Carding via hotel and airline booking services (Booking, Expedia)

[Good Carder]

From carder to carders. Electronics, gift cards, and food delivery are all well and good, but there are targets where the average check is measured in hundreds and thousands of dollars. Hotels and flights. Booking services like Booking.com and Expedia process millions of transactions daily. Their anti-fraud systems are stronger than those of food delivery services, but they have a weak point: prepayment often doesn't require 3DS, and refunds from cancellations can be used for cash. Furthermore, you can sell a confirmed reservation on forums for 50-70% of the price, getting cash without having to deal with the hotel itself.

In this article, I'll explore why hotels and airlines rarely check 3DS cards for prepayment, the "book now, pay later" scheme for penalty-free cancellation, the sale of confirmed reservations on forums, the use of virtual cards for scaling, and the risks of account blocking and loss of funds due to chargebacks.

Part 1: Why Hotels and Airlines Are Prime Targets​

1.1 High average bill​

A hotel for 3-5 nights in a popular city costs $300-$1,000. Airfare across the Atlantic costs $500-$1,500. One successful transaction can generate the same revenue as 20 food orders.

1.2. No 3DS with prepayment​

Hotels and airlines use payment gateways (Adyen, Stripe, Braintree), but 3DS is often disabled for prepaid bookings. Why? Because businesses want to minimize friction for customers. If 3DS were required every time a hotel reservation was made, many customers would simply switch to competitors. A 2026 study showed that 3DS reduces conversion by 15-20%, so many merchants disable it for low-risk transactions (and prepaid hotel bookings are considered low-risk because the goods are not shipped immediately).

However: 3DS may be required for international cards, cards with a high fraud rate, or bookings over $1,000. For non-3DS BIN, US cards paying for hotels in the US, 3DS is almost never required.

1.3. Cancellation and Refund Policy​

Many hotels and airlines offer free cancellation 24-48 hours before arrival/departure. You can book a room, receive confirmation, sell the reservation (see Part 4), and then cancel it — and your money will be returned to your card. This is a "double cashout" scheme, but it requires precise timing.

1.4. Selling confirmed reservations on forums​

There are forums (FlyerTalk, Reddit r/churning, private Telegram channels) where people buy confirmed hotel reservations and airline tickets for 50-70% of the original price. You book a room with a stolen card, receive a confirmation email, sell it to the buyer, and they check into the hotel. The hotel charges your stolen card (or the money has already been charged as a prepayment). The buyer is happy — they received a 30-50% discount, and you receive cash. The victim (the cardholder) can initiate a chargeback, but by that point, you've already received the money and gone into hiding.

1.5. Difficulty of refunds for hotels​

If the cardholder initiates a chargeback 2-3 weeks after the guest has already checked in and checked out, the hotel cannot refund the service (the room has already been used). The hotel loses money, not you. The only risk for you is having your Booking/Expedia account blocked and being blacklisted by BIN.

Part 2. The "Booking with payment on arrival" scheme​

2.1 How does the "Pay at the hotel" option work?​

Many hotels on Booking and Expedia offer pay-at-the-hotel (Pay at the Hotel) payment options. You book a room, but the money isn't actually charged. The hotel simply pre-authorizes a small amount (usually $50–$100) on your card as a guarantee. Upon check-in, you pay by card or cash. In this scheme, your goal isn't to pay for the room, but to sell the confirmed reservation to a third party, who will then pay for it themselves.

The process is as follows:

1. You book a room on Booking.com with the "pay on arrival" option. You use a stolen card to guarantee the reservation (pre-authorization).
2. You will receive a confirmation email (voucher) with the guest's name (you can specify any name when booking).
3. Sell this voucher on the forum for 50-70% of the room rate.
4. The buyer checks into the hotel and pays for the room with his card or in cash.
5. You received the money, and the stolen card wasn't charged. The pre-authorization is automatically removed after 7-14 days.

2.2. Limitations and Risks​

• Some hotels verify that the card used to make the reservation belongs to the guest checking in. To verify this, you can provide the name of the actual purchaser when making the reservation.
• A pre-authorization can turn into an actual charge if the hotel considers it a prepayment. Always read the cancellation policy.
• The hotel may refuse a guest's check-in if it sees a name discrepancy.

2.3. Variation: Booking with partial prepayment​

If the hotel requires a 10-20% deposit, you can pay it with a stolen card, and have the buyer pay the rest upon check-in. Your costs are minimal, and your profit is 80-90% of the room rate.

Part 3. The "prepayment + voucher sale" scheme​

3.1. Full prepayment​

You book a room with a full prepayment (non-refundable rate) on a stolen card. The money is debited instantly, and you receive a voucher.

Advantages: the price is often lower than with payment upon arrival (10-20% discount).
Disadvantages: the money is debited, and if the buyer can't check in, you won't be able to get it back (unless you cancel before the deadline).

Algorithm:

1. Find a hotel with a non-refundable rate and a free cancellation policy of 24-48 hours (rare, but possible).
2. Book on a stolen non-3DS card.
3. Sell a voucher on the forum.
4. Once the buyer has confirmed their arrival, you can "forget" about the chargeback. If the buyer doesn't show up, cancel the reservation before the deadline. The money will be returned to the card (but the card may already be burned).

3.2. Sales of air tickets​

Airline tickets are more complicated. Many airlines require the card used to pay for the ticket at check-in (especially in the US and Europe). However, there are loopholes:

• Use services like Expedia, which don't share credit card information with airlines. The buyer registers with their passport, and there are no problems.
• Buy tickets from low-cost airlines (Ryanair, EasyJet, Southwest). They rarely check your card.
• Sell tickets on forums where buyers are willing to take a risk. Price: 50-70% of the original price.

Important: Airlines may cancel a ticket if the card used to pay for it is stolen. Therefore, it's best to use virtual cards with a small balance (single-use) and sell "no refund" tickets.

Part 4. Platforms for selling confirmed reservations​

4.1. Travel Enthusiast Forums​

• FlyerTalk (the largest English-language forum). Sections "Hotel Deals" and "Premium Fare Deals." You can find buyers for your reservations there.
• Reddit r/churning, r/travel. Fewer, but also active.
• Closed Telegram channels like "Hotel Booking Discounts" and "Flight Deals" often require an invite, but the price is higher.

4.2. Online platforms for reselling armor​

• Roomer (a legal hotel booking resale service). They charge a 15-20% commission but ensure the transaction is secure. They're not suitable for carders because they require verification.
• Purchased Booking accounts with history. Accounts that can be used to post reservation ads are sold on the darknet.

4.3. Local Classifieds​

Craigslist, OfferUp, Facebook Marketplace (if you don't get banned). Post an ad: "Hotel in New York, 3 nights, 4-star, $900, selling for $500." You'll find a buyer.

4.4. Prices and fees​

Method of sale	Commission	Speed	Risk of scam
FlyerTalk	0%	Average	Low (seller rating)
Telegram channel	0–5% (donate admin)	High	Average (lots of scammers)
Craigslist	0%	Low	High
Roomer	15–20%	High	Low (escrow)

For starters, I recommend FlyerTalk or trusted Telegram channels. For larger amounts ($1,000+), use an escrow service or sell through verified buyers with a history.

Part 5. Virtual Cards and Anonymity​

To scale a diagram, you'll need not just one, but dozens of cards. Use:

• RedotPay (virtual Mastercard cards, USDT top-up). No KYC required, but documents may be requested for large amounts (over $5,000). Suitable for hotel reservations of $300–$500.
• Advcash (Volet) — Mastercard cards, crypto replenishment, limits of $1,000/day for unverified accounts.
• VCC from Privacy.com (US residents only, but available through drops).

The one-time VCC scheme: create a card with a balance equal to the booking amount, pay, receive a voucher, and sell it. You can then close the card. Even if a chargeback is initiated, the card is no longer active and the money has been debited.

Warning: Booking and Expedia may block cards with certain BINs (especially prepaid cards). Use only VCCs with BINs not associated with prepaid cards (RedotPay is suitable, but Advcash should be used with caution).

Part 6. Risks and how to minimize them​

6.1. Booking/Expedia Account Blocking​

Booking has a powerful anti-fraud system that monitors:

• Accounts created from the same IP.
• Multiple bookings on one card.
• Mismatch between IP geolocation and card country.
• Using cards with high fraud - coming soon.

Solution: Use each account for 1-2 bookings, then "burn" it. Register through a VPN/proxy that matches the country of your card.

6.2. The hotel requests a card upon check-in.​

With the "pay at check-in" option, the hotel may ask for the card used to make the reservation. If the buyer cannot present it, the hotel may refuse check-in.

Solution: When booking, provide the real buyer's name. To guarantee payment, use a card with the same name. This is impossible unless you have a drop card. Solution: Book only at hotels that don't check cards (chain hotels with automated check-in, boutique hotels, Airbnb).

6.3. Chargeback from the cardholder​

If the victim disputes the transaction, Booking.com or the hotel may cancel the reservation. The buyer will be left without a room. Your reputation on the forum will be damaged.

Solution: Sell reservations with a short period of time before check-in (1-2 days) to prevent the chargeback. Use cards with a short shelf life (prepaid, VCC with a time limit).

6.4. Fraudulent buyer​

The buyer can receive the voucher and then initiate a refund through the booking service (if they have the booking details). They'll get the money, and you'll be left with nothing.

Solution: sell only through escrow or require a 50% deposit before sending the voucher. Check the buyer's reputation on the forum.

6.5. Legal risks​

In the US and Europe, hotel and airline booking fraud is a felony for amounts over $1,000. Avoid transactions above this threshold unless you're certain you're being dropped. Use drop addresses and virtual cards to minimize connections.

Part 7. Checklist for carding through Booking/Expedia​

• Choose a service: Booking for more hotels, Expedia for hotels and flights. Booking is a good place to start.
• Find a hotel/ticket with a pay at hotel or non-refundable option at a good price.
• Prepare your account: new email, phone number (temporary is fine), residential proxy of the hotel's country, anti-detection.
• Use a stolen non-3DS card or VCC with sufficient balance.
• Reserve with the name of the real buyer (if you know who you will be selling to).
• Receive confirmation (voucher) by email.
• Sell the voucher on FlyerTalk, Telegram, or Craigslist for 50-70% of the original price.
• Receive payment in cryptocurrency (USDT, XMR) or cash (upon meeting).
• Cancel the reservation (if possible and if the buyer doesn't show up). The money will be returned to the card (but the card may already be burned).
• Burn your account after 1-2 bookings.

Summary​

Hotels and airline tickets are lucrative targets with high average checks. The "booking with payment on arrival" scheme allows you to sell vouchers without risking money. The full prepayment scheme requires investment, but offers higher margins. Key platforms for sales are FlyerTalk and closed Telegram channels.

Risks include account blocking, hotel refusal to check in, and chargebacks. Use non-3DS cards, VCC, residential proxies, and anti-detection. Don't be stingy with the booking amount ($300–500 is optimal). With OPSEC compliance, hotels and airline tickets can become a stable source of income with an ROI of 100–300%.

A quick one-line reminder:
"Booking + non-3DS card + payment on arrival option = selling a voucher for 70% of the cost. Receive the money – cancel the reservation (if you don't check in). Chargebacks are not a problem – the card is already burned." FlyerTalk and Telegram are your customers. The hotel doesn't check your card upon check-in if the name matches. One successful booking = $300–500 net."