New Anti-Carding Technologies to Combat Carding in the Next 5 Years: A Detailed Review for Educational Purposes

[Student]

Card fraud is a type of fraud in which criminals use stolen credit card information to conduct unauthorized transactions, often starting with small "test" purchases to verify the card's validity. It is one of the most common threats in the financial industry, particularly in the CNP (card-not-present) segment of transactions, such as online payments. According to analysts, global losses from credit card fraud will exceed $400 billion in the next 10 years, and CNP fraud will already account for 65% of all cases by 2025. To combat this threat, the implementation of new technologies based on artificial intelligence (AI), biometrics, blockchain, and other innovations is expected in the next five years (2025–2030). These technologies aim to shift from reactive measures (detecting fraud after it has occurred) to proactive ones (preventing it before the transaction). Below is a detailed analysis of the promising areas, their mechanisms, application examples and expected impact to provide a deep understanding of the topic.

1. Generative AI for Predictive Fraud Detection​

What is it and how does it work? Generative AI (GenAI) uses machine learning models like Transformers to analyze massive amounts of data (transactions, user behavior, darknet data) and predict new fraud patterns. Unlike traditional rule-based systems, GenAI can generate attack scenarios by simulating the behavior of fraudsters, including carding bots that automatically test stolen cards. These systems analyze billions of transactions in real time, identifying anomalies with high accuracy.

Applications in the fight against carding:

• Test Transaction Detection: Carders often conduct small transactions (e.g., $1–$5) to test their cards. GenAI can detect such patterns by analyzing frequency, geolocation, and merchant type (e.g., dark web stores or low-risk services like subscriptions).
• Adaptation to new threats: GenAI retrains on new data, including synthetic attacks created by AI fraudsters. This allows it to predict attacks not yet in the database.
• Reducing false positives: Traditional anti-fraud systems often block legitimate transactions due to strict rules. GenAI improves accuracy, reducing false positives by 60%, according to Mastercard research.

Implementation examples:

• Mastercard: In 2024, the company launched Consumer Fraud Risk, powered by GenAI, which doubles the speed of detecting compromised cards by scanning global transactions and blocking them before they can be used by fraudsters.
• NVIDIA: Develops AI blueprints to accelerate training of models that adapt to carding and account takeover (ATO) attacks, integrating with banking systems.

Expected effect by 2030:

• Save up to $10.4 billion annually by automating detection and reducing false positives.
• 80% of large banks and payment systems will switch to GenAI for real-time monitoring.
• Integration with darknet monitoring services (such as Recorded Future) to track card leaks in real time.

Problems and limitations:

• High cost of development and integration of GenAI (from $1 million for a medium-sized bank).
• The need for large amounts of data for training raises privacy concerns.
• The risk of counteraction from fraudsters using their own AI to bypass systems.

2. Biometric authentication and behavioral analysis​

What is it and how does it work? Biometric authentication uses unique biological characteristics (fingerprints, facial recognition, voice, iris scanning) to confirm identity. Combined with behavioral analysis (mouse movements, typing speed, device tilt, geolocation), it creates multi-factor security that is difficult to counterfeit. These technologies replace outdated passwords and PINs, which are easily stolen in carding attacks.

Anti-carding applications:

• Identity Fraud Protection: Fraudsters often use stolen card data in conjunction with fake IDs. Biometrics makes this impossible, as it requires physical presence or a unique behavioral profile.
• Invisible payments: The user confirms the transaction without entering any data (e.g., face scanning with Apple Pay). This reduces the risk of data interception in CNP transactions.
• Contextual analysis: Systems check whether the user's behavior matches their usual profile (for example, a purchase in an unusual country or from a new device immediately triggers additional verification).

Implementation examples:

• Visa and TECH5: In 2024, they signed a seven-year agreement to create a global biometric ID system integrated into digital wallets. This will allow banks to verify identity using facial or voice recognition.
• Apple Pay and Google Pay: Already use biometrics (Face ID, Touch ID) for authentication, and behavioral analytics are expected to be integrated into all transactions by 2027.
• Passkeys: A new generation of password-replacing keys that uses biometrics and cryptography to protect against phishing and carding.

Expected effect by 2030:

• Biometrics will become the standard for 80% of mobile payments, according to Juniper Research.
• Reduces carding attacks by 50% due to the impossibility of counterfeiting biometric data.
• Integration with PSD3 (European directive) for mandatory multi-factor authentication (MFA).

Problems and limitations:

• Vulnerabilities to AI-generated deepfakes (e.g., face or voice spoofing).
• Privacy concerns: Users may be reluctant to store biometric data.
• High infrastructure costs (scanners, servers) for small banks.

3. Tokenization and blockchain for card data protection​

What is it and how does it work? Tokenization replaces actual card data (PAN) with a unique token that is useless outside of a specific transaction or device. Blockchain adds decentralized data storage, where transaction information is fragmented and encrypted, preventing centralized leaks.

Anti-carding applications:

• Tokenization: Even if card data is stolen, the token cannot be used in other systems. For example, EMV tokens (Visa/Mastercard standard) are tied to a specific device or merchant.
• Blockchain: Decentralized ledgers (DLT) allow banks and merchants to exchange fraud data without disclosing personal information. This reduces the risk of mass breaches, as seen on darknet forums.
• Programmable Payments: Smart contracts on the blockchain automatically block transactions if they do not meet specified criteria (for example, a suspicious IP address).

Implementation examples:

• Visa Token Service and Mastercard Digital Enablement: Tokenization is already mandatory for mobile payments (Apple Pay, Google Pay). By 2026, it is expected to be implemented for all CNP transactions.
• idOS: A blockchain platform for decentralized storage of ID and card data, eliminating single points of vulnerability.
• Cryptocurrency payments: Market growth to $4.94 trillion by 2030 (Statista) will increase the use of tokens and blockchain for security.

Expected effect by 2030:

• Complete elimination of the use of real card numbers in online transactions.
• Reduce data leaks by 70% with decentralized storage.
• Web3 integration for secure peer-to-peer payments.

Problems and limitations:

• The need for global standardization of tokenization (different regions use different standards).
• High complexity of blockchain integration for traditional banks.
• Energy consumption of blockchain systems (although the transition to PoS reduces this risk).

4. Graph neural networks and multi-channel monitoring​

What is it and how does it work? Graph neural networks (GNNs) analyze relationships between entities (users, devices, transactions) in a graph, identifying hidden fraud networks. Multi-channel monitoring combines data from different payment channels (cards, ACH, A2A) to provide a complete picture.

Applications in the fight against carding:

• Carding network detection: GNNs identify groups of bots or mule accounts used to test cards. For example, if multiple cards are used from the same IP address or device, the system flags fraud.
• Cross-channel protection: Fraudsters often switch between channels (for example, from cards to transfers). A multi-channel approach prevents fraud migration.
• Darknet Monitoring: Graph networks track card leaks on the darknet, linking them to real transactions.

Implementation examples:

• Mastercard Graph Tech: Uses GNN to analyze transaction networks, identifying carding bots in seconds.
• Open Banking (PSD2): Data exchange between banks enables the construction of graphs for collective security.
• Adyen and Stripe: The platforms are already testing multi-channel monitoring for CNP transactions.

Expected effect by 2030:

• Reduced organized fraud by 40% by identifying complex networks.
• Full visibility of transactions across channels, closing loopholes for fraudsters.
• Integration with global regulations (e.g. PSR in the UK) for fast data exchange.

Problems and limitations:

• High computational load for real-time graph construction.
• The need for cooperation between banks and payment systems.
• Privacy risks in data sharing.

5. Autonomous self-learning systems and real-time intelligence​

What is it and how does it work? Autonomous systems powered by machine learning retrain themselves without human intervention, adapting to new types of attacks in real time. Real-time intelligence uses streaming data for instant decision-making.

Applications in the fight against carding:

• Adaptation to new attacks: Systems automatically update models to detect carding attacks created by AI bots.
• Unified Fraud/AML: Combining anti-fraud and anti-money laundering systems for comprehensive protection (for example, Chargeflow automates chargebacks).
• Darknet Monitoring: Tools like Recorded Future scan the darknet for leaked maps, blocking them before they can be used.

Implementation examples:

• SuperAGI: Autonomous AI platforms for adapting to new threats.
• Chargeflow: Automated fraud and chargeback protection for merchants.
• Visa Advanced Authorization: Real-time transaction analysis with ML models.

Expected effect by 2030:

• Reducing losses from APP scams by 12-15% annually.
• Saving up to $44.8 billion through investigation automation.
• Full automation of anti-fraud processes in 50% of large banks.

Problems and limitations:

• Black box risk: The opacity of AI decisions can make auditing difficult.
• High cost of integration for small businesses.
• Regulatory restrictions on autonomous systems.

Comparison table of technologies​

Technology	Key Benefits	Expected effect by 2030	Implementation examples	Problems
Generative AI	Predictive analysis, reduction of false positives	$10.4 billion saved, 80% of banks use	Mastercard, NVIDIA	Cost, confidentiality
Biometrics + behavioral analysis	ID forgery protection, invisible payments	80% mobile payments, 50% fraud reduction	Visa/TECH5, Apple Pay	Deepfakes, costs
Tokenization/Blockchain	The uselessness of stolen data	Complete elimination of PAN, growth of crypto payments	EMV, iOS	Standardization, complexity
Graph networks	Detecting fraudulent networks	Reducing organized fraud by 40%	Mastercard Graph Tech	Computational load
Self-learning ML	Adaptation to new threats	$44.8 billion in savings through automation	SuperAGI, Chargeflow	Opacity, regulations

Regulatory and ecosystem factors​

1. Regulations: The implementation of new technologies depends on standards such as PSD3 (EU), PSR (UK), and Durbin Amendment 2.0 (US). These require mandatory MFA, fraud reimbursement, and data exchange.
2. Ecosystem Collaboration: Banks, fintechs (Adyen, Stripe) and regulators must work together to integrate technologies, especially in Open Banking.
3. User education: Improving digital literacy will reduce vulnerability to phishing, which often precedes carding.

Conclusion​

In the next five years, the fight against carding will rely on a combination of AI, biometrics, tokenization, blockchain, and graph technologies. Generative AI and autonomous systems will form the basis for real-time protection, biometrics and tokenization will make card data inaccessible to fraudsters, and graph networks and multi-channel monitoring will close loopholes for organized fraud. However, success depends on standardization, investment, and collaboration. For educational purposes, it is important to understand that these technologies are not isolated — they are most effective when integrated into a unified ecosystem. For example, a bank using GenAI for transaction analysis, biometrics for authentication, and tokenization for data protection could reduce carding losses by 70–80% by 2027.