Published: December 19, 2023
5 min read

Carders and cashers are tag-teaming to steal your identity. Don’t let them.


Brenna Cleary

Principal social media marketing manager; security and privacy advocate

+ More
A person taps their credit card for payment.

What you don’t know can’t hurt you, the saying goes. But when it comes to your credit card or bank account details floating around the dark web, ignorance is definitely not bliss. Here’s what you need to know about carders, cashers, and your identity.

In the dark web, credit card fraudsters fall into two separate, yet equally malicious groups : the carders, who steal card numbers and bank accounts, and the cashers, who buy that information to commit fraud. These are their stories (and ways you can help prevent their crimes).

If you found yourself humming the intro music to TV’s “Law & Order” as you read the above paragraph—good! Hopefully, that means we’ve got your attention. Which is important because these scammers could already be trading your information without you even realizing it.

The good news: there are steps you can take to help foil these schemes, prevent your credit from getting dinged, and keep yourself from becoming a victim of identity theft.

How do carders and cashers operate?

Carders ply their trade in the obscurity of the dark web—that region of the internet that isn’t indexed by search engines and can’t be reached with normal web browsers. Simply put, carders steal credit card numbers, make sure they work, then assemble them into blocks of lists to be sold to thieves.

While carders specialize in stealing payment credentials, cashers turn those credentials into money. A preferred cashers’ tactic is to purchase prepaid gift cards, which allows them to cover their tracks. The gift cards can be sold for cash or used to purchase other goods—laptops and TV sets, for example—that can in turn be resold for cash.

Cashers today are getting more creative than ever. Under a hot new trend known as triangulation fraud, a casher acts as a secret middleman in online purchases. After setting up a fake storefront, the casher accepts and fulfills orders using stolen credit card information. This allows the casher to pocket the money paid by the person who placed the order, and since that person receives their order as expected, they likely never suspect they were involved in a scam. Tracks covered. A clean getaway.

The scam starts with the hook

Like a good episode of a TV crime drama, carding attacks start with a hook to reel you in.

Gary was awaiting delivery of a new fleece he’d ordered online when he got a text from the U.S. Postal Service (supposedly) saying his package couldn’t be delivered due to incomplete address information and providing a link to confirm his address. Gary was so eager to get his fleece before the cooler weather arrived that he almost clicked on the link. But something felt fishy, and when he called his local post office, he was told it was a scam that was doing the rounds.

In addition to phishing scams like this, carders will use the following schemes to get at your credentials.

  • Carding forums. Think of these as dark-web equivalents of the dingy basements where crimesters gather and shady deals go down—a staple of TV crime shows. Except that instead of trading contraband, the crooks on these illegal websites buy and sell stolen credit card numbers. They also share methods for stealing financial details and may be able to test stolen card information on these forums.
  • Malware. Short for malicious software, a malware program helps bad actors gain access to your account or device. It often does this by tricking you into clicking on a link that installs the software (such as the fake USPS link in that text to Gary), usually without your knowledge. Once installed, the malware runs in the background and can record keystrokes, monitor the programs you use, and collect personal information such as credit card numbers and account passwords.
  • Credit card skimming. You’re probably not thinking about having your credit card info pilfered when you gas up your car. But thieves can install a small, hard-to-spot device known as a credit card skimmer on top of a legitimate credit card reader at a gas station pump or other location. As you slide your credit or debit card into a compromised machine, the skimmer reads and stores your card’s information. A thief may then be able to use your credit card details for carding.

How carding scams work

Carding attacks typically go something like this: An attacker gets their hands on a list of stolen credit card numbers, which may be of unknown quality and therefore need to be validated. These lists usually come from a criminal marketplace or compromised website or payment channel.

To validate the credit card numbers, the attacker deploys a bot—software that performs automated operations over the internet—to make small purchases on multiple payment sites. Each attempt tests a card number against a merchant’s payment processes to identify valid card details.

After making thousands of attempts, the bot yields validated credit card details that can be used to perform purchases. These successful card numbers are organized into a separate list and used for other criminal activity or sold to organized crime rings.

How to avoid becoming a victim

Carding attacks can destroy your credit, lead to identity theft, and negatively impact businesses whose websites are used to authorize stolen credit cards. Particularly troubling, carding fraud often goes undetected by the cardholder, which means scammers could be trading your information right now without your knowledge.

This is why LifeLock includes dark web monitoring, which alerts you if your information is found on the dark web so you can take action. If, for example, you get an alert that your email address or an account number are ricocheting around the dark web, you can update the password you use to log into that account to a new, unique, and complex password.

Forget ignorance is bliss. When it comes to carding and cashing fraud, forewarned is forearmed.

Editorial note: Our articles provide educational information for you. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Dropbox Not Hacked, But Your Account May Have Been Compromised
Dropbox said no breach had happened on its servers. “Your stuff is safe. The usernames and passwords…were stolen from unrelated services, not Dropbox.
Read More
What Is the Dark Web and Other Deep Web Terms
Check out this expansive glossary of terms to gain a better understanding of how the dark web works.
Read More
What Is Medical Identity Theft?
Medical identity theft occurs when someone steals your personal information and uses it to obtain medical services, treatment or drugs. Learn more.
Read More
What Is Shoulder Surfing?
Shoulder surfing can lead to financial wipeout—yours. What is shoulder surfing? A dangerous sport, if you’re the victim.
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more.

Sign up for promotional emails.