Hackers and “Carding”

The process of stealing and using the information associated with a payment card for monetary gains, known as carding, is a leading cause of financial loss to consumers. This typically involves theft of card security codes (also called CSC or CVV numbers), which are then resold on the Web or used to buy products that can be sold for cash.

Merchants are affected just as badly as consumers by counterfeit transactions. Illicit payments cause loss of inventory, charge-backs and harm to a victim’s reputation, all of which can seriously damage a retailer’s business.

In this article, we’ll talk about the carding process in detail. By the time you finish reading this article, you will know more about:

  • How carding works
  • The various methods used for carding
  • What you can do to protect yourself against carding

Let’s get started.

What Is Carding and the Carding Business?

In general, the term “carding” is used to describe the theft of credit or debit cards which are then used to purchase goods and services. The term, however, has evolved in recent years to include a range of malicious acts involving unauthorized use of payment cards such as Internet auction fraud, debiting stolen account numbers, reshipping and phishing. Adversaries engaged in carding schemes are known as “carders.”

Carders are active participants on websites referred to as carding forums. Most carding forums facilitate the sale of stolen identities, compromised credit card numbers and false logins. A popular example is the club2crd forum where vendors post copies of credit card numbers, checks and even bank statements. Carding forums also assist their members by providing them with access to resources such as:

  • URLs for carding tools and downloadable code to assist in website intrusions
  • Tutorials on different kinds of carding-related practices
  • Source code for phishing landing pages
  • (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/fwacq0yugMo/