Carding (from the English word "card fraud") is a scheme in which criminals steal bank card information and use it for unauthorized purchases, often with the goal of cashing out through gift cards or reselling goods. This form of cybercrime is considered one of the most accessible to beginners for several key reasons, including its low barrier to entry and a broad support ecosystem.
As a result, carding attracts thousands of newcomers every year, especially in countries with high unemployment among IT specialists, where it is perceived as a "quick buck."
This impact manifests itself in exponential growth: global losses from cybercrime are projected to reach $10.5 trillion by 2025, with carding being the entry point for 88.4% of financial attacks. It fuels the crime chain (from phishing to ransomware), increases chargebacks for businesses (average losses of $4.5 million per year), and amplifies geographic hotspots (the US, Russia, and China, according to the World Cybercrime Index). Ultimately, accessibility for newcomers leads to the democratization of cybercrime, making it a mass threat to e-commerce and banking. Two-factor authentication (2FA), transaction monitoring, and tools like velocity checks are recommended for protection.
- Ease of obtaining stolen data: Newbies don't need to hack systems themselves — card data (numbers, CVV, expiration dates) is sold on the darknet, forums, and even open platforms for as little as a few cents per card. In 2024, such "databases" became even more accessible thanks to massive data breach leaks, making it possible to purchase ready-made lists without technical skills.
- Automation with bots: Card validation checks (to avoid blocking) and small test purchases are performed using simple scripts or ready-made bots, which can be downloaded or purchased for a minimal fee. This reduces risks and makes the process more like a game — a beginner simply launches the tool rather than writing code from scratch.
- Low risk and quick profit: Small transactions (1–5 dollars) rarely raise suspicion, and successful cards can be used to purchase highly liquid goods (electronics, gift cards) that are easy to resell. Marketing in criminal communities emphasizes "ease and accessibility," including educational materials and "guides for beginners," which attracts young people with no experience.
- Global ecosystem: Forums like HackBB (before its closure in 2013) and modern equivalents offer "carding as a service" — from proxy rentals to "cachers" (cashers). This creates a "business model" where newcomers can start as "drops" (recipients of packages) without extensive knowledge.
As a result, carding attracts thousands of newcomers every year, especially in countries with high unemployment among IT specialists, where it is perceived as a "quick buck."
Impact on global cybercrime statistics
Carding significantly distorts global cybercrime statistics, accounting for up to 73% of all payment card fraud cases (where the card isn't physically present, as in online purchases). It contributes to the overall loss of cybercrime, making financial attacks the dominant threat type. Here are the key findings:| Indicator | Meaning | Source and commentary |
|---|---|---|
| Global Card Fraud Losses (2023) | $33.83 billion (1.1% year-on-year growth) | Nilson Report: Carding is a major factor, especially in e-commerce. |
| Carding's share of payment card fraud (2024) | 73% | Norton LifeLock: mostly "card-not-present" transactions. |
| Losses from carding in the US (2020) | ~$11 billion | Aite Group: banks and retailers bear the brunt of the losses. |
| The overall carding market (2020) | $1.9 billion (up 116% from 2019) | Group-IB Hi-Tech Crime Trends: The pandemic has accelerated online fraud. |
| Credit card share in identity theft (2024) | 43,9% | FTC: Of the 6.47 million fraud complaints, 18% were identity theft, where carding is key. |
| Card fraud loss forecast (2028) | Growth of >$10 billion | Statista: global trend, with the US accounting for 42% of losses. |
| Credit card victims in the United States (2024) | 62 million people (5% growth) | Security.org: 93% get a refund, but the reputational damage to businesses is enormous. |
This impact manifests itself in exponential growth: global losses from cybercrime are projected to reach $10.5 trillion by 2025, with carding being the entry point for 88.4% of financial attacks. It fuels the crime chain (from phishing to ransomware), increases chargebacks for businesses (average losses of $4.5 million per year), and amplifies geographic hotspots (the US, Russia, and China, according to the World Cybercrime Index). Ultimately, accessibility for newcomers leads to the democratization of cybercrime, making it a mass threat to e-commerce and banking. Two-factor authentication (2FA), transaction monitoring, and tools like velocity checks are recommended for protection.