What happened
Cybercriminals have built sophisticated Carding-as-a-Service (CaaS) marketplaces that function like legitimate e-commerce platforms, enabling attackers to buy and sell stolen credit card data, tools, and services at scale. These underground platforms bundle stolen payment card details with personal information, known as “fullz,” and use features such as advanced search filters, validation tools, and refund policies to streamline fraud operations and maintain buyer trust. Researchers found that stolen data is sourced through phishing campaigns, skimming devices targeting ATMs and point-of-sale systems, and malware infections that extract payment information from compromised systems. Marketplaces such as Findsome and UltimateShop allow attackers to target victims based on location, card type, and bank identification numbers, lowering the technical barrier for conducting fraud.
Who is affected
Consumers and organizations globally are affected, as stolen credit card data and associated personal information are traded and exploited through Carding-as-a-Service marketplaces.
Why CISOs should care
The rise of organized Carding-as-a-Service ecosystems enables a broader range of cybercriminals to conduct payment fraud and identity theft using easily accessible tools and stolen financial data.
3 practical actions
- Monitor dark web marketplaces. Identify exposed payment card data and compromised credentials early.
- Enforce multi-factor authentication. Reduce risk of account takeover from stolen credentials.
- Detect and respond to compromised cards quickly. Cancel exposed cards and reset affected accounts to limit fraud impact.