Stolen or hacked credit cards - how has Covid affected the black market?
Over the last four months quite a few of our clients have had their credit cards stolen or hacked. While there are some protections provided for your funds through your bank when your credit card is used fraudulently, it is a hassle to sort out.
You have to work out everywhere that the credit card was used, and contact that company or supplier and update your new credit card (not to mention not having a credit card for a period while the new one arrives). This is one reason that we recommend that clients pay for their insurances through a Direct Debit directly from their bank account, to make sure that there is continual cover if your credit card expires – or worse is stolen, lost or hacked.
I read an interesting article recently from Fortune about ‘How much a stolen credit card costs’, and thought it would be worth sharing. Because of lockdowns, the dark web price for ‘card not present’ transactions has increased, while ‘card present’ (ie physically going into a shop) transactions have fallen dramatically in price. Additionally the source of credit card data (from skimming in retail stores) has also been reduced.
There is a warning that credit card theft could get worse, so please be careful with your information and data.
Fortune DataSheet by Robert Hackett (1 July 2020)
Marketplaces, even cybercriminal ones, are subject to the laws of supply and demand.
Like more reputable merchants, purveyors of stolen goods have been hit by the coronavirus pandemic. As COVID-19 ravaged the world this year—forcing businesses to close and people to stay at home—demand for stolen credit card data has dropped on dark web shops.
With fewer opportunities to shop at brick-and-mortar stores, and thereby reap a return on investment, the market value of “card present” data has fallen. Such purloined information includes copied magnetic strip data that can be turned by crooks into fraudulent payment cards. The median price of stolen card-present data has more than halved in recent months, said Stas Alforov, head of R&D for Gemini Advisory, a New York-based cybersecurity firm.
Whereas in December, the median price per stolen credit card was around $12.50, according to Gemini’s data, in June, each was fetching $6.30. Such a steep price drop-off is atypical even outside the usual end-of-year holiday shopping season, when all sales—legitimate and fraudulent—tend to be highest, Alforov said.
Shady retailers have adapted to the downturn in demand by running discounts. “It’s just like if you walk into a Burlington Coat Factory or a Macy’s. Nobody is chasing down the racks that have full-price deals on them. Everyone is looking for the discount racks,” Alforov told Fortune on a call.
Meanwhile, as more consumers shift their spending online, stolen data related to web-based payments has gotten a boost. The market value of “card not present” data—information found on online checkout pages—has ticked up to $9 from around $8 at the end of last year, based on Gemini’s data.
As economies reopen and the effects of unemployment become clearer, the world may see a rebound in “carding” fraud. Indeed, as Brian Krebs, an independent cybersecurity journalist who reported on the trend on Tuesday, warned, we should expect recent cybercrime trends to take a turn, “likely for the worse.”
“Just as various individuals are happy to be back and dining at restaurants and going out to local bars, in the same way, criminals are very excited to get back to business as usual,” Alforov told me.
Here are some more links if you would like to know more:
Covid-19 ‘Breach Bubble’ waiting to pop?
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.
Coronavirus has hurt the credit card fraud business
"In March 2020, Russian law enforcement took down many prominent dark web credit card markets, which led to a significant reduction in the amount of cards available in the first half of 2020,” the report said. In March, the Russian FSB made numerous arrests and shut down 90 websites based in Russia that hosted stolen data — around half of which was of American credit cards.
The previous leading marketplace for stolen credit card data — Sixgill does not name the site — saw a dramatic reduction in illegally obtained cards for sale, a result of the crackdown. But as that marketplace’s activity fell from 14% market share to 1%, two new marketplaces emerged to take its place.