460K+ Payment Cards Sold On Black Market Forum – Data Security Expert Comments

Researchers monitoring activity on underground markets found that more than 460,000 payment card records were offered for sale in two days on a popular forum where such data is being traded. The card info is split into four databases sold separately and offered in two rounds, on October 28 and November 27. Eight-five to 90% of the cards were valid and all came with the CVV (card verification value) numbers that are necessary for card not present transactions like online shopping.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jonathan Deveaux
Jonathan Deveaux , Head of Enterprise Data Protection
InfoSec Expert
December 12, 2019 2:08 pm

For about $1 per card, bad actors can buy stolen credit or debit card details to use for online purchases. The data includes valid expiration dates and card verification values (CVV codes), both of which are required for successful transactions through ecommerce sites.

This lot of 460,000 card details was most likely stolen or exfiltrated through an online attack because most point of sale devices and kiosks do not ask for, or collect, CVV codes and expiration dates.

Every organization that accepts payment cards for online purchases should be concerned about their ability to secure payment card details through their website. If they are not protecting payment card details at its earliest point of entry, then stolen data will continue to appear on the dark web for sale.

Organizations need to tokenize or encrypt data, or, need to refuse to collect the data. There are no other options to reduce the chances of data theft happening within their control.

Last edited 2 years ago by Jonathan Deveaux
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x