Carding via food delivery services (Uber Eats, DoorDash, Grubhub)

[Good Carder]

From carder to carders. Electronics and gift cards are lucrative, but also a hassle. But what if I told you you can earn a steady income with minimal risk simply by ordering pizza and burgers? Food delivery services are the perfect target for carders. Small checks ($20–$50), instant delivery, complicated returns, and almost no 3DS. Orders are processed by bots, not humans. Couriers don't care whose card the order is paid for with. You receive the food, eat it, or resell it. The victim won't notice the charge or worry about a chargeback over a paltry sum.

In this article, I'll explore why Uber Eats, DoorDash, and Grubhub are ideal targets for carders, their weaknesses, how to use promo codes and referral bonuses to increase profits, how to automate orders using scripts and antidetect, and the risks you face (SMS confirmation, account blocking if fraud is suspected).

Part 1: Why Food Delivery Services Are the Ideal Target​

1.1. Small checks – invisible to the victim​

The average bill on Uber Eats and DoorDash is $20–40. When a victim sees the charge, they'll likely assume they ordered the pizza themselves or simply ignore it. Chargebacks for this amount are rarely initiated. Statistics show that only 15% of cardholders dispute transactions under $50.

1.2. No 3DS for small amounts​

Most payment gateways (Stripe, Braintree) don't request 3DS for transactions under €30 (low-value exemption). Uber Eats and DoorDash use these gateways. For non-3DS cards, and even for regular cards with 3DS but with amounts under $30, the 3DS is often not triggered. This is a key vulnerability.

1.3. Instant delivery, complicated returns​

You ordered food, and the courier delivered it in 20-40 minutes. You ate it. A refund is impossible. Even if the victim initiates a chargeback a week later, the food has already been digested. The delivery service can't return the item, and the chargeback falls on them, not you. The platform may block your account, but you'll have already created a new one by then.

1.4. Easy to automate​

Food ordering is a simple REST API or mobile app. You can write a script that places an order, handles card payments, and even tracks the status. Uber Eats and DoorDash have weak antifraud measures — they're more concerned about fraud from couriers than from customers.

1.5. Resale Possibility​

You can resell food. It sounds strange, but people buy ready-made orders (like burgers and pizza) for 50-70% of the price on local flea markets (Craigslist, OfferUp, Facebook Marketplace). Or you can order groceries through services like Instacart and resell them retail. It's more difficult, but possible.

Part 2. Comparison of Services: Uber Eats, DoorDash, Grubhub​

Parameter	Uber Eats	DoorDash	Grubhub
Average bill	$25–35	$30–40	$25–35
3DS for non-3DS cards	Rarely (up to $50)	Rarely (up to $50)	Rarely (up to $50)
Verification requirement	Email + phone number (SMS)	Email + phone number (SMS)	Email + phone number (SMS)
Antifraud	Weak	Medium (monitors multi-accounting)	Weak
Promo codes / bonuses	Often (50% off your first order)	Frequently (30% discount on first orders)	Rarely
Account blocking if suspected	Instant	After several orders	Slow
Better for	Quick profit (small checks)	Large orders (amounts up to $100)	Beginners (weak control)

Verdict: Uber Eats is the best choice for small, bulk orders ($20–$30). DoorDash is better for larger orders ($50+), but the risk of being banned is higher. Grubhub is better for beginners; they have weaker security but also fewer promo codes.

Part 3. The "Order Drop - Receive Food - Resell" Scheme​

3.1. Account Registration​

1. Create a new email (temporary, via a catch-all domain, or fake Gmail).
2. Sign up for Uber Eats via VPN/proxy (country must match delivery address).
3. Enter the drop's phone number (you can buy a virtual number on SMS-activate for $0.50–$1). You'll need to enter an SMS code for verification.
4. Provide a delivery address — a drop-off address (a rented apartment, office, or even a park or street if you're willing to meet the courier). For Uber Eats, you can specify "meet at the door" without an exact address, but the courier may refuse.

3.2. Activating promo codes​

Uber Eats and DoorDash offer generous bonuses to new users: 50% off your first order (up to $15–$20), free delivery, and buy-one-get-one-free. Use these to maximize your profits.

Where to find promo codes:

• Referral programs (invite yourself from another account).
• Promo code aggregator sites (RetailMeNot, CouponBirds).
• Telegram and Reddit groups dedicated to saving on delivery.

Example: Your first order on Uber Eats comes with a 50% discount (max $15). You order $30 worth of food and pay $15 with a stolen card. You receive the food. You sell it for $20 (a 33% discount on retail). Net profit is $5, plus you ate the food (or sold it). ROI: 33%.

3.3. Ordering and Receipt​

1. Choose a restaurant that offers delivery (preferably one where the food is packed in sealed boxes so the courier can't check the contents).
2. Add items to cart worth $25–$40.
3. Apply promo code.
4. Pay with a stolen non-3DS card.
5. Wait for the courier (or send a drop to meet him).
6. Get food.

3.4. Resale​

• Option A (quick): Sell food on the spot (to coworkers, neighbors, passersby) for cash. 50–70% of the cost.
• Option B (planned): Post an ad on Craigslist, OfferUp, or Facebook Marketplace: "Uber Eats order for $30, selling for $20." Meet the buyer in a public place and hand over the food.
• Option B (for groceries): If the service delivers groceries (Instacart, Amazon Fresh), you can resell them at retail or use them for yourself, saving on groceries.

3.5. Account burning​

After 2-3 orders, your account may be suspended (especially by DoorDash). Don't hesitate – create a new one. Use different email addresses, phone numbers, proxies, and fingerprints.

Part 4. Automating Orders with Scripts​

For bulk transactions (dozens of orders per day), automate the process.

4.1 Uber Eats API (unofficial)​

Uber Eats has an undocumented API that can be reverse-engineered. In 2026, many use the unofficial Python library uber-eats-api . The script can:

• Log in using email/password (or session cookie).
• Get a list of restaurants.
• Add items to cart.
• Apply promo code.
• Create an order and pay by card (you need to provide card details).

Example (simplified):

import requests

session = requests.Session()
# Login
session.post('https://auth.uber.com/login', data={'email': '...', 'password': '...'})
# Getting restaurants
restaurants = session.get('https://api.uber.com/v1/eats/restaurants?lat=40.7&lng=-74.0')
# Create an order
order = session.post('https://api.uber.com/v1/eats/orders', json={
'restaurant_id': '123',
'items': [{'id': '456', 'quantity': 2}],
'payment_method': {'type': 'CARD', 'card_data': {...}}
})

Caution: The API is subject to change. Bypassing the API with Selenium and a real browser is more reliable, but slower.

4.2. Playwright for Browser Automation​

from playwright.sync_api import sync_playwright

def order_uber_eats(card_data, proxy):
with sync_playwright() as p:
browser = p.chromium.launch(proxy={"server": proxy})
page = browser.new_page()
page.goto('https://www.ubereats.com')
page.fill('#email', 'temp@mail.com')
page.fill('#password', 'pass')
page.click('button[type="submit"]')
# waiting for SMS code (need access to the drop number)
code = input("Enter SMS code: ")
page.fill('#otp', code)
page.click('#verify')
# then select a restaurant, products, place your order
# ...
browser.close()

4.3. Multi-accounting with antidetect​

For bulk orders, use a pool of accounts, each with its own:

• Email (catch-all domain).
• By phone number (SMS-activate).
• Proxy (residential, corresponding to the delivery region).
• Fingerprint (antidetect browser).

Set up a rotation: each account makes 1-2 orders per day, then “rests” for 2-3 days.

Part 5. Risks and how to minimize them​

5.1. SMS confirmation requirement​

Uber Eats and DoorDash require phone number verification upon registration and sometimes for each order. Use virtual numbers (SMS-activate, 5SIM) or drop numbers. For bulk transactions, you can rent a pool of numbers on a monthly basis.

5.2. Blocking an account by IP or fingerprint​

If you order from the same IP address multiple times a day, your account will be blocked. Rotate proxies and use antidetect. A clean fingerprint is especially important for DoorDash.

5.3. Courier refusal to accept card payment​

The courier doesn't know what card was used to pay for the order. They don't care. The risk is minimal.

5.4. The victim initiates a chargeback​

If the cardholder disputes the transaction, Uber Eats will block the account and may request additional information. But you've already received the food. The chargeback will fall on Uber Eats, not you. The only risk is if you used an account with real information that can be linked to you (but you're using drop data). Don't use an account linked to your real phone number or address.

5.5. Bulk orders from one card​

If you use one stolen card for 10 orders of $20–30 each, the bank may notice the anomaly and block the card. Use each card for no more than 2–3 orders. Anything more is risky.

5.6. Legal risks​

In the US, food delivery fraud is a misdemeanor or felony, depending on the amount. Don't exceed $500–$1,000 per card to avoid attracting attention.

Part 6. Checklist for carding through delivery services​

• Choose a service: Uber Eats (best for small orders), DoorDash (for large orders), Grubhub (for beginners).
• Prepare your account: new email, virtual phone number, proxy (country = delivery region), antidetect.
• Find promo codes (50% off your first order, free shipping).
• Use a stolen non-3DS card with a balance equal to the order amount (+ fees).
• Place your order: $20–$50, preferably with a promo code. Delivery address: drop address or meeting location.
• Get food (either by yourself or through drops).
• Resell the food for 50-70% of retail (on Craigslist, to coworkers, neighbors) or eat it yourself (saving on groceries).
• Burn your account after 2-3 orders (use a new one for the next ones).

Summary​

Food delivery services are the perfect target for carders looking for quick cash with minimal risk. Small checks ($20–$40), no 3DS for non-3DS cards, instant delivery, and complicated returns make them vulnerable. Promo codes and referral bonuses increase profits. Automation through scripts and multi-accounting allow scaling to dozens of orders per day.

The main risks are account blocking by IP or fingerprint, SMS confirmation requirements, and chargebacks for large amounts. Use drop data, virtual numbers, residential proxies, and antidetect. Don't be stingy with the order amount ($50 is the ceiling for low-risk transactions). If you adhere to OPSEC, food delivery can become your stable source of daily income.

A quick one-line reminder:
"Uber Eats + non-3DS card + 50% promo code = food at half price. Resale at 70% of retail = 20% profit per order." 10 orders per day = $40–60 net. Automation through scripts and multi-accounting scales income. Don't use your card more than 2–3 times; burn out your accounts. Food delivery is carding for the lazy.