How will the introduction of CBDCs (central bank digital currencies) affect carding?

[Student]

For educational purposes, I will examine in detail how the introduction of CBDCs (central bank digital currencies) could impact carding, including technical, economic, and social aspects. I will also discuss the operating mechanisms of CBDCs, potential vulnerabilities, real-world cases, statistics, and fraud scenarios. The answer will be structured for clarity and coverage of all key aspects, with a focus on education.

1. What are carding and CBDCs? Basics for Understanding​

Carding​

Carding is a form of cybercrime involving the theft of bank card data (card number, CVV, expiration date, cardholder name) and its use for unauthorized transactions. Common carding methods include:

• Skimming: installing devices on ATMs or terminals to read card data.
• Phishing: tricking users through fake websites or emails to obtain data.
• Database hacking: stealing card data from vulnerable online stores or payment systems.
• Darknet markets: purchasing stolen card data on underground forums (e.g., on the darknet for $10–50 for a full set of data, or "fullz").

Carding is particularly effective in card-not-present (CNP) transactions, such as online purchases, where the physical presence of a card is not required. According to LexisNexis Risk Solutions, global losses from carding will amount to approximately $32.3 billion in 2024, growing by 5-7% annually due to the growth of online commerce.

CBDC​

A central bank digital currency (CBDC) is a digital form of national currency issued and backed by a central bank. Unlike cryptocurrencies (Bitcoin, Ethereum), CBDC is centralized and controlled by the state. It can be implemented in two forms:

• Token-based: runs on a blockchain or DLT (distributed ledger), where users have digital wallets with private keys, similar to cryptocurrencies.
• Account-based: linked to identified accounts in the central bank or commercial bank system, with access via KYC (Know Your Customer).

Goals of CBDC:

• Making payments faster and cheaper.
• Combating the shadow economy and money laundering.
• Improving financial inclusion (access to finance for people without bank accounts).
• Cyber resilience and modernization of financial infrastructure.

According to the Atlantic Council (2025), 134 countries, representing 98% of global GDP, are developing or testing CBDCs. Examples:

• China: e-CNY (digital yuan) is used in 26 cities, with transactions worth $14 billion by 2024.
• EU: Digital euro in testing phase (2023–2026).
• Russia: The digital ruble has been tested since 2023, with mass implementation planned for 2027.

2. How CBDC affects carding: mechanisms and effects​

The introduction of CBDC will change the payments ecosystem, directly affecting card payments. Below, I'll discuss the key mechanisms that could reduce or, conversely, create new opportunities for fraud.

2.1. Positive effects: how CBDC will make carding more difficult​

CBDC has the potential to significantly reduce the efficiency of traditional carding due to the following factors:

1. Traceability: CBDC transactions are recorded in a ledger (either centralized or distributed) controlled by the central bank. This makes every transaction transparent to the regulator, even while maintaining partial anonymity for users (through privacy-enhancing technologies, PET).
   • How does this affect card fraud? In traditional card fraud, fraudsters use stolen card data to make anonymous purchases, often through fake accounts or VPNs. CBDC allows authorities to monitor the transaction chain in real time, identifying anomalies (such as mass small transactions to verify cards). Example: In China, e-CNY is integrated with AI monitoring systems that identified 12,000 suspicious transactions related to fraud in 2024, reducing losses by 15% in pilot regions (according to the People's Bank of China).
2. Reducing reliance on vulnerable intermediaries. Traditional cards rely on processing systems (Visa, Mastercard), which are vulnerable to attacks and chargeback fraud (when carders dispute transactions after receiving goods). A CBDC could operate directly through a central bank or certified wallets, cutting out intermediaries.
   • How does this affect carding? Without card numbers and CVV codes to steal, carding loses its basis. CBDC transactions may require biometric authentication (fingerprint, Face ID) or multi-factor verification (MFA), making unauthorized access more difficult. Example: In Russia's digital ruble trials (2023–2025), transactions require KYC and wallet linking, making it impossible to use stolen data without direct access to the user's device.
3. Transaction programmability: CBDCs could be "smart" currencies with programmable rules. For example, funds could be restricted in use (for certain purchase categories only) or require recipient confirmation.
   • How does this affect carding? Carders often use stolen cards to purchase liquid assets (gift cards, cryptocurrency) for laundering. A CBDC could block such transactions or restrict transfers to unverified wallets. For example, the Bank for International Settlements (BIS) estimates in its 2024 report that programmable CBDCs could reduce retail payment fraud by 20–50% through conditional smart contracts.
4. Real-time monitoring and AI CBDC systems integrate with advanced anti-fraud algorithms that use machine learning to analyze transactions in real time. This is faster than traditional banking systems, where fraud detection takes hours or days.
   • How does this affect carding? Carders often test cards with small transactions ($1–5) to verify their validity. AI in CBDCs can block such patterns by freezing wallets until verification. Example: In pilot tests of the digital euro (2024), AI systems reduced CNP fraud by 30% by immediately flagging anomalies.

2.2. Negative effects: new risks and challenges​

While CBDC complicates traditional carding, it creates new attack vectors and transition risks:

1. Cyberattacks on digital wallets: If a CBDC uses a tokenized model (on a blockchain), users store funds in digital wallets with private keys. These keys can become a target for hackers, as is the case with cryptocurrency wallets.
   • How does this affect carding? Instead of stealing card data, carders can use phishing, malware, or social engineering to gain access to CBDC wallets. For example, fake apps or websites can trick users into revealing keys. Example: In 2023, hackers stole $1.7 billion in cryptocurrency through phishing (Chainalysis). CBDC wallets could face similar attacks, especially in countries with low cyber literacy.
2. The transition period and hybrid systems. CBDC will be implemented gradually, coexisting with traditional cards and cash. This creates a "gray area" for fraudsters.
   • How does this affect carding? Carders can convert stolen funds (from cards) into CBDC for anonymization or laundering through uncontrolled wallets. UK Finance predicts a 10-20% increase in "CBDC-denominated fraud" in the first three to five years of implementation due to infrastructure shortcomings. Example: In China in 2023, fraudsters used e-CNY to launder funds through fake wallets until authorities strengthened KYC.
3. Offline Transactions and Device Vulnerabilities: CBDC can support offline payments (e.g., via smart cards or NFC devices). This opens the risk of attacks on physical devices.
   • How does this affect carding? Carders may attempt to clone smart cards or hack devices, as is happening with NFC payments today. In its 2024 report, the US Federal Reserve notes the risk of "double-spending" in offline CBDCs if synchronization with the ledger is delayed.
4. The evolution of fraud: Fraudsters are adapting to new technologies. Instead of card theft, they may focus on:
   • Social engineering: deceiving users into handing over access to CBDC accounts.
   • Infrastructure attacks: hacking central servers or DLT nodes.
   • KYC manipulation: creating fake IDs for wallet registration. Example: Featurespace (2024) predicts that without enhanced privacy-protecting technologies (PET), CBDC fraud could increase by 30% in developing systems.

3. Comparative Analysis: Traditional Cards vs. CBDC​

For clarity, here's a table comparing the impact of traditional cards and CBDC on carding:

Aspect	Traditional cards	CBDC
Traceability	Low (CNP transactions are anonymous)	High (centralized/DLT registry, PET for user anonymity)
Vulnerabilities	Skimming, phishing, database leaks	Key theft, wallet phishing, infrastructure attacks
Anti-fraud mechanisms	Chargeback, post-factum analysis (delays)	Real-time, AI, programmable transactions
Money laundering	Through gift cards, cryptocurrencies	Limited by programmability and KYC
Global effect	$32.3 billion in losses (2024, LexisNexis)	Potential reduction of 20-50% (BIS), but new risks
Detection speed	Hours/Days	Instant (AI monitoring)

4. Real cases and forecasts​

CBDC implementation cases​

• China (e-CNY): Since 2020, China has been testing a digital yuan, aiming to reach 260 million users by 2024. Anti-fraud systems integrated with big data have reduced online fraud by 15% in pilot zones (Shenzhen, Chengdu). However, there have been cases of phishing, where scammers have created fake e-CNY wallets.
• Russia (digital ruble): 12 banks and 600 individuals are participating in testing starting in 2023. The Central Bank of Russia has integrated KYC and biometrics, making card data theft useless. Forecast: CNP fraud will decrease by 15-25% by 2030.
• EU (Digital Euro): The preparatory phase (2023–2026) will focus on privacy-by-design and AI monitoring. The ECB expects a 30% reduction in fraud in retail payments.

Forecasts​

• Short-term (2025–2030): During the transition period, carding will remain a problem, but will shift to wallet attacks and social engineering. The BIS predicts a 20–40% decline in traditional carding in countries with developed CBDCs.
• Long-term (2030+): If CBDC becomes standard, carding could migrate to "shadow" cryptocurrencies or offline schemes. Success depends on the balance between privacy and control.

5. Technical aspects and challenges​

CBDC technologies and their impact on fraud​

• Blockchain/DLT: Tokenized CBDCs (like those in China) use distributed ledgers, where every transaction is verified. This reduces the risk of counterfeiting, but requires protection against 51% attacks or node compromise.
• Privacy-Enhancing Technologies (PET): Technologies such as zero-knowledge proofs allow transaction details to be hidden from third parties while remaining visible to regulators. This balance between anonymity and fraud prevention.
• AI and big data: Real-time transaction analysis identifies carding patterns (e.g. multiple transactions from one IP).

Vulnerabilities​

• Quantum risks: Quantum computers (expected by 2030–2040) could crack CBDC cryptography unless it is post-quantum. NIST is actively developing standards to protect it.
• Human factor: Even with a CBDC, users remain the weak link. Phishing and social engineering will dominate.

6. Recommendations for Minimizing Carding in the CBDC Era​

For users, businesses, and regulators:

1. Users: Use multi-factor authentication (MFA), store keys in hardware wallets, avoid suspicious links.
2. Business: Integrate anti-fraud systems with AI, support KYC for CBDC transactions, and educate clients on cybersecurity.
3. Regulators: Balance privacy and control, implement PET, strengthen cybersecurity standards.

7. Conclusion​

The introduction of a CBDC promises to revolutionize payment systems, significantly complicating traditional card payment through traceability, programmability, and anti-fraud technologies. The expected reduction in CNP fraud is 20-50%, as demonstrated by pilot projects in China, Russia, and the EU. However, fraudsters are adapting, switching to wallet attacks, social engineering, and offline schemes. The transition period (2025-2030) will be particularly vulnerable until the infrastructure stabilizes. For a CBDC to be successful, the following is necessary:

• Strong anti-fraud mechanisms (AI, PET).
• User education to protect against phishing.
• Global coordination of cybersecurity standards.

Carding won't disappear, but its form will change, requiring new approaches to security from all participants—users, businesses, and regulators. If you'd like to delve deeper into a specific aspect (for example, the technical details of blockchain in CBDCs or fraud cases), let me know!