This work presents an overview of some of the tools that cybercriminals employ in order to trade securely. It will look at the weaknesses of these tools and how the behaviour of cybercriminals will sometimes lead them to use tools in a non--optimal manner, creating opportunities for law enforcement to identify and apprehend them. The criminal domain this article focuses on is carding, the online trade in stolen payment card details and the consequent criminal misuse of such data. However, these findings could be applied more broadly, as many of the analysed tools are used across (cyber)criminal domains. This paper is a continuation of earlier work (van Hardeveld, Webber & O'Hara, 2016), in which a crime script analysis of 25 carding tutorials presented the tools that cybercriminals use to cash--out stolen payment card details while remaining anonymous. We use these tutorials and an analysis of the literature to identify how they can be used incorrectly and create a typology of potential behavioural and technological pitfalls in these tools. Finally, we conclude that finding pitfalls in the usage of tools by cybercriminals has the potential to increase the efficiency of disruption, interception and prevention approaches. However, in future work, interviews with law enforcement experts and convicted cybercriminals or still active users should be used to analyse the operational security of cybercriminals in more depth.