A Worrisome Evolution in Carding Markets

Nicole Abramov, Threat Intelligence Analyst, Q6 Cyber
A Worrisome Evolution in Carding Markets

Carding markets – illicit e-commerce platforms that facilitate the trafficking of huge volumes of compromised payment card data – have been a staple of the ‘Digital Underground’ for many years. Carding markets have evolved over the years in various ways. A recent trend suggests another evolution that is worrisome for financial institutions, merchants, consumers, and other payments stakeholders.

Until recently, carding markets offering compromised card-not-present (CNP) data usually provided the card account number and related fields, as well as limited information about the accountholder. Over the past few months, we have observed a worrying trend, wherein numerous carding markets feature large volumes of compromised payment cards with additional accountholder PII such as social security number, date of birth, mother’s maiden name, email account password, IP address, last paid amount, ATM PIN, and wireless account PIN.

It is worth mentioning that even in the past, certain carding markets occasionally offered ‘premium’ card inventory which included the cardholder’s SSN and/or DoB (such cards are often referred to as “fullz”). However, such data was relatively rare.

Figure – Underground carding market listing the “extra” information available with compromised card data

This increase in the availability of victims’ personally identifiable information (PII), alongside compromised payment card data, is of great value to cybercriminals and fraudsters and is likely to result in a near-term escalation of fraudulent activities, both in magnitude and sophistication. Threat actors can – and already do – exploit the newly available PII in multiple ways (beyond traditional payment card fraud); for example, online banking account takeover, fraudulent new account applications, and 2FA bypass.

To protect against these threats, financial institutions, merchants, and other organizations can take proactive steps to identify compromised accounts early and set rules to action these accounts in ways that prevent unauthorized activity.

Learn more about Carding Markets by visiting Q6 Cyber in the X-Sight Marketplace to learn more, access complimentary reports, and to contact them about their E-Crime Intelligence.

Webinar – Monitoring the Digital Underground

Reach out to the author, Nicole Abramov, at info@q6cyber.com.

Speak to an Expert


We use cookies to ensure that we give you the best experience on this website. If you continue without changing your settings, we’ll assume that you are happy to receive all on the NICE website. However, if you would like, you can change your cookie settings at any time. To find out more about how we use this information, see ourPrivacy Policy.