Carding digital goods (software, subscriptions, games, crypto airdrops)

[Good Carder]

Introduction: The Digital Economy – Carders' New Target​

When a purchase is completed with a single click and the goods are delivered in seconds, it creates the perfect environment for fraud. Digital goods have become an attractive target for carders and fraudsters worldwide. According to Juniper Research, the transaction value of fraud involving digital goods is growing faster than that of physical goods, increasing by 162% from $10.4 billion in 2025. Juniper Research reports predict that losses from AI-powered fraud in digital goods could reach $27 billion by 2030, highlighting the severity and scale of the problem.

In 2025, fraud losses to financial institutions totaled approximately $25 billion, and this figure could grow by more than 150% by 2030, exceeding $55.3 billion. This trend is directly related to the rapid growth of digital commerce and the vulnerabilities inherent in instant delivery of goods without physical confirmation.

Why are carders increasingly targeting this niche? Instant delivery, the lack of physical proof of shipment, and the difficulty of returns make digital goods an ideal target. Software, game keys, subscriptions, in-game currency — all of these can be purchased with a stolen card and instantly converted into real money.

Part 1: Why Digital Goods Are Easier to Cash Out​

1.1 Instant delivery is the main vulnerability​

The key problem with digital goods is that they are delivered instantly. For a fraudster, this means they gain access to software, a subscription, or game content within seconds of payment — long before the owner of the stolen card notices the charge and initiates a chargeback.

A carder can purchase an annual subscription to a SaaS service, use it, or resell it, and the charge will only be disputed within hours or even days. By this time, the fraudster has already successfully exploited all the benefits of the product.

1.2. Chargeback Complexity for Digital Sellers​

When returning a digital product, sellers face a number of challenges that sellers of physical goods don't. Lack of proof of delivery is a major concern. With physical delivery, sellers have a tracking number and proof of delivery. This is not the case with digital goods. Sellers must rely on technical logs, such as IP addresses, account login times, download timestamps, and usage history.

Chargebacks are also costly. For SaaS developers and digital sellers, preventing chargeback fraud is not an option. Dispute rates exceeding 1% of all transactions can lead to merchant account closure by the payment service provider. A LexisNexis Risk Solutions report found that every dollar of fraud costs sellers $4.60, accounting for fees, labor costs, and the cost of lost goods.

"Friendly fraud" is particularly prevalent in this sector. Approximately 80% of chargebacks for digital sellers are attributed to first-party fraud. Friendly fraud is a first-party fraud committed when a genuine customer makes a legitimate purchase and then disputes it with the bank, claiming the item was not received or does not match the description. First-party fraud is often difficult to prove, so banks often side with the customer, leaving the seller with losses.

1.3. Low barrier to hit for carders​

To perform carding of digital goods, a carder only needs a few elements:

• Stolen credit card (CC) or access to someone else's payment account.
• An account on a marketplace (Amazon, eBay) or platform for selling digital goods.
• A channel for converting received goods or gifts into real money.

Unlike physical goods, fraudsters don't need a complex logistics infrastructure, warehouse, or delivery system. The entire process takes place digitally, reducing the risk of detection.

1.4. Friendly Fraud: A Growing Problem​

Friendly fraud has become the dominant form of digital fraud, overtaking traditional card theft in terms of losses. Companies with subscription models are particularly vulnerable, as the number of recurring charges that need to be disputed increases.

Merchants often face situations where a customer:

• Purchases a monthly subscription and actively uses the service for several weeks.
• Then initiates a chargeback, claiming the payment was unauthorized.
• The bank returns the money to the client by debiting it from the seller's account.

Statistics show that the number of disputes due to friendly fraud has increased by 18% over the past three years, and 62% of sellers report an increase in disputes due to this reason.

Part 2: Gift Card Schemes and Their Conversion to Cryptocurrency​

Gift cards remain one of the most popular methods for cashing out stolen funds. In January 2026, they were the primary method of withdrawal in Business Email Compromise (BEC) attacks, accounting for 54.9% of all attacks. With the rise in popularity of cryptocurrencies, gift cards have become a key tool for acquiring them without leaving a bank trace.

2.1. Gift Cards for Cryptocurrency Scheme​

The carder purchases gift cards (most often Amazon, Steam, or iTunes) using a stolen credit card. They then find a service that exchanges gift cards for cryptocurrency and enter the card details. After confirming the balance, the user receives Bitcoin, Ethereum, or other cryptocurrencies in their wallet.

Why this scheme is effective:

• Gift cards, like cryptocurrencies, are not linked to personal identity and do not require registration.
• Once a key is activated and used, it is untraceable, just like cryptocurrency transactions.
• Once received, cryptocurrency can be further "cleaned" in mixers or exchanged through P2P services.

However, this method also carries risks for the carder. Exchange services warn that many carders use the "send card first" tactic to obtain a gift card and then fail to transfer the cryptocurrency. There are also scams where carders, under the guise of a "low exchange rate," demand that you send cryptocurrency first and then fail to provide the gift card.

2.2. Steam Cards and Their Conversion​

Steam Gift Cards are particularly popular with carders due to the service's widespread use and its in-game economy, which allows for easy conversion of funds. Black Cards are goods purchased through carding using stolen credit cards. These cards are quickly resold before the cardholder discovers the problem.

Another practice is known as "balance skimming" (or "sketch-skimming" ): carders find regions with favorable cryptocurrency-to-local currency exchange rates, purchase gift cards through local services, and then cash them out through international exchanges.

Once a gift card code is redeemed, the funds are immediately transferred to the carder's Steam account. This transaction cannot be reversed. This mechanism easily combines with the irreversibility of cryptocurrency transactions: a carder can exchange a gift card code for cryptocurrency in minutes, instantly gaining access to the funds.

2.3. Amazon, iTunes, and other popular cards​

In addition to Steam, Amazon, iTunes, Google Play, and various other gift cards are widely used. They all operate on similar principles, but with varying conversion rates and risk levels.

In 2025, police recorded cases of victims being tricked into purchasing significant amounts of Apple gift cards and then handing over the codes to the carders to "process the refund." The victims believed they were participating in a refund process.

2.4. Refund and Gift Card Scams (Hybrid Scams)​

New scams combine several methods to exploit victims on different levels.

One of the most common schemes looks like this:

• The victim receives calls from carders posing as bank security officers.
• The victim is convinced that someone is trying to steal money from their account, and to save it, they must urgently purchase Google Play or Steam gift cards for a certain amount.
• After purchasing the cards, the victim dictates the codes from the back of the cards to the carders.
• Carders instantly activate the cards, and the victim is left without money and gift cards.

2.5. Conversion via P2P exchangers and reseller platforms​

Once the carder has received the gift card, they need to exchange it for real money. This is done through platforms that allow users to exchange gift cards for cryptocurrency. Cardtonic, a Nigerian fintech startup, offers such services.

These services not only allow for gift card conversion, but also direct sales, bill payments, issuance of virtual dollar cards, and even direct online shopping. However, intense competition in this segment has led to many gift card sellers falling victim to fraud, and entire online communities (for example, in Nigeria) have been forced to combat carders who refuse to pay after receiving gift card codes.

Part 3. Automation of purchase and resale​

3.1. Automated Shopping Bots​

Fraudsters and resellers actively use bots to purchase digital goods. These programs can:

• Keep track of new sales on platforms like Steam, Epic Games, and Humble Bundle.
• Automatically add selected items to your cart and complete the purchase using stolen data.
• Instantly convert received goods into cryptocurrency or resell them.

There are ready-made bots for automated trading on Steam, created specifically for large-scale item exchanges. They process thousands of transactions, manage inventory, and monitor market prices in real time, maximizing profits with minimal costs.

Professional bots have also been developed for exchanging in-game items (for example, TF2 Keys) for cryptocurrency. Some of these are distributed freely as a competitor to commercial programs, in an effort to popularize their use among large-scale traders.

3.2. Sale Bots (Low Price Groups)​

A special type of bot is designed to monitor limited editions and sales of digital products. These bots:

• Receive instant notifications about new promo codes and special offers.
• They automatically buy subscriptions, keys, and other products the moment they become available.
• The programs then resell the purchased goods on third-party platforms or exchange them for cryptocurrency.

This digital resale strategy allows carders to profit from temporary market imbalances, particularly in regional markets where prices for games or gift cards may be significantly lower due to currency fluctuations.

3.3. "Showcases" for automated sales (Sellix, Shoppy.gg)​

Fully automated platforms for the instant delivery of stolen digital goods and gift cards have emerged on the darknet and shadow forums.

A number of platforms offer automated digital sales services, which can be used to sell software licenses, game keys, and prepaid codes online. These systems are fully automated: after payment, the buyer immediately receives a code or download link.

Open-source systems for automated digital delivery are becoming increasingly popular. They solve a key problem for digital sellers: allowing them to manage and effectively monetize their digital inventory without the need for manual intervention.

3.4. Key resale marketplaces (G2A and similar)​

Legitimate digital goods (gaming) resale platforms consist of numerous independent sellers who set up stores on the platform and specialize in various services (Steam, Epic, PlayStation, Xbox). However, these platforms often sell products purchased with stolen cards.

Developer TinyBuild previously claimed that his company lost $450,000 selling stolen keys on G2A. This led to a dispute between Humble Bundle and G2A, which brought attention to the distribution of fraudulent keys.

Part 4. Risks of Account Blocking on Marketplaces​

Major platforms such as Steam, Epic Games, Humble Bundle, and app stores (App Store, Google Play) actively combat fraud, but their protections are limited.

4.1. Steam and the fight against chargebacks​

If a chargeback is detected, Steam not only returns the buyer's money but also imposes serious account restrictions:

• Your account may be limited in functionality, including the inability to make new purchases, participate in trades, or use the community marketplace.
• If a carder used a stolen card to fund a Steam Wallet, the amount may be debited and the account linked to the fraudulent transaction.
• In particularly serious cases, the account is blocked permanently.

When a carder purchases a game key from a third-party platform using a stolen card, the developer whose key was compromised is liable for any losses. However, if the carder's Steam account is blocked, they may lose all purchased games and valuable items.

4.2. Epic Games and their protection​

Epic Games has similar measures in place, but with a focus on protecting in-game purchases in games like Fortnite. Reports from Action Fraud (the UK's National Fraud Centre) indicate that carders often lure gamers with promises of free in-game currency or in-game upgrades to gain access to their accounts. Rather than waste time hacking sophisticated security measures, carders prefer to manipulate users into voluntarily disclosing sensitive data.

4.3. Humble Bundle and Machine Learning​

Humble Bundle uses Sift Science, a machine learning platform for fraud prevention. Trained on 55 million transactions, the system automatically identifies suspicious purchases. If a transaction is deemed risky, Humble may ask the buyer to verify their identity via SMS.

Humble Bundle has publicly acknowledged that it is an attractive target for carders looking to make a quick buck. The most common method is to purchase as many keys as possible using a stolen credit card. If suspicious activity is detected, the transaction is blocked, and the keys are withheld until verification.

4.4. Trading platforms (DMarket) and fraudulent bots​

In-game trading platforms are often targeted by scam bots. A popular tactic is for the bot to first make an offer, which is then immediately rejected, and a new offer is created from another account with modified terms. This convoluted method is used to trick the victim into accepting an unfavorable offer.

Conclusion: A difficult fight against a global challenge​

Digital product fraud has become a global problem for developers, merchants, and payment systems. Instant delivery and the lack of physical verification make this sector vulnerable.

Three key findings from this article:

1. Digital goods are the perfect tool for quick cash-out. Instant delivery and the ability to instantly convert gifts into cryptocurrency make them an attractive target for carders. A carder can purchase a gift card using a stolen card, exchange it for cryptocurrency, and gain access to the cash within minutes.
2. Automated bots and marketplaces are increasing the scale of fraud. Fraudsters use fully automated systems to purchase, resell, and deliver stolen digital goods, allowing them to operate on an industrial scale.
3. Protection is possible, but it requires a multi-layered approach. Platforms like Humble Bundle successfully use machine learning to block fraudulent transactions. However, combating friendly fraud remains challenging, as banks often side with the customer.

Quick one-line reminder:
Stolen card → instant gift card purchase → convert to cryptocurrency in 30 minutes. Digital goods are the perfect tool for a carder in 2026.