A recent report published by Israeli cybersecurity company Sixgill on Underground Financial Fraud reveals that millions of stolen credit cards are up for sale on the dark web.
“We recently examined underground markets on the dark web for stolen credit card information and found over 23 million stolen credit card and debit card numbers offered for sale in the first half of 2019,” the company said in a blog post. “Nearly two out of every three stolen cards, more than 15 million, were issued in the US. No other nation accounted for more than 10 percent of stolen card numbers. After the US, the largest source of stolen card data came from the UK.
“Threat actors are moving outside traditional website-based markets, turning to Instant Relay Chat and encrypted Telegram channels instead. One IRC channel hosts a bot that is able to quickly validate stolen cards. It was used more than 425,000 times in the first half of 2019.
“Compromised credit card information is sold on dark web markets for as little as $5, and comes in two classes. ‘CVV’ information is sold with the three-digit number on the back of the card, which tend to be used in schemes in which criminals order things online. ‘Dumps,’ which contain all of the information on the magnetic strip necessary to swipe, are used to replicate physical cards and make in-store purchases. Cards with CVV numbers were more popular, in part because the ability to fabricate new cards to be used in-person is far more difficult than using an ecommerce site.”