Credit card is a non-cash payment instrument used by banking customers in transactions. Credit card security is very important to consider when intending to use a credit card. Even though it is equipped with security technology, credit cardbased fraud crimes are usually carried out with trivial methods that often escape the awareness of credit card holders, one of which is Carding. The steps of criminals in knowing the victim's credit card number can be taken in various ways, cyber theft which is a crime committed to steal information, data, money or something that has value that can provide benefits to criminals. Regarding this, the author will analyze the decision Number 597/Pid.Sus/2018/PN Mlg. 11 of 2008 concerning Information and Electronic Transactions Jo. UU no. 19 of 2016 concerning Amendments to Law. No. 11 of 2008 but during the investigation until the decision was issued, it did not mention anything about the credit card data provider used by Ferry. Against this background, the researcher formulates problemsregarding payment arrangements using credit cards through social media forums and criminal responsibility for credit card data providers through social media forums. To answer the formulation of the problem, the researcher uses a normative research method. The research conducted in this thesis uses aspects of the Criminal Law where the researcher examines the articles that can be related to the type of carding crime. Not only that, the researcher also uses theories regarding legal protection and legal certainty to answer the problem formulation regarding the position and responsibility for the crime of Carding. To answer the formulation of the problem, the researcher uses a normative-empirical research method. Based on Decision Number 598/Pid.Sus/2018/PN Mlg as it is known that the criminal imposition is only aimed at Ferry as the perpetrator who committed the Carding Crime. However, the decision does not at all include the Credit Card Data Provider as a party participating in the carding crime. In fact, according to the results of the research that the researcher has done, the researcher found that credit card data providers in carrying out their actions, at least fulfill several types of criminal acts, including the crime of theft, criminal acts of fraud and crimes involving disclosure of secrets.