The value of stolen card data that includes localization info

The hackers behind Target data breach are selling stolen card data including localization info. Why?

In numerous posts I have highlighted the possibility to acquire stolen card data on the black market, different website on the underground and within the Deep Web proposed the precious commodities at varying prices depending on several factors like, the validity of the card, card amount limits and available amount of money in the bank account.

The recent data breach occurred at the US retailer Target has rekindled the attention to the market of stolen data card, in particular it is emerged another interesting trend in the cybercrime ecosystem, the commercialization of the card information on the location of stores and point of sales where cards were used.

Why to provide the above data?

The financial security experts consider the information very precious for the arrangement of scams, the knowledge of the places where the cards were used allows the attackers to choose the points where use the cards to reduce the risk of detection for the ongoing scam.

Security expert Brian Krebs, who first reported the data breach suffered by Target retailer,  wrote a couple of interesting blog posts on the incident evidencing that cyber criminals behind the attack are being sold to the black market with information on the state, city and ZIP code of the Target store where they were used. The commercialization of stoled card data with localization information is a very clever tactic to increase the monetary value of the stolen commodities.

Location information included in the stolen card data allows buyers to use cloned versions of cards issued to people in their immediate vicinity.

“Later, I learned from a fraud expert that this feature is included because it allows customers of the shop to buy cards issued to cardholders that live nearby. This lets crooks who want to use the cards for in-store fraud avoid any knee-jerk fraud defenses in which a financial institution might block transactions that occur outside the legitimate cardholder’s immediate geographic region.” explained Brian Krebs.

According Krebs it is the first time that investigators have observed the sale of stolen card data with detailed localization information.

Card thieves are aware that local use of a card makes it more likely that the cyber criminals can use it for a long period before they are identified and blocked, stolen card data including information on their use makes such cards much more valuable to the cybercrime industry.

Nearly 40 Million credit and debit card accounts belonging to customers of American retailing company Target were stolen during the traditional holiday shopping season.

The news was provided by the company with a public statement, all the users who have shopped at Target’s stores during the Black Friday weekend are advised, at risk are all those customers who made purchases by swiping their cards at terminals in the stores of the Target company during the above period.

The stolen card data exposed during the data breach includes the cardholder’s name, the credit or debit card number, the card’s expiration date and the CVV security code used to activate the card in a store.

Of course the alert was shared within the major U.S. credit card issuing banks and credit unions, the JP Morgan Chase announced that it had put restrictions on the amount related to the accounts affected by the Target breach could spend or withdraw daily.

Fraud detection tools adopted by banks and financial institutions make complex analysis to track illegal activities especially after a data breach, one of monitored behavior is the use of the card data far from the space where it is used by legitimate card owner.

Location and frequency of expenses made with cards cloned from stolen card data are principal parameters controlled by investigators, it is now clearer why the value of the data is higher.

“Whoever is behind this breach appears to have a tremendous amount of not only technical, but also retail operations and payment industry knowledge. This could indicate someone who has previously worked in the retail payments industry.” said James Huguelet, an independent consultant who specializes in retail security.

The incident raises the urgency to improve fraud detection capabilities to deal with the new sophisticated threat able to avoid being spotted by classic fraud detection methods.

There is no time to lose!

Pierluigi Paganini

(Security Affairs –  cybercrime, stolen card data)