Glossary term
Carding
Carding is the criminal use, testing, buying, or selling of stolen payment card data, often through small transactions or online purchases used to confirm whether card details work.
Updated
Read time
What Is Carding?
Carding is a form of payment fraud involving stolen credit card or debit card information. Criminals may buy, sell, test, or use card data to make unauthorized purchases, move money, or confirm that stolen card details are still active. The activity often happens online, where small transactions can be used to test many cards quickly.
Carding is not the same as a normal card dispute or billing error. It involves unauthorized use of payment credentials. The stolen information may come from data breaches, phishing, malware, compromised merchants, skimming devices, or criminal marketplaces.
Key Takeaways
- Carding involves stolen payment card data and unauthorized transactions.
- Criminals may test cards with small purchases before attempting larger charges.
- Stolen card data can include card numbers, expiration dates, CVV codes, names, addresses, and login credentials.
- Consumers may see carding as unfamiliar small charges, account alerts, declined cards, or account takeover attempts.
- Quick reporting to the card issuer can help limit further unauthorized use.
How Carding Works
A criminal first obtains payment card information. That information may be purchased in bulk, stolen through phishing, captured by malware, or collected from a compromised website. The criminal then tests whether the card works, often with low-dollar transactions that are less likely to trigger immediate attention.
If the test succeeds, the card information may be used for larger purchases, resold as verified data, or paired with other personal information for broader identity theft. Some carding operations also use automated tools to test many card numbers against merchant checkout systems.
Where Carding Shows Up
Signal | What It May Mean |
|---|---|
Small unfamiliar charge | A criminal may be testing whether the card works. |
Multiple declined attempts | Automated testing may be hitting the account. |
Unexpected verification code | Someone may be trying to use saved card or account credentials. |
New merchant alerts | The card may have been used at an unfamiliar online store. |
Account lockout | Payment fraud may be paired with login attempts. |
How Carding Affects Consumers and Businesses
For consumers, carding can create unauthorized charges, card replacement hassles, frozen accounts, and identity-theft concerns. Card networks and issuers provide protections, but consumers still need to review statements, respond to alerts, and report suspicious activity quickly.
For businesses, carding can create chargebacks, fraud losses, higher processing costs, inventory loss, and checkout friction. Merchants may use fraud-screening tools, velocity checks, address verification, tokenization, and stronger authentication to reduce the risk.
The Bottom Line
Carding is payment-card fraud built around stolen credentials. Small unfamiliar charges should not be ignored because they can be tests before larger unauthorized activity. Fast reporting, account monitoring, and strong authentication are practical defenses.