Carding: card information theft

17/10/2023

Carding involves the use of stolen bank card information to commit fraud and create virtual cards. This new post in the “Protect yourself against fraud”Abre en ventana nueva series explores a sophisticated form of fraud that requires multiple techniques used in succession.

It involves the cloning of virtual cards by cyber criminals to make online purchases, typically of small amounts to pass unnoticed. Thieves often take advantage of busy retail seasons, such as the sales period. They often buy preloaded gift cards as a means of covering their tracks. In Spain, these cyber criminals are often dubbed “bineros”, after the bank identification numberAbre en ventana nueva (BIN) used to identify the card issuer.

How do cyber criminals steal the victims’ information? Common techniques include:

• phishingAbre en ventana nueva, smishing, vishingAbre en ventana nueva and shoulder surfing;
• malware,Abre en ventana nueva such as keyloggers, which can record your keystrokes as you type;
• databases containing customer or user information that have been breached and published on the deep web;
• web spoofing, where fake websites are disguised as legitimate ones to trick users into entering personal data;
• RFID or NFC readers to wirelessly capture card data. These are rarely used since they need to be in very close proximity to the victim.
• skimmingAbre en ventana nueva, involving card data theft at manipulated ATMs.

How can I protect myself from this kind of fraud?

• Destroy your expired credit cards. You can do this yourself with scissors or by taking them to your bank for recycling.
• Do not disclose your card information unless you are completely sure who you are sharing it with.
• Check your bank account transactions on a regular basis.
• Use prepaid cards for online purchases.
• Disable NFC on your device when not using it.
• Use anti-theft shields (RFID blockers) to protect your cards while they’re in your pocket.