Carding is a criminal technique where the cybercriminal makes unauthorized use of the credit card, bank account and any other financial information regarding the victim from whom sensitive private data has been stolen through various methods. Frequently, the main method used to steal credit card information, financial data or other sensitive details are related to malware, in the case of a spy program that collects information from a computer, but apart from that there are other methods that we will mention below and which we must take into account.
Carding Methods
▸Physical Carding
Also known as Skimming. This is the theft of credit card information used at the time of the transaction, in order to reproduce or clone the credit or debit card in order to be able to use it fraudulently later on. It consists of copying the magnetic stripe of a card. Usually, this criminal method is carried out in restaurants, bars, gas stations or ATMs where an accomplice of the criminal is in possession of the victim’s credit card or in a place where a device has been installed that can copy the information contained in said card.
▸Virtual Carding.
The most widely used method of stealing sensitive credit or debit card information, financial data, or other sensitive details is related to malware. Currently, Carding includes different categories of malware, such as Trojans, rootkits, backdoor, etc. Each of these viruses can be installed in the system without any consent of the user, in order to gain access to the system. These viruses can camouflage themselves in the system for as long as they need to gather information and the required personal data in the same way, some cybercriminals use fraudulent web pages with the aim of doing Phishing to deceive users and receive financial information.
▸BINS
A BIN is the first six numbers of a credit card, which identifies the bank and the type of card it is. The BINS allows us to create credit and debit cards. BINS is used to generate pattern-based cards that we can use in different applications and web pages.
These BINS are generated through another card, one could say from the motherboard, from which thousands of cards can be created where the BINS will always have the same CVV and expiration date as the motherboard
