Underground abraCARDabra: Understanding carding forums

Paying for dinner? A taxi ride? A tropical drink? Sure. Swipe or tap your card and it is done. Convenient. Payment cards make it easy for us to make payments at “brick-and-mortar” locations and online marketplaces. However, they are also attractive targets for cybercriminals seeking to steal funds from the accounts linked to payment cards, as seen in this recent high-profile theft of credit cards affecting more than 1,000 hotels, for instance.

Theft of payment card information via phishing, skimming, or hacking, is usually the first step in the chain of payment card fraud. Other steps include sales, validation, and monetisation of the stolen data. These illicit deals are aided by underground online forums where cybercriminals actively trade stolen credit card information. To tackle payment card fraud, it is therefore important to understand the characteristics of these forums and the activity of miscreants using them. In our paper, presented at the 2017 APWG Symposium on Electronic Crime Research (eCrime2017), we analyse and discuss the characteristics of underground carding forums. We focus on the available products and prices, characteristics of sellers, and features of the forums. We won the Best Paper Award at eCrime2017.

Products

The main products available on carding forums are credit card numbers, dumps, and fullz. Credit card numbers comprise the information actually printed on credit cards, that is, cardholder name, card number (16 digits on most cards), expiry date, and the security code on the back of the card (usually 3 digits).

Dumps comprise stolen information from the tracks of magnetic stripe of a credit card. Dumps are usually obtained via skimmers. Skimmers are devices attached to Automated Teller Machines (ATMs) and Point of Sale (POS) terminals by miscreants to steal data from unsuspecting victims. Afterwards, the miscreants create clones of the skimmed credit cards and monetise the clones, for instance, by making illicit purchases with them.

Fullz contain further information about the cardholder. In other words, fullz usually comprise information printed on the card plus additional information such as bank account information, cardholder’s date of birth, Social Security number, etc.

Sellers

Generally, there are several types of participants on carding forums: sellers, buyers, intermediaries, mules, administrators, and others. These roles are not mutually exclusive; sellers may simultaneously be buyers. In this study, we focus on sellers since they come before buyers in the fraud chain.

Our approach

We studied previous work on underground marketplaces and forums, and derived the following hypotheses from the insights gained. We then searched for names of carding forums, found 25 names, and collected data from 5 active forums. We then tested the hypotheses on the data.

Hypothesis 1. Prices of fullz (credit card numbers and additional cardholder information) are higher than prices of credit card numbers.
Hypothesis 2. A small number of traders are responsible for a large
proportion of traffic.
Hypothesis 3. Most traders sell only one product type (that is, they are specialised).
Hypothesis 4. Specialised traders sell their products at lower prices than unspecialised traders.
Hypothesis 5. Carding forums have working reputation systems that are as sophisticated as those of legal marketplaces (for instance, eBay).
Hypothesis 6. The vast majority of actors do not operate on more than
one forum.

Summary of findings

Our analyses confirmed Hypothesis 1, Hypothesis 2, and Hypothesis 6. In other words, prices of fullz are indeed higher than prices of credit card numbers (credit card numbers: mean = $10.08, median = $10.00; fullz: mean = $31.82, median = $30.00). Also, a small number of traders are responsible for a large proportion of traffic. Finally, most sellers focus their efforts on a single forum, as expected.

Hypothesis 4 was partially rejected, while Hypothesis 3 and Hypothesis 5 were completely rejected. In other words, specialised sellers do not always sell their products at lower prices than the unspecialised ones, most sellers advertise more than one type of product, and most of the carding forums under study do not have working reputation systems that are as elaborate as those of legitimate online marketplaces.

In conclusion, dumps and fullz are relatively expensive; they are more than three times as expensive as credit card numbers. This may be due to the effort needed to obtain or monetise the data, the amount of available information, or differing supply and demand. Sellers have varying success. Even though some sellers complete hundreds of transactions, most sellers do not succeed in selling anything. This means that the trading sections of the forums are profitable distribution channels for high-profile actors. Finally, specialisation is not a key characteristic of sellers, not even of high-profile sellers.

Further details can be found in the full paper All Your Cards Are Belong To Us: Understanding Online Carding Forums, by Andreas Haslebacher, Jeremiah Onaolapo, and Gianluca Stringhini.

2 thoughts on “Underground abraCARDabra: Understanding carding forums”

  1. CARDING FORUM
    What is Carding Forum?
    A Carding Forum is an unlawful website dedicated to the sharing of stolen credit card information and details. Carding Forum contains credit card information that has been stolen or obtained by any other illegal means. It also includes a discussion Board in which the members of forum shares techniques and tactics to be used to obtain credit card information.
    Carding Forum are usually found on “Dark Web” using highly encoded TOR routing intended to provide secrecy. Purchaser of stolen credit “card information” mostly pay in cryptocurrencies. Sale and purchase of “stolen credit card information” is illegal therefore, participants in carding forum use aliases to hide their identities.
    • “Fullz” is a term, in slang, used for complete credit card information required to a thief to for buying something using stolen card. Usually “Fullz” pertains your name, account data, social security number and other information needed for the transaction.
    How Carding Forum Works?
    When a person or an organized group steals credit or debit card information, it’s not clear whether the number or stolen information is sufficient for making transaction or not. For example, if the stolen card has insufficient funds for the transaction or user has cancelled their card, card has been blocked due to any penal action, or card has been expired. The card thief needs verification of card information so that he can use the card’s information for deceitful purchases and transactions.
    Thieves primarily focus on verification of stolen credit or debit card information by multiple ways. Most commonly, they suggest that stolen card first be used to make a small transaction containing nominal amount that are unlikely to trigger a warning to the rightful owner/cardholder. Debit and credit cards information, which has been verified by using carding techniques, thieves, sell this information to other parties, who makes fraudulent purchases using this information.
    Carding Forums is a market place used by thieves willing to use stolen card information for making purchases, as well as folks looking to buy stolen card number. Thieves makes the offer on the forum which attracts the buyer and they negotiate on the forum, or move their offers for sale to black markets on the dark web, where bulk of credit and debit card information in hundreds to thousands of dollars. Furthermore, prevention of this black market is quite impossible for law enforcement agencies.

    How to protect yourself from Carding Forum?
    There is no scientific and authentic method is invented to minimize the possibility of carding forum. However, precaution and careful means can be used to avoid this fraud. Be conscious while providing you credit card information; provide information to reputable retailers only.
    Trades and industries are equally worried by the fraud linked with carding forums as stolen or breached date directly impact their profits and reputation. Therefore, most of the grand retailers have implemented various modes to reduce the possibility of data stealing including multi-part payment process to verify transactions and filter out fraud. This most commonly includes ‘CAPTCHA’, which tries to confirm human input and decline automated and rebooted scripts from processing batches of stolen debit and credit card numbers.
    Furthermore, the credit and debit card industry is adopting precautionary measures by introducing latest techniques to lessen this illegal activity and to avoid the possibility of fraud. Chip, RFID and PIN empowered cards as well as sensitive electronic countermeasures have made stealing card’s information more tough for thieves/criminals. However, as precautionary method become more urbane, as compare to thieves/criminals.
    Despite these best counter-measures, even the major companies and individuals are susceptible to data breaches, which release your card’s information over the dark web.
    verified carding forum 20201,
    underground carding forums 2021,
    darknet carding forums,
    trusted carding forum,
    carding forum list,
    carding forums 2021,

  2. //////////////////////////////
    Keywords:Carding forums
    Target page:
    http://varifiedcarder.ws/whats-new/

    Title: What’s new | Varified Carder Forum 2021 | Carding Forum
    Description:

    //////////////////////////////
    Keyword:Trusted carders forums
    Target page:
    http://varifiedcarder.ws/members/

    Title:
    Trusted carders forums | Notable members | Carding Forum 2021
    Description:

    //////////////////////////////////////
    Keyword:Varified carders
    Target page:
    https://varifiedcarder.ws/award-system/list

    Title:
    Awards | Verified Carders | Carding Forum 2021 | Carders Forum | Hacking Forum
    Description:

    //////////////////////////////////////

Leave a Reply

Your email address will not be published. Required fields are marked *