You have probably come across a bunch of ads on the Internet for the sale of new things or equipment from the USA, Europe, and so on. But they hardly guessed that a significant part of them are published by carders.
We will tell you what this dark business is and how carders work.
What is carding?
By and large, carding is stealing money from a card to your card, account, account in a payment system, as well as buying goods using someone else's credit card. Most often, carders use cash withdrawals, purchase of branded clothing or electronics.
Previously, many carders worked with the American eBay through PayPal, to which someone else's card was linked. Now eBay in the USA and PayPal have tightened the rules, but carders have not gone anywhere - they switched to work with other countries, for example, Germany, France, Italy, etc.
Carders have their own gurus, Telegram channels and training courses, where they teach how to correctly turn black schemes. And it also brings in income, sometimes more than directly from carding. In general, the industry is trending.
How do carders work?
First of all, they need a card number and data for authentication (a password from a bank account, VDV for cards with 3D Secure, CVV2 / CVC2, etc.). Often, carders buy a database and check the relevance of the information in it, or brute force passwords or other methods.
You can buy these cards on the darknet for 3-10$. In addition, carders pay for VPN with a choice of server (preferably with an accuracy to the state or at least to the country) and other means of anonymization.
Another option is to organize a phishing campaign . The bank page with the account login form is copied or a fake application is created, and a link to it is spread using spam.
A user who is concerned that his card may be blocked; the bank asks to confirm the operation; the transfer was received from someone unknown - goes to a fake website or launches a fake application. The carder takes the entered data and transfers all the money to himself. Or waiting for big receipts to get the most out of it.
Judging by the discussions on the darknet, the carder spends 100$ at the start. This is a payment for VPN, ipsocks tunnels, hacked accounts and access to computers, services of "dialers" who communicate with sellers or bank support in the required language, scanned documents for intermediaries. And also "stuffing cones" - not from the first card, everything goes smoothly.
What is carding "drive"?
This is the process of entering card data into a form on the website of a store or payment system. In order not to risk, carders use hacked computers of ordinary users to drive in. Then they are cleaned of logs or iron is disposed of.
Another option is to work from an Android smartphone emulator or virtual machine. After carding, it is enough to remove the software to cover up the tracks.
How to order goods from someone else's card
American and European stores often do not send goods to customers in Russia, Ukraine, Kazakhstan and other countries of the former USSR if they were ordered from a PayPal linked to a card, which belongs to a citizen of the United States, Canada or European countries. Large stores and payment systems have anti-fraud systems that block suspicious transactions.
But this does not stop the scammers.
They order a gift card (e-gift) from the victim's card , and then receive the code of this gift card from the victim's hacked mail. The order is made directly from your account, but using the gift card code.
In addition, carders create self-registers. A hacked bank account is bought, PayPal is registered for it, your phone number, address and mail are indicated. You can often take out a loan for such an account, and not only spend the available positive balance.
Recently, however, this option is practically not used, because PayPal in most cases rejects the registration and linking of a bank account.
Another option is to use an intermediary.
Of course, in theory, the intermediary can turn the package back if the store calls him and indicates that carding is taking place. But you can accidentally make a mistake in the intermediary's phone number. This increases the chance for the parcel to pass.
Large stores began to fight carders, but smaller stores are not as active in opposing fraudsters. Virtually all shops offering gift cards or certificates are under attack. Ordering things and equipment directly from someone else's account is more likely to be wrapped up.
Carders don't just order things
You can not only order physical goods from cards, but also withdraw money. There are casinos, online games and other virtual money transfer options.
Finally, there are cryptocurrency exchanges that allow you to buy coins relatively anonymously, then sell them and withdraw money to your card. Cryptocurrency transactions are non-refundable, so the system cannot automatically return the money to the cardholder.
A cashier in a supermarket can also be a carder
Cashiers in supermarkets and shop assistants usually do not have high salaries. But if they do carding, they get 5-10 times more money.
When you pay with a card, the cashier or the seller can invisibly look and remember the data. For some sites, when ordering goods, the card number and CVV2, which is written on the back, are enough. But the carder can go further and put its own "reader" to read all the card data.
So if suddenly, a few hours or days after visiting a store, money from your card suddenly disappears, who do you think about? Certainly not the cashier or the seller.
What do the police think?
Usually, a full investigation begins only if the carder has stolen a significant amount of funds - more than $ 1,000. Usually the FBI then sends a request to the police. And the request contains IP addresses, names, sending addresses and other information about the potential culprit.
For this, carders use drops. These are people who are at the lowest level in the chain and do the dirtiest work: they cash out money, provide their data to receive parcels, send parcels to carders, etc.
Carders give drops a minimum of information and practically do not contact them. So even if the drop is tracked down, he will have an alibi at the time of hacking a bank account or withdrawing money from a card. And he won't be able to tell anything about the carder. As a result, the crime will remain unsolved.
Why carders avoid punishment
Practice shows that if a carder works through VPN, proxies and other services, and also observes Internet safety rules, it is almost impossible to prove his guilt. But everyone is wrong.
However, even if the police raid the carder's home, the employees still have to prove the fact of a computer crime. And if there are no traces, then there is no trial.
They are most often caught on correspondence in instant messengers, the presence of data from other people's cards and accounts, assemblies of malicious software, etc. But if you use portable software, anonymization tools, self-destructing messages and crypto-protected messengers, it will be difficult to prove something.
Money transfers alone are not sufficient evidence. Testimony too. If the carder can pretend to be a drop or an intermediary, then he will quickly retrain from the accused to the witness.
What now?
Some people think that carding is easy money and impunity. But in reality, stores and payment systems are increasingly opposing them. And nobody canceled the criminal punishment.
Think before you follow links. Set limits for online payments, do not forget about antivirus on your Android smartphone and Windows computer.
You can also use one card for everyday purchases, and the second for storing larger amounts of money, and, if necessary, transfer money from the second to the first. In case of any suspicion of illegal withdrawal of funds, call the bank to block the card and start an investigation.
Warning: this article is for informational purposes only. Theft and fraud are prosecuted.
We will tell you what this dark business is and how carders work.
What is carding?
By and large, carding is stealing money from a card to your card, account, account in a payment system, as well as buying goods using someone else's credit card. Most often, carders use cash withdrawals, purchase of branded clothing or electronics.
Previously, many carders worked with the American eBay through PayPal, to which someone else's card was linked. Now eBay in the USA and PayPal have tightened the rules, but carders have not gone anywhere - they switched to work with other countries, for example, Germany, France, Italy, etc.
Carders have their own gurus, Telegram channels and training courses, where they teach how to correctly turn black schemes. And it also brings in income, sometimes more than directly from carding. In general, the industry is trending.
How do carders work?
First of all, they need a card number and data for authentication (a password from a bank account, VDV for cards with 3D Secure, CVV2 / CVC2, etc.). Often, carders buy a database and check the relevance of the information in it, or brute force passwords or other methods.
You can buy these cards on the darknet for 3-10$. In addition, carders pay for VPN with a choice of server (preferably with an accuracy to the state or at least to the country) and other means of anonymization.
Another option is to organize a phishing campaign . The bank page with the account login form is copied or a fake application is created, and a link to it is spread using spam.
A user who is concerned that his card may be blocked; the bank asks to confirm the operation; the transfer was received from someone unknown - goes to a fake website or launches a fake application. The carder takes the entered data and transfers all the money to himself. Or waiting for big receipts to get the most out of it.
Judging by the discussions on the darknet, the carder spends 100$ at the start. This is a payment for VPN, ipsocks tunnels, hacked accounts and access to computers, services of "dialers" who communicate with sellers or bank support in the required language, scanned documents for intermediaries. And also "stuffing cones" - not from the first card, everything goes smoothly.
What is carding "drive"?
This is the process of entering card data into a form on the website of a store or payment system. In order not to risk, carders use hacked computers of ordinary users to drive in. Then they are cleaned of logs or iron is disposed of.
Another option is to work from an Android smartphone emulator or virtual machine. After carding, it is enough to remove the software to cover up the tracks.
How to order goods from someone else's card
American and European stores often do not send goods to customers in Russia, Ukraine, Kazakhstan and other countries of the former USSR if they were ordered from a PayPal linked to a card, which belongs to a citizen of the United States, Canada or European countries. Large stores and payment systems have anti-fraud systems that block suspicious transactions.
But this does not stop the scammers.
They order a gift card (e-gift) from the victim's card , and then receive the code of this gift card from the victim's hacked mail. The order is made directly from your account, but using the gift card code.
In addition, carders create self-registers. A hacked bank account is bought, PayPal is registered for it, your phone number, address and mail are indicated. You can often take out a loan for such an account, and not only spend the available positive balance.
Recently, however, this option is practically not used, because PayPal in most cases rejects the registration and linking of a bank account.
Another option is to use an intermediary.
Of course, in theory, the intermediary can turn the package back if the store calls him and indicates that carding is taking place. But you can accidentally make a mistake in the intermediary's phone number. This increases the chance for the parcel to pass.
Large stores began to fight carders, but smaller stores are not as active in opposing fraudsters. Virtually all shops offering gift cards or certificates are under attack. Ordering things and equipment directly from someone else's account is more likely to be wrapped up.
Carders don't just order things
You can not only order physical goods from cards, but also withdraw money. There are casinos, online games and other virtual money transfer options.
Finally, there are cryptocurrency exchanges that allow you to buy coins relatively anonymously, then sell them and withdraw money to your card. Cryptocurrency transactions are non-refundable, so the system cannot automatically return the money to the cardholder.
A cashier in a supermarket can also be a carder
Cashiers in supermarkets and shop assistants usually do not have high salaries. But if they do carding, they get 5-10 times more money.
When you pay with a card, the cashier or the seller can invisibly look and remember the data. For some sites, when ordering goods, the card number and CVV2, which is written on the back, are enough. But the carder can go further and put its own "reader" to read all the card data.
So if suddenly, a few hours or days after visiting a store, money from your card suddenly disappears, who do you think about? Certainly not the cashier or the seller.
What do the police think?
Usually, a full investigation begins only if the carder has stolen a significant amount of funds - more than $ 1,000. Usually the FBI then sends a request to the police. And the request contains IP addresses, names, sending addresses and other information about the potential culprit.
For this, carders use drops. These are people who are at the lowest level in the chain and do the dirtiest work: they cash out money, provide their data to receive parcels, send parcels to carders, etc.
Carders give drops a minimum of information and practically do not contact them. So even if the drop is tracked down, he will have an alibi at the time of hacking a bank account or withdrawing money from a card. And he won't be able to tell anything about the carder. As a result, the crime will remain unsolved.
Why carders avoid punishment
Practice shows that if a carder works through VPN, proxies and other services, and also observes Internet safety rules, it is almost impossible to prove his guilt. But everyone is wrong.
However, even if the police raid the carder's home, the employees still have to prove the fact of a computer crime. And if there are no traces, then there is no trial.
They are most often caught on correspondence in instant messengers, the presence of data from other people's cards and accounts, assemblies of malicious software, etc. But if you use portable software, anonymization tools, self-destructing messages and crypto-protected messengers, it will be difficult to prove something.
Money transfers alone are not sufficient evidence. Testimony too. If the carder can pretend to be a drop or an intermediary, then he will quickly retrain from the accused to the witness.
What now?
Some people think that carding is easy money and impunity. But in reality, stores and payment systems are increasingly opposing them. And nobody canceled the criminal punishment.
Think before you follow links. Set limits for online payments, do not forget about antivirus on your Android smartphone and Windows computer.
You can also use one card for everyday purchases, and the second for storing larger amounts of money, and, if necessary, transfer money from the second to the first. In case of any suspicion of illegal withdrawal of funds, call the bank to block the card and start an investigation.
Warning: this article is for informational purposes only. Theft and fraud are prosecuted.
