Written by Nicole Abramov
Carding markets – illicit e-commerce platforms that facilitate the trafficking of huge volumes of compromised payment card data - have been a staple of the ‘Digital Underground’ for many years. Carding markets have evolved over the years in various ways. A recent trend suggests another evolution that is worrisome for financial institutions, merchants, consumers, and other payments stakeholders.
Until recently, carding markets offering compromised card-not-present (‘CNP’) data usually provided the card account number and related fields, as well as limited information about the accountholder. Over the past few months, we have observed a worrying trend, wherein numerous carding markets feature large volumes of compromised payment cards with additional accountholder PII such as social security number, date of birth, mother’s maiden name, email account password, IP address, last paid amount, ATM PIN, and wireless account PIN.
It is worth mentioning that even in the past, certain carding markets occasionally offered ‘premium’ card inventory which included the cardholder’s SSN and/or DoB (such cards are often referred to as “fullz”). However, such data was relatively rare.
This increase in the availability of victims’ personally identifiable information (‘PII’), alongside compromised payment card data, is of great value to cybercriminals and fraudsters and is likely to result in a near-term escalation of fraudulent activities, both in magnitude and sophistication. Threat actors can – and already do - exploit the newly available PII in multiple ways (beyond traditional payment card fraud); for example, online banking account takeover, fraudulent new account applications, and 2FA bypass.
To protect against these threats, financial institutions, merchants, and other organizations can take proactive steps to identify compromised accounts early and set rules to action these accounts in ways that prevent unauthorized activity.
Download our full report to learn more about the evolution in carding markets, the origins of the data, the resulting attacks by cybercriminals and fraudsters, and what you can do to mitigate the risk.
Please submit your information below to request the full research report
About the AuthorNicole Abramov is a Threat Intelligence Analyst at Q6 Cyber. Prior to Q6, Nicole was a Cyber Threat Analyst in the Israel Defense Forces.