Keep Factually independent
Whether you agree or disagree with our analysis, these conversations matter for democracy. We don't take money from political groups - even a $5 donation helps us keep it that way.
Fact check: What are the most common types of credit card information sold on carding websites?
Executive Summary
Carding marketplaces primarily trade two broad categories of payment data: magnetic-stripe (swipe) data used for in-person cloning and card-not-present (CNP) data used for online fraud, with past ground-truth analysis showing swipe data dominates inventories while recent leak events show large volumes of full PAN/CVV/expiry records circulating. Reporting and forensic work from 2020–2024 document the predominance of swipe-track data and large dumps of full card records, while 2024–2025 incident reporting highlights massive leaks and varied formats being distributed on illicit platforms [1] [2] [3].
1. Why researchers say swipe data rules the marketplace
A ground-truth study of an actual marketplace found magnetic-stripe track data comprised roughly 97% of listings, with card-not-present records forming a far smaller share, suggesting criminal buyers prioritized physical cloning and point-of-sale attacks in that sample. The study also reported buyer preferences for cards issued by certain banks, indicating criminals perceive variations in issuer anti-fraud controls and cash-out viability. That 2020 snapshot provides an empirical baseline: theft and skimming infrastructures then fed markets with swiped data at scale, shaping product mix and pricing in underground economies [1].
2. Recent mass dumps changed the visible supply picture
High-profile dumps in 2024 shifted public visibility: a carding shop released around one million stolen payment cards for free, including a mix of debit and credit brands and formats, amplifying the circulation of full PANs, CVVs, and expiry dates. This event made large volumes of traditional CNP-style records available for analysis and abuse, and forced defenders and payment networks to react at scale. The free release demonstrates how opportunistic leaks can temporarily flood markets with data types that differ from prior dominant inventories, complicating trend analysis [2].
3. Payment networks’ incident response exposed the types sold
Visa’s fraud team traced the impact of a cybercriminal ring to over half a million Visa accounts exposed with records containing card numbers, CVVs, and expiration dates; about half of the tainted accounts had been previously flagged, underscoring recurring reuse of compromised data across incidents. This forensic work shows marketplaces and dumps commonly include full-card details that are immediately useful for online purchases and sometimes for adding to digital wallets or cloning when paired with track data. Network responses highlight both the prevalence and operational risk of full-card datasets in circulation [3].
4. Later reporting shows leaks diversify data formats
Post-2024 reporting indicates criminal caches now include a wider variety of formats—mag-stripe tracks, full PAN/CVV/expiry dumps, and virtual payment codes or tokenized data from breaches—reflecting different theft vectors such as skimming, large-scale breaches, and fraud-as-a-service tactics. Nation-scale leaks and breaches reported in 2025 involve PII, encrypted card fields, and metadata, indicating that marketplaces and criminal forums can trade both raw monetary data and enriched identity data useful for social-engineering and account takeover. This diversification complicates detection and remediation for banks and consumers [4] [5].
5. Contradictions and gaps between studies and incident reports
The 2020 marketplace analysis emphasizes swipe dominance, whereas 2024–2025 incident reporting foregrounds large dumps of full card details. These differences reflect temporal shifts, sampling biases, and disclosure effects: an academic study of one marketplace captures a stable product mix at a point in time, while leak-driven reporting reveals episodic floods of different data types. There is no single “most common” answer across all times and platforms; both swipe track data and CNP/full-card records are significant depending on market segment and recent breach activity [1] [2] [3].
6. Practical implications for defenses and investigators
Because criminal markets sell both track data for cloning and PAN/CVV/expiry for online fraud, defenders must monitor multiple threat signals: skimmer detections, merchant breaches, and mass dumps on illicit forums. Network-level mitigation seen in Visa’s response focuses on rapid identification and blocking of tainted PANs, while breach disclosures and forensic analysis reveal the need to correlate PII leaks with payment data to anticipate account takeovers. The evidence across these analyses points to layered risk that requires both technical countermeasures and timely information sharing between banks, payment networks, and law enforcement [3] [2] [4].
Sources and evidence summarized above disclose the spectrum of carding marketplace inventories: academic marketplace study [6] documenting predominant magnetic-stripe data, and 2024–2025 incident reporting and leaks documenting large volumes of full PAN/CVV/expiry records and diversified data formats, with recurring reuse of previously-flagged accounts observed in forensic responses [1] [2] [3] [4].