1. Using gift card as a "new body" for stolen credit card (this information is received from the source working for one of the major payment brands).
The stolen track data is encoded into the plastic decorated as a gift card (or even original gift card is re-encoded with stolen track data). Most gift cards do not have any customer identification information and physical protection features of credit cards, so there is no way for store attendant to authenticate the cardholder. At the same time, gift cards are processed automatically by most point of sale systems in a way similar to credit cards.
2. Using online affiliate programs to make purchases and earn commissions.
The stolen cards are used to purchase goods through online affiliate programs which are intended to sell various pills etc. The cashing out effect is achieved by carders working as affiliates and earning commissions on each such purchase made through their affiliate account.
At the core of the affiliate program is a partnership of convenience: The affiliate managers handle the boring backoffice stuff, including the customer service, product procurement (suppliers) and order fulfillment (shipping). The sole job of the “affiliates” — the commission-based freelance marketers who sign up to promote whatever is being sold by the affiliate program — is to drive traffic and sales to the program.
most of the fraudulent charges associated with these affiliate program Web sites are the result of rogue affiliates who are merely abusing the affiliate program to “cash out” credit card numbers stolen in data breaches or purchased from underground stores that sell stolen card data.