orange arrow

A Worrisome Evolution in Carding Markets

intro image

Written by Nicole Abramov

Carding markets – illicit e-commerce platforms that facilitate the trafficking of huge volumes of compromised payment card data - have been a staple of the ‘Digital Underground’ for many years. Carding markets have evolved over the years in various ways. A recent trend suggests another evolution that is worrisome for financial institutions, merchants, consumers, and other payments stakeholders.

Until recently, carding markets offering compromised card-not-present (‘CNP’) data usually provided the card account number and related fields, as well as limited information about the accountholder. Over the past few months, we have observed a worrying trend, wherein numerous carding markets feature large volumes of compromised payment cards with additional accountholder PII such as social security number, date of birth, mother’s maiden name, email account password, IP address, last paid amount, ATM PIN, and wireless account PIN.

It is worth mentioning that even in the past, certain carding markets occasionally offered ‘premium’ card inventory which included the cardholder’s SSN and/or DoB (such cards are often referred to as “fullz”). However, such data was relatively rare.

Underground carding market listing the “extra” information available with compromised card data
Underground carding market listing the “extra” information available with compromised card data

This increase in the availability of victims’ personally identifiable information (‘PII’), alongside compromised payment card data, is of great value to cybercriminals and fraudsters and is likely to result in a near-term escalation of fraudulent activities, both in magnitude and sophistication. Threat actors can – and already do - exploit the newly available PII in multiple ways (beyond traditional payment card fraud); for example, online banking account takeover, fraudulent new account applications, and 2FA bypass.

To protect against these threats, financial institutions, merchants, and other organizations can take proactive steps to identify compromised accounts early and set rules to action these accounts in ways that prevent unauthorized activity.

Download our full report to learn more about the evolution in carding markets, the origins of the data, the resulting attacks by cybercriminals and fraudsters, and what you can do to mitigate the risk.


Please submit your information below to request the full research report

Discover how Q6 Cyber’s targeted and actionable intelligence can help prevent threats before they materialize into damaging breaches resulting in fraud losses by reviewing our current solution offerings .

About the Author

Nicole Abramov is a Threat Intelligence Analyst at Q6 Cyber. Prior to Q6, Nicole was a Cyber Threat Analyst in the Israel Defense Forces.