A Worrisome Evolution in Carding Markets

Nicole Abramov, Threat Intelligence Analyst, Q6 Cyber
A Worrisome Evolution in Carding Markets

Carding markets – illicit e-commerce platforms that facilitate the trafficking of huge volumes of compromised payment card data – have been a staple of the ‘Digital Underground’ for many years. Carding markets have evolved over the years in various ways. A recent trend suggests another evolution that is worrisome for financial institutions, merchants, consumers, and other payments stakeholders.

Until recently, carding markets offering compromised card-not-present (CNP) data usually provided the card account number and related fields, as well as limited information about the accountholder. Over the past few months, we have observed a worrying trend, wherein numerous carding markets feature large volumes of compromised payment cards with additional accountholder PII such as social security number, date of birth, mother’s maiden name, email account password, IP address, last paid amount, ATM PIN, and wireless account PIN.

It is worth mentioning that even in the past, certain carding markets occasionally offered ‘premium’ card inventory which included the cardholder’s SSN and/or DoB (such cards are often referred to as “fullz”). However, such data was relatively rare.

Figure – Underground carding market listing the “extra” information available with compromised card data

This increase in the availability of victims’ personally identifiable information (PII), alongside compromised payment card data, is of great value to cybercriminals and fraudsters and is likely to result in a near-term escalation of fraudulent activities, both in magnitude and sophistication. Threat actors can – and already do – exploit the newly available PII in multiple ways (beyond traditional payment card fraud); for example, online banking account takeover, fraudulent new account applications, and 2FA bypass.

To protect against these threats, financial institutions, merchants, and other organizations can take proactive steps to identify compromised accounts early and set rules to action these accounts in ways that prevent unauthorized activity.

Learn more about Carding Markets by visiting Q6 Cyber in the X-Sight Marketplace to learn more, access complimentary reports, and to contact them about their E-Crime Intelligence.

Webinar – Monitoring the Digital Underground

Reach out to the author, Nicole Abramov, at info@q6cyber.com.

Starter’s Guide to Mitigate Fraud Using Policy Manager

September 13th, 2023
Rob Wilson, Senior Business Analyst, NICE Actimize

Thwarting Money Mules in an Instant Payments Environment

September 1st, 2023
Rob Rendell, Global Head of Fraud Market Strategy & Fraud Prevention - Subject Matter Expert

PSR’s New Rules for Reimbursement will impact more PSPs

August 22nd, 2023
Ian Church, Principal Business Consultant, Enterprise Consultancy and Advisory Practice

Fraud Prevention Blog Series with Expert Sean O’Malley, IDC

August 21st, 2023
Sean O’Malley, Research Director, Compliance, Fraud and Risk Management, IDC
Speak to an Expert