• Spanish
    • French
    • English
  • Newsletter
Atalayar Economy and business
The keys to the world in your handsLes clés du monde entre vos mainsLas claves del mundo en tus manos
Search
Sections
Follow us
Language
  • Spanish
  • French
  • English
This practice is a form of online scam through which criminals access your bank cards to make small purchases with them

Carding

Cryptography: history and curiosities, the importance today

Cryptography (II): delving deeper into this world

Carding
Nuria Rojas
Updated: 04/05/22

Nowadays, carding is an unconventional method for the requisitioning of our bank details, although day by day these methods are being improved so that it is harder for us to realise what has happened.

What is carding?

Carding is a form of online fraud in which criminals gain access to your bank cards in order to make small purchases with them. In this way, they prevent the person from detecting that a fraudulent use of the card is taking place, or the time in which the person reacts is longer. (Operbank. 2021)

Carding

Types

There are two types of carding: virtual carding and real or physical carding.

Virtual carding

This is carding aimed at buying physical items over the internet. To carry it out, we will first need a credit card, which can be bought in carding forums, stealing databases from which the cards are stored, through phishing, shoulder surfing or fake shop. (Pérez-Malumbres Cervera, E, 2019)

Real or physical carding

In this case, it consists of the manufacture of credit cards. Devices called "skimmers" are used, which are very easy to obtain, they are attached to ATMs (automatic teller machines), just above the card reader, and go completely unnoticed.

As soon as the subject inserts the card, the data is recorded.

Once they have the card number, the PIN is missing. Although it is normal to cover the keypad when entering the PIN, this is a futile action, as it is normal to record the keys with a fake keypad.

Another method is with offline POS, which is an offline dataphone. You enter the card and the pin number as in a normal one, but the transaction does not arrive, but your data does. (Pérez-Malumbres Cervera, E, 2019)

Carding

How is it done?

It can be done by phishing with an email message and spam, used to trick the user into revealing personal and financial data such as passwords or bank accounts.

Through carding forums, these are marketplaces used for illegal activities.

It can be done over the phone, this is done through an operator, who convinces you to give your credit card number. (Pérez-Malumbres Cervera, E, 2019)

The criminal method, according to Jordi Bacaria, is as follows: "With the credit card data they make small purchases, which are usually in shops or fast food establishments, aesthetic or beauty products." (20 minutos, 2020)

These purchases are usually around 60 or 70 euros, so it takes time for the user to notice them because they can be considered everyday purchases.

Carding

What are "BINs"?

BINs are the carding communities. This is because the BINs (Bank Identification Number) are the first six numbers of your credit card, which makes it easier for your bank to identify the card you have, whether it is a credit or debit card.

These communities are organised into various modules, each of which is in turn organised into social networks, from which they obtain all the necessary data, as well as sharing or selling the data obtained.

According to Jordi Bacaria, in an interview with the magazine 20 minutos, he stated that "this crime goes beyond Spain. Normally, the criminal gangs come from Eastern Europe". In this regard he alleges, "They act almost like suppliers, in fact, there are even applications to clone cards." (20 minutos, 2020)

Carding

How to prevent and combat it?

The main way to prevent it is to surf on pages that are considered secure, that have a padlock, or that begin with "https". 

Delete emails from senders you don't know or that seem suspicious, never open them.

Once a credit card expires, cut it into several pieces and distribute them in several rubbish bags, so that it is much more difficult for them to find it.

Check the purchases you make on the internet and periodically check the expenses you make with that card, and in the event of any anomaly, contact your bank to solve it.

Carding

Carding in Spain

In August 2021, an international network that hacked credit cards to steal one million euros was dismantled in Spain, specifically in Cadiz and Malaga.

A total of 11 people have been arrested between Spain and Chile and 20 others, who could be related, have been investigated in an operation called "Operation Collector".

They are accused of committing a total of 2,500 criminal acts throughout the world. A total of 300 companies were affected and 42,000 credit cards were used in 47 countries. (Guardia Civil, 2021)

Current legislation

In Spain, carding is currently punishable under Articles 386 and 387 of Organic Law 10/1995 of 23 November 1995 on the Penal Code.

Article 386 provides for a penalty of eight to twelve years and a fine of eight to ten times the apparent value of the currency for anyone who alters currency or manufactures counterfeit currency, exports counterfeit or altered currency or imports it into Spain or any other Member State of the European Union. (PC, 1995)

In Art. 387, currency is understood to be metallic and paper currency, legal tender, also credit, debit and other cards that can be used as a means of payment, as well as travellers' cheques. The currencies of other European Union countries and/or foreign currencies shall be equated with national currencies. (PC, 1995)

Carding

Recommendations

Ignore spam messages or e-mails from unknown senders. 

Under no circumstances give out any bank details over the phone.

Install a trusted anti-spyware (antivirus) on your system.

If you suspect you have been attacked, you should immediately contact your bank to report the problem and seek the quickest and most effective solution possible.

In case you have a company, and it has been attacked, you should inform all customers to change passwords and personal information.

BIBLIOGRAPHY

Ley Orgánica 10/1995 del Código Penal [CP]. Art. 386 y 387 de 23 de noviembre de 1995 (España)

La Guardia Civil disuelve grupos de más de 100.000 miembros de una conocida app de mensajería dedicados al carding en una operación contra el fraude informático. (2021, 10 agosto). Guardia Civil. https://www.guardiacivil.es/es/prensa/noticias/7942.html?versionImprimible=true

Operbank. (s. f.). ¿Qué es el delito de «carding»? Open News Blog. https://www.openbank.es/open news/carding/#:~:text=El%20carding%20es%20una%20forma,tardes%20m%C3%A1s%20en%20darte%20cuenta

Pérez-Malumbres Cervera, E. (2019, 6 noviembre). Carding, ¿cómo nos la lían? Derecho en la red. https://derechodelared.com/carding/

Segarra, P. (2020, 16 julio). ¿Qué es el «carding» y por qué debes tener mucho cuidado? 20 Minutos. https://www.20minutos.es/noticia/4325449/0/que-es-el-carding-y-por-que-debes-tener-mucho-cuidado/

Nuria Rojas, colaboradora Sec2Crime- área delincuencia económica

Tags:
More in Economy and business