[defer]

Not exactly. Some people are in the business of gathering and selling valid credit cards.

They won't cash out on them or buy items. Instead, they'll collect cards from a source (skimming, hacking, whatever), validate them by adding them to a website that does an authorization (those $1 checks that never get committed). They can then sell them wholesale for a premium compared to non-verified cards.

[vidarh]

You'd think so, but I've personally had to find ways of blocking people who were buying premium services for an online service to validate cards.

[defer]

Oh, for sure. It's definitely not either/or. I've worked in fraud prevention software in the past and our clients would definitely see both.

I've been away from that world for a while but remember that more serious operations will separate the cashing out part (either money or goods) from their acquiring / validating operation because the former carries more risk.

There's also an interesting episode of the darknet diaries podcast (https://darknetdiaries.com/episode/85/) about card cloning which I found interesting.

[dxdm]

Doing tiny transactions to validate cards is a thing. I've seen this happen, it's a known problem, and that at other times it's larger transactions does not make it go away.