A detailed analysis of the impact of the growing popularity of digital wallets on carder strategies

S

Student

Professional
Messages
439
Reaction score
184
Points
43
The rise of digital wallets (such as Apple Pay, Google Pay, Samsung Pay, Alipay, and WeChat Pay) has fundamentally changed both consumer behavior and the approaches of fraudsters engaged in carding — the theft and use of payment card data. Digital wallets, based on tokenization, biometric authentication, and NFC (Near Field Communication) technologies, offer convenience and enhanced security compared to traditional plastic cards. However, their widespread adoption (with their share of global online payments reaching ~50% by 2025 and a market valued at $44 billion) has created new opportunities for carders. These fraudsters have adapted their methods to exploit vulnerabilities in digital ecosystems, leading to the evolution of carding into a more sophisticated and technologically advanced form, often referred to as "carding 2.0." Below, we examine key aspects of this impact, the attack mechanisms used by carders, and recommendations for protection, with an emphasis on educational value.

1. How digital wallets have changed the carding landscape​

Digital wallets have replaced traditional card numbers (PANs – Primary Account Numbers) with tokens – unique digital identifiers generated for each transaction or device. This reduces the risk of direct card data compromise, as the token is useless outside the context of a specific device or transaction. However, carders have learned to bypass this protection by targeting weak points in the process: adding cards to the wallet, user authentication, and executing transactions.

The main factors contributing to the growth of fraud are:​

  • Scale of distribution: By 2025, over 1.3 billion users worldwide use digital wallets. In regions such as MENA (Middle East and North Africa) and Asia, they dominate mobile payments (for example, Alipay and WeChat Pay account for 80% of transactions in China). This creates a huge pool of potential victims.
  • Simplified card integration: Adding a card to a digital wallet often requires minimal verification (such as an OTP code or card scanning), making the process vulnerable to automated attacks.
  • Transaction anonymity: Tokenization and NFC payments mask real card details, making it difficult to track fraudulent transactions in real time.
  • Carders' technological advancements: Fraudsters are using artificial intelligence (AI), automated scripts, and darknet markets to mass-test stolen data and create "charged" wallets.

Fraud growth dynamics:​

  • According to analytics (such as Juniper Research), digital wallet fraud volume increased by 81% to 153% in 2023 compared to 2022, and this trend continues into 2025.
  • In 25% of retail fraud cases, digital wallets (especially Apple Pay and Google Pay) were identified as the primary fraud channels.
  • The average cost of a stolen account with a linked digital wallet on the darknet reaches $100–500, while individual card details cost $5–20.

2. Evolution of carder strategies​

Carders have adapted to digital wallets, changing their approaches across all stages of fraud: from data theft to monetization. Below are key changes in their strategies, with examples and technical details.

2.1. Data Theft Methods​

Traditional methods:
  • Skimmers: Devices on POS terminals or ATMs that read magnetic stripes.
  • Data breaches: Hacking retailer or bank databases to obtain card numbers.
  • Phishing: Simple phishing sites or email campaigns designed to steal card details.
New methods with digital wallets:
  • Smishing (SMS phishing): Fraudsters send fake SMS messages impersonating banks, asking the victim to confirm details before adding a card to their wallet. For example, the victim receives the message: "Confirm adding a card to Apple Pay, enter the OTP code here: [fake link]."
  • Fake apps and websites: Carders create fake banking apps or pages that mimic the Apple Pay/Google Pay interface. Victims enter their card details and OTP, which are immediately transmitted to the scammers.
  • Malware on devices: Malware (such as Android Trojans) intercepts SMS messages containing OTPs or banking app data. In 2025, cases were recorded in China where malware automatically added cards to wallets on infected devices.
  • Credential stuffing: Using stolen logins and passwords (from data leaks) to take over accounts in banking apps or wallet services. This is especially effective if the user uses the same passwords.

Example: In 2024, Russian carders launched a massive phishing campaign mimicking the Google Pay interface, collecting data from over 10,000 cards in a single month. OTP codes were intercepted through fake forms, and the data was used to create "loaded" wallets.

2.2. Adding a card to your digital wallet​

Traditional methods:
  • Carders used stolen card numbers directly in online stores, risking blocking by IP or geolocation.
New methods with digital wallets:
  • Automated card addition: Carders use bots to mass-add stolen cards to digital wallets. The software generates fake card images (with correct numbers, dates, and CVVs) for scanning in apps like Apple Pay.
  • Bypassing weak verification: Some banks and card issuers (especially in developing countries) don't require mandatory app authentication or biometrics to add a card. Carders exploit this by using OTPs obtained through phishing.
  • Mass account creation: Carders register hundreds of Apple IDs or Google accounts using temporary email addresses and phone numbers (via services like Temp-Mail). This allows for scalable attacks.

Example: In 2025, ready-made scripts for automating the process of adding cards to Google Pay were sold on the darknet. These scripts bypassed basic checks by using virtual machines and proxies to hide geolocation.

2.3. Use for transactions​

Traditional methods:
  • Online purchases using stolen card numbers often carry a high risk of being blocked by anti-fraud systems.
New methods with digital wallets:
  • NFC and QR payments: Carders use digital wallets for contactless payments (tap-to-pay) in offline stores. Tokenized transactions appear legitimate because they are linked to the device, not the card number.
  • Recurring payments: After adding a card to a wallet, carders set up automatic debits (for example, subscriptions to streaming services) that can continue even after the card is blocked, as long as the token remains active.
  • Selling "loaded" wallets: Devices (such as old iPhones or Android smartphones) pre-loaded with stolen cards are sold on the darknet. Buyers can immediately use them for transactions.

Example: In 2023, a case was recorded in the US where carders used Apple Pay to purchase $10,000 worth of electronics at a single store, using tokenized cards that did not raise suspicion at the POS terminal.

2.4. Bypassing fraud detection systems​

Traditional methods:
  • Banks' anti-fraud systems easily blocked transactions based on suspicious IP addresses, geolocations, or card data inconsistencies.
New methods with digital wallets:
  • Token masking: Tokenization makes transactions "invisible" to traditional systems because the actual PAN is not transmitted. This makes real-time fraud detection difficult.
  • Account Takeover (ATO): Carders take over user accounts through credential stuffing, gaining access to already linked wallets. In 2025, ATO accounted for 30% of all digital wallet fraud cases.
  • Moving cards between wallets: If a card is blocked in one wallet (for example, Apple Pay), carders quickly add it to another (Google Pay or Samsung Pay), using the same token or a new one.

Example: In 2024, retailers in Europe reported a rise in ATO attacks, where carders used stolen Google accounts to access Google Pay, bypassing bank checks.

2.5. Monetization​

Traditional methods:
  • These cards are sold on the darknet for $5–20 depending on the card type and region.
  • Direct purchases using stolen cards.
New methods with digital wallets:
  • Selling "charged" wallets: Ready-made accounts with linked cards are sold for $100–500, as they allow large transactions to be carried out without immediate detection.
  • Scaling through bots: Carders create hundreds of accounts to distribute transactions, minimizing the risk of being blocked.
  • Microtransactions: Carders use wallets for small but frequent transactions (such as purchasing gift cards) that are less likely to raise suspicion.

Example: On the dark web in 2025, a "charged" Apple Pay account with a linked Visa card with a $5,000 limit was sold for $300, and the buyer could use it for instant transactions via NFC.

3. Technical vulnerabilities of digital wallets​

Digital wallets, despite their security, have vulnerabilities that carders exploit:
  1. Weak verification when adding a card: Some banks rely on OTP or basic checks (such as CVV), which are easily intercepted by phishing or malware.
  2. Pass-through model: Wallets like Apple Pay don't conduct their own fraud monitoring, shifting the responsibility to card issuers. This creates delays in fraud detection.
  3. Device vulnerabilities: Infected smartphones (especially Android, which has less control over apps) allow carders to intercept data and add cards without the owner's knowledge.
  4. Social engineering: Users often fall victim to phishing due to lack of awareness. For example, 60% of users in 2024 surveys were unaware that OTP codes cannot be shared with third parties.

4. Regional features​

  • China and Asia: Alipay and WeChat Pay dominate, and carders exploit local vulnerabilities, such as weak QR code security. In 2025, cases of mass creation of fake WeChat accounts for fraudulent transactions were recorded.
  • Russia: Carders are actively using phishing and automated bots to attack Google Pay and Samsung Pay, as Apple Pay is restricted due to sanctions. Darknet markets in Russia offer ready-made carding solutions.
  • The US and Europe: Apple Pay and Google Pay are leading the way, and carders are focusing on ATO and NFC payments. The rise in fraud in offline stores is linked to contactless payments.

5. Recommendations for protection​

It's important for users, banks, and retailers to adapt to new threats. Here are detailed recommendations:

For users:​

  1. Enable two-factor authentication (2FA/MFA): Use biometrics (fingerprint, Face ID) and confirm card additions only through official banking apps.
  2. Monitor notifications: Set up alerts for any changes in your digital wallet (adding/removing cards).
  3. Avoid phishing: Do not click links in SMS or emails that require OTP or card details. Verify the URL before entering your details.
  4. Use antivirus software: Regularly update software on your devices and install antivirus software to protect against malware.

For banks:​

  1. Enhanced verification: Implement mandatory authorization through the banking app for adding cards to wallets (like Starling Bank).
  2. Token Monitoring: Monitor suspicious activity related to tokens, not just PAN.
  3. AI Analysis: Use machine learning to detect anomalies (e.g. adding a map to a device with an unusual geolocation).

For retailers:​

  1. Anti-fraud systems: Implement solutions such as Ravelin or Kount to analyze user and token behavior.
  2. NFC Limits: Set limits on contactless payments without entering a PIN for large transactions.
  3. Device Check: Analyze device metadata (e.g. device ID) to identify suspicious wallets.

6. The Future of Carding and Digital Wallets​

The growth of digital wallets is driving both fraud and the development of security technologies. In the coming years, the following is expected:
  • Quantum Cryptography: New encryption standards will make tokenization even more secure, but will require adaptation from banks.
  • Biometric evolution: Behavioral recognition (for example, analyzing hand movements when paying) can become a new level of security.
  • Regulation: Global standards (such as PCI DSS for wallets) are becoming more stringent, making life more difficult for carders.
  • AI vs. AI: Carders use AI to automate attacks, but banks and retailers are also implementing AI to detect fraud in real time.

Conclusion​

The rise of digital wallets has made carding more complex and technologically advanced. Fraudsters have moved from simply using card numbers to exploiting vulnerabilities in card addition, tokenization, and contactless payments. Key methods include phishing, automation, ATO, and the sale of "charged" wallets. To protect themselves, users must be vigilant, banks must strengthen verification, and retailers must implement advanced anti-fraud systems. In the long term, the battle between carders and security systems will become a technology race, where success will depend on the speed of adaptation and awareness of all ecosystem participants.
 
You must log in or register to reply here.

Similar threads

S
A detailed analysis of carder adaptation to the EMV standard for chip cards in 2025–2026
Replies
0
Views
35
Student
S
S
How do scammers bypass security systems? (Examples of real attacks, system vulnerabilities)
Replies
0
Views
84
Student
S
S
Evolution of Carding Methods in the Age of Contactless Payments and NFC Technologies: An Educational Review (2025)
Replies
0
Views
154
Student
S
S
What is a carder and what actions does it perform?
Replies
0
Views
206
Student
S
S
What new security standards are Visa and MasterCard developing? (Future technologies such as SRC – Secure Remote Commerce)
Replies
1
Views
165
BadB
BadB
Back
Top