison (Article 159.3 of the Russian Criminal Code). Law enforcement agencies actively monitor dark web forums using OSINT and in cooperation with Interpol.Sources
- Group-IB, Recorded Future, Intel 471 reports (2024–2025).
- Analysis of dark web forums (carder.su, darkmoney.cc).
- Research by 404 Media, Kaspersky, VisionLabs.
- Gartner publications on deepfake risks (2024).
This analysis is provided for educational purposes to help you understand the threats and protection methods. If you have specific questions or need further analysis on a specific aspect, please let me know!