The value of stolen card data that includes localization info

The hackers behind Target data breach are selling stolen card data including localization info. Why?

In numerous posts I have highlighted the possibility to acquire stolen card data on the black market, different website on the underground and within the Deep Web proposed the precious commodities at varying prices depending on several factors like, the validity of the card, card amount limits and available amount of money in the bank account.

The recent data breach occurred at the US retailer Target has rekindled the attention to the market of stolen data card, in particular it is emerged another interesting trend in the cybercrime ecosystem, the commercialization of the card information on the location of stores and point of sales where cards were used.

Why to provide the above data?

The financial security experts consider the information very precious for the arrangement of scams, the knowledge of the places where the cards were used allows the attackers to choose the points where use the cards to reduce the risk of detection for the ongoing scam.

Security expert Brian Krebs, who first reported the data breach suffered by Target retailer,  wrote a couple of interesting blog posts on the incident evidencing that cyber criminals behind the attack are being sold to the black market with information on the state, city and ZIP code of the Target store where they were used. The commercialization of stoled card data with localization information is a very clever tactic to increase the monetary value of the stolen commodities.

Location information included in the stolen card data allows buyers to use cloned versions of cards issued to people in their immediate vicinity.

“Later, I learned from a fraud expert that this feature is included because it allows customers of the shop to buy cards issued to cardholders that live nearby. This lets crooks who want to use the cards for in-store fraud avoid any knee-jerk fraud defenses in which a financial institution might block transactions that occur outside the legitimate cardholder’s immediate geographic region.” explained Brian Krebs.

According Krebs it is the first time that investigators have observed the sale of stolen card data with detailed localization information.

Card thieves are aware that local use of a card makes it more likely that the cyber criminals can use it for a long period before they are identified and blocked, stolen card data including information on their use makes such cards much more valuable to the cybercrime industry.

Nearly 40 Million credit and debit card accounts belonging to customers of American retailing company Target were stolen during the traditional holiday shopping season.

The news was provided by the company with a public statement, all the users who have shopped at Target’s stores during the Black Friday weekend are advised, at risk are all those customers who made purchases by swiping their cards at terminals in the stores of the Target company during the above period.

The stolen card data exposed during the data breach includes the cardholder’s name, the credit or debit card number, the card’s expiration date and the CVV security code used to activate the card in a store.

Of course the alert was shared within the major U.S. credit card issuing banks and credit unions, the JP Morgan Chase announced that it had put restrictions on the amount related to the accounts affected by the Target breach could spend or withdraw daily.

Fraud detection tools adopted by banks and financial institutions make complex analysis to track illegal activities especially after a data breach, one of monitored behavior is the use of the card data far from the space where it is used by legitimate card owner.

Location and frequency of expenses made with cards cloned from stolen card data are principal parameters controlled by investigators, it is now clearer why the value of the data is higher.

“Whoever is behind this breach appears to have a tremendous amount of not only technical, but also retail operations and payment industry knowledge. This could indicate someone who has previously worked in the retail payments industry.” said James Huguelet, an independent consultant who specializes in retail security.

The incident raises the urgency to improve fraud detection capabilities to deal with the new sophisticated threat able to avoid being spotted by classic fraud detection methods.

There is no time to lose!

Pierluigi Paganini

(Security Affairs –  cybercrime, stolen card data)


Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.