You’ve probably heard about carding lately and wondered how cybercriminals steal our card details. We are going to explain what carding is, what are the most common methods of spreading the attack and how you can prevent it.

What is carding?

This is the scam by which cybercriminals counterfeit, copy bank cards or steal financial information.

Once they get our information, they can access the money and use our card in an unauthorised way.

How are our card details stolen?

On the one hand, they could get hold of our data, randomly, using algorithms that generate combinations that can match our card numbers, including the security number.

Recently, however, cybercriminals have been using social engineering techniques to carry out more effective attacks. These include:

  • Phishing, smishing, vishing or shoulder surfing. If we have been victims of any of these cyber-attacks, we are susceptible to carding.
  • Spread of malware, such as keyloggers, which are capable of capturing our keystrokes on the smartphone keyboard.
  • Malicious and fraudulent websites where we have entered our bank details.
  • Use of RFID or NFC readers that can obtain our data. It is enough for them to have brought the reader within 15 centimetres of our card.
  • Databases of customers or users of websites whose security has been compromised.

What do they do with our data?

Once cybercriminals have got hold of our financial information, they will make purchases to verify that the information is valid.

Generally, they will first try small purchases of low amounts so as not to arouse suspicion. They will then increase spending to try to determine the available balance on the card.

How can we avoid carding?

  • Delete SMS or e-mails from unknown senders.
  • Review our banking operations and transactions periodically. Pay special attention to major events when there are more transactions in our account, such as Black Friday, Christmas or holidays.
  • It is very important to deactivate the NFC system on your smartphone when you are not using it. If not, set up your bank app to ask for a confirmation PIN when using NFC.
  • When you are going to make an online purchase, check that the website is trustworthy and has secure payment methods.
  • As always, we recommend keeping your software and apps up to date and enabling two-factor authentication for card payments.