Carding

Carding is a term used for a process to verify the validity of stolen card data. The cyber-thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully the thief knows that the card is still good. The specific item purchased is immaterial and the thief does not need to purchase an actual item; a website subscription or charitable donation is sufficient. The purchase is usually for a small monetary amount, both to avoid using the card’s credit limit and to also avoid attracting the card issuer’s attention. A website known to be susceptible to carding is known as a cardable website.

In the past, carders used computer programs called “generators” to produce a sequence of credit card numbers, and then test them to see which were valid accounts. The process is no longer viable, however, due to widespread requirement by internet credit card processing systems for additional data such as the billing address, the 3 to 4 digit Card Security Code and/or the card’s expiry date, as well as the more prevalent use of wireless card scanners that can process transactions right away. These days, carding is more typically used to verify credit card data obtained directly from the victims by skimming or phishing.